dn42/wiki
1
Fork 0
mirror of https://git.dn42.dev/wiki/wiki.git synced 2025-01-24 17:47:29 +01:00
Code Releases Activity

Merge branch 'master' of git.dn42.us:dn42/wiki

Browse Source 
Conflicts:
	_Sidebar.md
	howto/Edgeos-Config-Example-number-2.md
This commit is contained in:
xuu at sour-is 2017-02-07 16:19:14 +00:00
commit 95a83fcc74
18 changed files with 245 additions and 180 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Hierarchical-DNS.md
View File

@ -32,7 +32,7 @@ For all of these servers they have a specific IP assigned, only respond to their
**{{name}}.in-addr-servers.arpa** - This server is authoritative for "arpa", "in-addr", and each of the 172 zones for dn42 ip space. For non dn42 ip space NS records to the respective darknet would need to be registered.
**{{name}}.dn42-servers.arpa** - This server is authoritative for RFC 2317 delegations. For any inetnum object smaller than /24 and whos parent has no nameserver records, a C class parent zone is created (all its subnetworks are delegated to appropriate namservers with CNAME)
**{{name}}.dn42-servers.arpa** - This server is authoritative for RFC 2317 delegations. For any inetnum object smaller than /24 and whos parent has no nameserver records, a C class parent zone is created (all its subnetworks are delegated to appropriate nameservers with CNAME)
Real-time server monitor is available at http://nixnodes.net/dn42/dnsview or http://nixnodes.dn42/dn42/dnsview/

2
_Sidebar.md
View File

@ -14,7 +14,7 @@
* [[Email|email]]
* [[GRE on FreeBSD|gre-on-freebsd]]
* [[Mikrotik RouterOS|mikrotik]]
* [[Edgeos Config|Edgeos Config Example number 2]]
* [[EdgeOS Config]]
* [[Services|/pages/services/]]
* [[IRC]]

