{"id":31712642,"url":"https://github.com/freifunk/icvpn-scripts","last_synced_at":"2025-10-09T01:05:21.691Z","repository":{"id":20238146,"uuid":"23510178","full_name":"freifunk/icvpn-scripts","owner":"freifunk","description":"Scripts for working with icvpn-meta","archived":false,"fork":false,"pushed_at":"2023-08-10T16:26:01.000Z","size":191,"stargazers_count":6,"open_issues_count":4,"forks_count":20,"subscribers_count":27,"default_branch":"master","last_synced_at":"2024-03-26T00:12:40.358Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"robbyrussell/oh-my-zsh","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/freifunk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-08-31T09:21:13.000Z","updated_at":"2021-10-22T22:21:49.000Z","dependencies_parsed_at":"2022-07-10T08:47:11.743Z","dependency_job_id":null,"html_url":"https://github.com/freifunk/icvpn-scripts","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/freifunk/icvpn-scripts","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunk%2Ficvpn-scripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunk%2Ficvpn-scripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunk%2Ficvpn-scripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunk%2Ficvpn-scripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/freifunk","download_url":"https://codeload.github.com/freifunk/icvpn-scripts/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/freifunk%2Ficvpn-scripts/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279000729,"owners_count":26082894,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-08T02:00:06.501Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-09T01:01:13.798Z","updated_at":"2025-10-09T01:05:21.678Z","avatar_url":"https://github.com/freifunk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"icvpn-scripts\n=============\n[![Build Status][Travis image]][Travis]\n\n[Travis image]: https://travis-ci.org/freifunk/icvpn-scripts.svg\n[Travis]: https://travis-ci.org/freifunk/icvpn-scripts\n\nThis is a collection of scripts for working with the [icvpn-meta repository].\nWhile the actual data about the communities' networks and stuff goes there,\nthese scripts use that data to do something with it.\n\n### Why is this a separate repository?\nWhile the [icvpn-meta repository] is intended to be updated automatically to\nreceive updated data, it is obviously not a good idea to automatically update\nthe scripts that are periodically executed on a server. To prevent people from\nshooting themselves in the foot by not reading a readme that says \"copy the\nscripts, don't use them directly!\", the scripts were split off into this\nrepository.\n\n\nRequirements\n------------\nAll of the scripts are currently written in Python and need the `python-yaml`\npackage.\n\nAll of the scripts need a checked out version of the [icvpn-meta repository],\nand expect it by default to be in the subdirectory `data` of the current\nworking directory. However, they all support the `-s` or `--source` switch to\nspecify another location.\n\n### Debian\nOn Debian `apt-get install python3-yaml python3-requests python3-prettytable\npython3-jinja2 python3-natsort` should install all dependencies.\n\n#### Debian Wheezy (oldstable)\nYou might run into problems because of a missing ipaddress and natsort module (shipped with python \u003e= 3.3), so install it via pip.\n```\napt-get install python3-yaml python3-pip\npip-3.2 install ipaddress natsort\n```\n\n\nFind Free Resources (`findfree`)\n--------------------------------\n`findfree` searches for free asn, transfer ip combinations and ip subnet allocations in the predefined\nnetwork segments.\n\n**Note** that it is crucial to have an up to date [icvpn-meta repository] to\nensure the utility outputs useful data.\n\nThe output of `findfree --help`\n```\nusage: findfree [-h] [-s DIRECTORY] [-p PREFIX] [-c COUNT]\n\nFind free resources in the Freifunk ICVPN Universe\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -s DIRECTORY, --source-dir DIRECTORY\n                        path to the local copy of the icvpn-metarepository\n                        (Default: ../icvpn-meta/)\n  -p PREFIX, --prefix-length PREFIX\n                        Required prefix length (Default: 20)\n  -c COUNT, --count COUNT\n                        The amount of options to show (Default: 5)\n\nMake sure your copy of icvpn-meta is up to date, to ensure this utility\nproduces useful results.