14
howto/Bird-communities.md
View File

@ -12,9 +12,15 @@ To properly assign the right community to your peer, please reference the table
## BGP community criteria
```
(64511, 1) :: latency \in [0, 2.7ms]
(64511, 2) :: latency \in [2.7ms, 7.3ms]
(64511, 3) :: latency \in [7.3ms, 20ms]
(64511, 1) :: latency \in (0, 2.7ms]
(64511, 2) :: latency \in (2.7ms, 7.3ms]
(64511, 3) :: latency \in (7.3ms, 20ms]
(64511, 4) :: latency \in (20ms, 55ms]
(64511, 5) :: latency \in (55ms, 148ms]
(64511, 6) :: latency \in (148ms, 403ms]
(64511, 7) :: latency \in (403ms, 1097ms]
(64511, 8) :: latency \in (1097ms, 2981ms]
(64511, 9) :: latency > 2981ms
(64511, x) :: latency \in [exp(x-1), exp(x)] ms (for x < 10)
(64511, 21) :: bw >= 0.1mbit
@ -36,7 +42,7 @@ Propagation:
```
For example, if your peer is 12ms away and the link speed between you is 250Mbit/s and you are peering using OpenVPN P2P, then the community string would be (3, 24, 33).
You might want to use this [script](https://github.com/Mic92/bird-dn42/blob/master/bgp-community.rb) to measure round trip time and calculate community values automatically:
Two utilites which measure round trip time and calculate community values automatically are provided, written in [ruby](https://github.com/Mic92/bird-dn42/blob/master/bgp-community.rb) and [C](https://github.com/nixnodes/bird/blob/master/misc/dn42-comgen.c).
```
$ ruby bgp-community.rb --help

143
howto/Bird.md
View File

@ -3,7 +3,10 @@ Compared to quagga, bird supports multiple routing tables, which is useful, if y
want to learn the practical details behind routing protocols in bird, see the following [guide](https://github.com/knorrie/network-examples)
# Debian
The version in the Debian repositories might be quite old, therefore it makes sense to install a newer one directly from bird:
In the Debian release cycle the bird packages may become outdated at times, if that is the case you should use the official bird package repository maintained by the developers of nic.cz.
This is not necessary for Debian Stretch, which currently ships the most recent version (1.6.3) in this repositories.
```sh
wget -O - http://bird.network.cz/debian/apt.key | apt-key add -
apt-get install lsb-release
@ -11,7 +14,6 @@ echo "deb http://bird.network.cz/debian/ $(lsb_release -sc) main" > /etc/apt/sou
apt-get update
apt-get install bird
```
In case you are running Debian Jessie and this is not working for you, try replacing jessie with wheezy in the /etc/apt/sources.list.d/bird.list.
# Example configuration
@ -106,91 +108,12 @@ define OWNIP = <GATEWAY_IP>;
function is_self_net() {
return net ~ [<SUBNET>+];
}
```
Generate the filter list from the monotone repository
```
$ cd net.dn42.registry
$ ruby utils/bgp-filter.rb --format bird < data/filter6.txt > /etc/bird/filter6.conf
or
$ curl -s https://ca.dn42.us/reg/filter6.txt | \
awk '/^[0-9]/ && $2 ~ /permit/ {printf "%s{%s,%s}\n", $3, $4, $5}' | \
awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n"} \
NR > 1 {printf ",\n"} {printf " %s", $1}
END {printf "\n ];\n}\n"}' > /etc/bird/filter6.conf
```
example filter list:
```
function is_valid_network() {
return net ~ [
fc00::/8{48,64}, # ULA (undefined)
fd00::/8{48,64}, # ULA (defined)
2001:67c:20c1::/48{48,48}, # E-UTP IPv6
2001:bf7::/32{32,128}, # Freifunk (Foerderverein Freie Netzwerke) IPv6 Range
2001:67c:20a1::/48{48,48}, # CCC Event Network
2001:0470:006c:01d5::/64{64,64}, # Registered IANA
2001:0470:006d:0655::/64{64,64},
2001:0470:1f09:172d::/64{64,64},
2001:0470:1f0b:0592::/64{64,64},
2001:0470:1f0b:0bca::/64{64,64},
2001:0470:1f0b:1af5::/64{64,64},
2001:0470:1f10:0275::/64{64,64},
2001:0470:1f12:0004::/64{64,64},
2001:0470:5084::/48{48,64},
2001:0470:51c6::/48{48,64},
2001:0470:73d3::/48{48,64},
2001:0470:7972::/48{48,64},
2001:0470:9949::/48{48,64},
2001:0470:99fc::/48{48,64},
2001:0470:9af8::/48{48,64},
2001:0470:9ce6::/55{55,64},
2001:0470:9f43::/48{48,64},
2001:0470:caab::/48{48,64},
2001:0470:cd99::/48{48,64},
2001:0470:d4df::/48{48,64},
2001:0470:d889:0010::/64{64,64},
2001:0470:e3f0:000a::/64{64,64},
2001:067c:21ec::/48{48,64},
2001:06f8:1019:0000::/64{64,64},
2001:06f8:118b::/48{48,64},
2001:06f8:1194::/48{48,64},
2001:06f8:121a::/48{48,64},
2001:06f8:1c1b::/48{48,64},
2001:06f8:1d14::/48{48,64},
2001:06f8:1d26::/48{48,64},
2001:06f8:1d53::/48{48,64},
2001:07f0:3003::/48{48,64},
2001:08d8:0081:05c8::/63{63,64},
2001:08d8:0081:05ca::/64{64,64},
2001:15c0:1000:0100::/64{64,64},
2001:1b60:1000:0001::/64{64,64},
2001:41d0:0001:b6bb::/64{64,64},
2001:41d0:0001:cd42::/64{64,64},
2001:4dd0:fcff::/48{48,64},
2001:4dd0:fdd3::/48{48,64},
2001:4dd0:ff00:8710::/64{64,64},
2604:8800:0179:4200::/56{56,64},
2801:0000:80:8000::/50{50,64},
2a00:1328:e101:0200::/56{56,64},
2a00:1828:2000:0289::/64{64,64},
2a00:1828:a013:d242::/64{64,64},
2a00:5540:0387::/48{48,64},
2a01:0198:022c::/48{48,64},
2a01:0198:035a:fd13::/64{64,64},
2a01:0198:0485::/48{48,64},
2a01:04f8:0121:4fff::/64{64,64},
2a01:04f8:0140:1ffd::/64{64,64},
2a01:04f8:0d13:17c0::/64{64,64},
2a02:0a00:e010:3c00::/56{56,64},
2a02:0ee0:0002:0051::/64{64,64},
2a03:2260::/30{30,64}
];
}
'fd00::/8' # ULA address space as per RFC 4193
]
}
```
```
@ -295,52 +218,18 @@ define OWNIP = <GATEWAY_IP>;
function is_self_net() {
return net ~ [<SUBNET>+];
}
```
Generate the filter list from the monotone repository
```
$ cd net.dn42.registry
$ ruby utils/bgp-filter.rb --format bird < data/filter.txt > /var/lib/bird/filter4.conf
or
$ curl -s https://ca.dn42.us/reg/filter.txt | \
awk '/^[0-9]/ && $2 ~ /permit/ {printf "%s{%s,%s}\n", $3, $4, $5}' | \
awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n"} \
NR > 1 {printf ",\n"} {printf " %s", $1}
END {printf "\n ];\n}\n"}' > /var/lib/bird/filter4.conf
```
example filter list:
```
function is_valid_network() {
return net ~ [
172.20.0.0/14{21,29}, # dn42 main net
172.20.0.0/24{28,32}, # dn42 Anycast range
172.21.0.0/24{28,32}, # dn42 Anycast range
172.22.0.0/24{28,32}, # dn42 Anycast range
172.23.0.0/24{28,32}, # dn42 Anycast range
192.175.48.0/24{24,32}, # AS112-prefix for reverse-dns
10.0.0.0/8{12,28}, # freifunk/chaosvpn
172.31.0.0/16{22,28}, # chaosvpn
100.64.0.0/10{12,28}, # iana private range
195.160.168.0/23{23,28}, # ctdo
91.204.4.0/22{22,28}, # free.de via ctdo
193.43.220.0/23{23,28}, # durchdieluft via ctdo
83.133.178.0/23{23,28}, # muccc kapsel
87.106.29.254/32{32,32}, # wintix (please don' announce /32)
85.25.246.16/28{28,32}, # leon
46.4.248.192/27{27,32}, # welterde
94.45.224.0/19{19,28}, # ccc event network
151.217.0.0/16{16,28}, # ccc event network 2
195.191.196.0/23{23,29}, # ichdasich pi space
80.244.241.224/27{27,32}, # jchome service network
188.40.34.241/32{32,32},
37.1.89.192/26{26,28}, # siska
87.98.246.19/32{32,32}
];
172.20.0.0/14{21,29}, # dn42
172.20.0.0/24{28,32}, # dn42 Anycast
172.21.0.0/24{28,32}, # dn42 Anycast
172.22.0.0/24{28,32}, # dn42 Anycast
172.23.0.0/24{28,32}, # dn42 Anycast
172.31.0.0/16+, # ChaosVPN
10.100.0.0/14+, # ChaosVPN
10.0.0.0/8{15,22} # Freifunk.net
]
}
```