\n```\n\n\nBGP (`mkbgp`)\n-------------\n`mkbgp` generates the configuration for a BGP server (currently bird and quagga\nare supported) that wants to participate in the IC-VPN. It requires an already\nworking Layer 2 connection (Tinc, see [the icvpn repository]) and sets up BGP\nsessions with other communities. This was the main reason for having the\n[icvpn-meta repository] at all, to speed up the integration of new peers.\n\n**Note** that other communities' BGP servers probably won't accept your\nconnection if they don't know you as a peer. It is therefore necessary to\ncreate a suitable community file in the [icvpn-meta repository], and even then,\nonly communities generating their BGP communities from that repository will\naccept your connection after the next update. Many communities manage their\nconfiguration by hand, so rejected connections are not unusual.\n\nThe output of `mkbgp --help`:\n```\nUsage: mkbgp [options]\n\nOptions:\n  -h, --help            show this help message and exit\n  -f FMT, --format=FMT  Create config in format FMT.\n                        Possible values: quagga, bird. Default: bird\n  -4                    Generate IPv4 config\n  -6                    Generate IPv6 config\n  -s DIR, --sourcedir=DIR\n                        Use files in DIR as input files.\n                        Default: ../icvpn-meta/\n  -x COMMUNITIES, --exclude=COMMUNITIES\n                        Exclude the comma-separated list of COMMUNITIES\n  -p PREFIX, --prefix=PREFIX\n                        Prefix, e.g. bgp_icvpn_\n  -P TIMEOUT, --passive-offline=TIMEOUT\n                        Add peers that take longer than TIMEOUT to\n                        respond at time of creation as passive peers\n                        Set to 0 do disable\n                        Default: 3 seconds\n  -d TEMPLATE, --default=TEMPLATE\n                        Default template/peer-group to use\n  -t COMMUNITY:TEMPLATE, --template=COMMUNITY:TEMPLATE\n                        Use different template/peer-group for some communities\n```\n\n\nROA (`mkroa`)\n-------------\n`mkroa` creates a Route Origin Authorization (ROA) table for a bgp server\n(currently only bird is supported). ROAs can be used in filters to link\nprefixes to ASNs. By that, announcements are validated with the data from\nthe [icvpn-meta repository], so that prefixes are only imported if announced\nby the correct community.\n\n**Note** that this script does only output one ROA statement per prefix and\nASN, so you have to surround the output yourself with the appropriate table\nstatement, e.g. like `roa table icvpn_roa { include \"roa.con?\" }`.\n\nThe ROA table can then be used in a filter\n```\nfilter icvpn_in {\n  if roa_check(icvpn_roa, net, bgp_path.last) = ROA_INVALID then {\n    print \"ROA check failed for \", net, \" ASN \", bgp_path.last;\n    reject;\n  }\n  accept;\n}\n```\nwhich then can be used e.g. in a template `import filter icvpn_in;`.\n\nThe output of `mkroa --help`:\n``` \nUsage: mkroa [options]\n\nOptions:\n  -h, --help            show this help message and exit\n  -f FMT, --format=FMT  Create config in format FMT.\n                        Possible values: bird.\n  -4                    Generate IPv4 config\n  -6                    Generate IPv6 config\n  -s DIR, --sourcedir=DIR\n                        Use files in DIR as input files.\n                        Default: ../icvpn-meta/\n  -x COMMUNITIES, --exclude=COMMUNITIES\n                        Exclude the comma-separated list of COMMUNITIES\n  -m DEFAULT_MAX_PREFIXLEN, --max=DEFAULT_MAX_PREFIXLEN\n                        max prefix length to accept\n```\n\n\nDNS (`mkdns`)\n-------------\n`mkdns` generates configuration for DNS servers (currently bind and dnsmasq are\nsupported) to enable it to resolve the custom top level domains and reverse\n`.arpa` zones of Freifunk communities by configuring the appropriate DNS\nservers as forwarders for these zones.