156
howto/EdgeOS-Config.md Normal file
View File

@ -0,0 +1,156 @@
#EdgeRouter config example
After a lot of searching and trying I [Phil/ALS7] finnaly got a working config
I used for this example V1.9.0 on an ErPro-8
Also thanx to drathir for his patience and support
##Features
* IPv4/IPv6 Tunnel via OpenVPN
* dn42 DNS
##How-To
--> still work in Progress
* Basic EdgeOS knowledge is required
* If you are using LoadBalancing make shure 172.20.0.0/14 is under 'PRIVATE NETS'
1) you need to create all required fields in the registry --> look at [[Getting started]]
2) get a peer --> ask nice @ [[IRC]]
3) You need following data from the peer
--tunnel options, secret key --ASN from the peer --ip's
...
The data i used are the following:
Own ASN: AS111111
Own IPv4 Space: 172.AA.AA.64/27
Own IPv6 Space: fdBB:BBBB:CCCC::/48
Own IPv4 If-Address: 172.AA.AA.65
Own IPv6 If-Address: fdBB:BBBB:CCCC::1
Peer OpenVPN Remote Address: 172.X.X.X //that's the peers OpenVPN IF IP
Peer OpenVPN Remote Host: X.X.X.Y //that's the peers clearnet IP
Peer OpenVPN IP for you: fdAA::BBB/64
Peer OpenVPN IP: fdAA::CC
Peer OpenVPN Port: 1194
Peer OpenVPN encryption: aes256
Peer ASN: AS222222
Peer BGP Neighbour IPv4: Z.Z.Z.Z
Peer BGP Neighbour IPv6: fdAA::CC
###Copy OpenVPN key to the ErPro
copy vpn key to /config/auth/giveITaName
sudo su
cd /config/auth
cat > giveITaName
now paste the key in the terminal window, hit return once and kill cat with CTRL+C
last thing to do is type exit
###Create IPv4 OpenVPN Interface
Set up Interface vtunX -- i used vtun0
configure
set interfaces openvpn vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address 172.AA.AA.65
set interfaces openvpn vtun0 remote-address 172.X.X.X
set interfaces openvpn vtun0 remote-host X.X.X.Y
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName
set interfaces openvpn vtun0 encryption aes256
set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression
commit
save
exit
Now the ipv4 tunnel should be up&running
Check it with:
show interfaces openvpn
show interfaces openvpn detail
show openvpn status site-to-site
###Create IPv4 BGP Session
####Open Firewall
* You need to open the firewall to local for the tunnel Interface on port 179/tcp
####Configure the BGP Neighbor
* You must not use AS before the as numbers !!
With this step you create the basic bgp session
configure
set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222
set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound
set protocols bgp 111111 neighbor Z.Z.Z.Z update-source 172.AA.AA.65
commit
save
When commit this configuration you should be able to see a BGP neighbor session start and come up.
You can check this with:
show ip bgp summary
####Set route to blackhole
so bgp can announce the route
set protocols static route 172.AA.AA.64/27 blackhole
commit
save
####Announce prefix to BGP
set protocols bgp 111111 network 172.A.A.64/27
commit
save
exit
You should now be able to see networks being advertised via
show ip bgp neighbors Z.Z.Z.Z advertised-routes
###Define Nameservers
Now ping to 172.23.0.53 ... thats the nameserver we are using
If everything is allright it should work
####NS & NAT Config
Enter the configure mode
configure
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
set service dns forwarding options rebind-domain-ok=/dn42/
set service dns forwarding options server=/23.172.in-addr.arpa/172.23.0.53
set service dns forwarding options server=/22.172.in-addr.arpa/172.23.0.53
set service dns forwarding options server=/dn42/172.23.0.53
set service nat rule 5013 outbound-interface vtun0
set service nat rule 5013 type masquerade
set service nat rule 5013 description "masquerade for dn42"
commit
save
exit
Now try to access any .dn42 tld

2
howto/IPsec-with-PublicKeys.md
View File

@ -31,7 +31,7 @@ Keep in mind that certificates are just public keys wrapped with some extra meta
### Conversion tool
Different implementations use different formats to represent public keys, and it's necessary to be able to convert between them. Here is a script for that purpose:
https://dn42.us/git/user/ryan/pubkey-converter/plain/pubkey-converter.pl
https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl
### How-To examples
| Implementation | Key format |

2
howto/IPsecWithPublicKeys/CiscoIOSExample.md
View File

@ -39,7 +39,7 @@ _Note: You may already have completed this step, since it's required to enable S
2. Convert your peer's public key to the hexadecimal DER format using the [pubkey-converter][pubkey-converter] script, if necessary.
[pubkey-converter]: https://dn42.us/git/user/ryan/pubkey-converter.git/plain/pubkey-converter.pl "Public key conversion script"
[pubkey-converter]: https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl "Public key conversion script"
## Configuration
### Configure the phase 1 IKE parameters

2
howto/IPsecWithPublicKeys/strongSwan5Example.md
View File

@ -30,7 +30,7 @@ For IPsec with Public Keys you'll need the package _strongswan-plugin-pubkey_ in
2. Convert your peer's public key to the PEM format using the [pubkey-converter][pubkey-converter] script, if necessary.
[pubkey-converter]: https://dn42.us/git/user/ryan/pubkey-converter.git/plain/pubkey-converter.pl "Public key conversion script"
[pubkey-converter]: https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl "Public key conversion script"
## Configuration
### Configure the phase 1 IKE parameters