\n\nThis of course requires a working connection to the DNS servers of the\ncommunities. While for some communities a global IPv6 connection might be\nenough to reach their servers, others do not use global IPv6 and you need a\nconnection to the IC-VPN itself to connect (either using IPv6 or IPv4).\n\nThe output of `mkdns --help`:\n```\nUsage: mkdns [options]\n\nOptions:\n  -h, --help            show this help message and exit\n  -f FMT, --format=FMT  Create config in format FMT.\n                        Possible values: bind-forward, dnsmasq, unbound, bind.\n                        Default: dnsmasq\n  -s DIR, --sourcedir=DIR\n                        Use files in DIR as input files. Default: ../icvpn-\n                        meta/\n  -x COMMUNITY, --exclude=COMMUNITY\n                        Exclude COMMUNITY (may be repeated)\n  --filter=FILTER       Only include certain servers.\n                        Possible choices: v6, v4\n```\n\n\nSmokeping (`mksmokeping`)\n-------------------------\n`mksmokeping` generates the configuration for a [Smokeping] instance to make it\nmonitor the BGP servers of all communities. This obviously requires a working\nLayer 2 IC-VPN connection (Tinc, see [icvpn repository]), or else none of them\nshould be reachable..\n\nThe output of `mksmokeping --help`:\n```\nUsage: mksmokeping [options]\n\nOptions:\n  -h, --help            show this help message and exit\n  -f FMT, --format=FMT  Create config in format FMT.\n                        Possible values: SmokePing. Default: SmokePing\n  -s DIR, --sourcedir=DIR\n                        Use files in DIR as input files.\n                        Default: ../icvpn-meta/\n  -x COMMUNITIES, --exclude=COMMUNITIES\n                        Exclude the comma-separated list of COMMUNITIES\n\n```\n\n[Smokeping]: http://oss.oetiker.ch/smokeping/\n\n\nWiki ('mkwikitable')\n--------------------\n`mkwikitable` generates ...\n\nThe output of `mkwikitable --help`:\n```\nusage: mkwikitable [-h] [--meta-dir DIR]\n\nGenerate a mediawiki table about all ipv4/ipv6-networks. Uses 'api_data.dump'\ngenerated by apireader.py, if available.\n\noptional arguments:\n  -h, --help      show this help message and exit\n  --meta-dir DIR  Path to local icvpn-meta clone. Default: ../icvpn-meta/\n```\n\n\nIntegrity checking (`check`)\n----------------------------\nThis script checks the integrity [icvpn-meta repository]'s checkout and is used\nas [its Travis CI hook](https://travis-ci.org/freifunk/icvpn-meta/). You can\nuse it to test your own submission to that repository beforehand, but it isn't\nof much use otherwise.\n\nNote that `check` requires Python **3.3**, for it provides an excellent\n[IPv4/IPv6 manipulation\nlibrary](https://docs.python.org/3.3/library/ipaddress.html)\n\n\nVisualisation (`netblocks`)\n---------------------------\nThis script generates json-files compartible to dn42-netblock-visu to visualise\nthe adressspace utilisation.\n\nThe output of `netblocks --help`\n```\nUsage: netblocks [options]\n\nOptions:\n  -h, --help            show this help message and exit\n  -s DIR, --sourcedir=DIR\n                        Use files in DIR as input files. Default: ../icvpn-\n                        meta/\n  -d DIR, --destdir=DIR\n                        Use DIR as destination for the generated files.\n                        Default: ./netblocks-data\n```\n\n\nContributing\n------------\nYou have an idea how to use the data in the [icvpn-meta repository]\nprogrammatically, don't hesitate to contribute a new script. If it generates a\nconfiguration of some kind, you might want to have a look at the `formatter`\nmodule, which offers the `Formatter` base class that could ease the process of\nconfig generation.\n\nOf course, we are also happy to support more programs in the already existing\nscripts!\n\n[icvpn repository]: https://github.com/freifunk/icvpn\n[icvpn-meta repository]: https://github.com/freifunk/icvpn-meta\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffreifunk%2Ficvpn-scripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffreifunk%2Ficvpn-scripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffreifunk%2Ficvpn-scripts/lists"}