5
howto/openvpn.md
View File

@ -26,7 +26,7 @@ comp-lzo
persist-key
persist-tun
cipher aes-256-cbc
ifconfig-ipv6 <LOCAL_GATEWAY_IPV6> <LOCAL_GATEWAY_IPV6>
ifconfig-ipv6 <LOCAL_GATEWAY_IPV6> <REMOTE_GATEWAY_IPV6>
ifconfig <LOCAL_GATEWAY_IP> <REMOTE_GATEWAY_IP>
secret /etc/openvpn/<PEER_NAME>.key
@ -60,7 +60,7 @@ cipher aes-256-cbc
resolv-retry infinite
float
port <LOCAL_PORT>
ifconfig-ipv6 <LOCAL_GATEWAY_IPV6> <LOCAL_GATEWAY_IPV6>
ifconfig-ipv6 <LOCAL_GATEWAY_IPV6> <REMOTE_GATEWAY_IPV6>
ifconfig <LOCAL_GATEWAY_IP> <REMOTE_GATEWAY_IP>
secret /etc/openvpn/<PEER_NAME>.key
```
@ -73,7 +73,6 @@ secret /etc/openvpn/<PEER_NAME>.key
* `<REMOTE_PORT>` is openvpn port, where your peer listen for traffic
```
daemon
proto <PROTO>
mode p2p
remote <REMOTE_HOST>

39
internal/Internal-Services.md
View File

@ -68,12 +68,11 @@ You can also use http://whatismyip.dn42 from inside dn42 to get your IPv4 and IP
|:------------------------------------------------- |:-------------------------------------------------------- |
| http://mhm.dn42/search | Hosted by toBee |
| http://yacy.dn42 | YaCy search engine. Indexing local nets|
| http://yacy.marlinc.dn42:8090/ | Marlinc's YaCy node. |
| https://surf.dn42/ | siska's YaCy node. |
| http://yacy.marlinc.dn42:8090/ (OFFLINE 2016-11-26) | Marlinc's YaCy node. |
| https://surf.dn42/ (OFFLINE 2016-11-26) | siska's YaCy node. |
| http://yacy.hexa.dn42/ | hexa-'s YaCy node. |
| |[YaCy Network Configuration](http://yacy.dn42/yacy.network.dn42.unit)|
| http://search.dn42 (172.23.184.1) | a few chosen HTTP domains are crawled (taken from the wiki). The previous method, "crawl everything available from the wiki", generated too much data because of FTPs. |
| https://surf.dn42 | YaCy node |
| http://search.dn42 (172.23.184.1) (BROKEN 2016-11-26) | a few chosen HTTP domains are crawled (taken from the wiki). The previous method, "crawl everything available from the wiki", generated too much data because of FTPs. |
## Images and Media
@ -90,12 +89,6 @@ You can also use http://whatismyip.dn42 from inside dn42 to get your IPv4 and IP
| http://sprawl.smrsh.dn42:8000/ | [smrsh radio](http://smrsh.net/radio) |
| http://stream.media.dn42/ | icecast-relay, contact toBee for more streams |
## Voice and video calls
| Hostname / IP | Remarks |
|:------------------------------------------------- |:-------------------------------------------------------- |
| http://zaledia.dn42/ | Zaledia VOIP service. Contact ranma on IRC OR julien@zaledia.dn42 or julien.owls@gmail.com to get your account.
## File sharing
### Tahoe LAFS
@ -122,7 +115,12 @@ https://rest.dn42/
```
### Direct Connect
An [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Connect) Hub is being run at `hub.dcpp.dn42:2780`. Choose a [client](https://en.wikipedia.org/wiki/Comparison_of_ADC_software#Client_software) and connect to exchange files.
Some [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Connect) Hubs are being run at `hub.dcpp.dn42:2780`. Choose a [client](https://en.wikipedia.org/wiki/Comparison_of_ADC_software#Client_software) and connect to exchange files.
| Address |
|:-----------------------|
| hub.dcpp.dn42:2780 |
| dcpp.grmml.dn42:4111 |
### FTP / HTTP
@ -130,14 +128,15 @@ An [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Conne
| Hostname / IP | Space | Speed | Remarks |
|:----------------------------------------------------------- |:----- |:----------- |:---------------------------------------------- |
| http://172.22.92.2 | | ~60kbps | mostly up |
| http://172.22.92.2 | | ~60kbps | mostly up |
| http://seafile.dn42 | | | Opensource Dropbox, yay! |
| http://files.feuerrot.dn42 | 6TB | 1Gbit | http, ftp, nfs, rsync |
| sftp://anonsftp:Iich0zieC3retaid@files.crest.dn42:2212/ | 12TB | 1Gb/s | incoming writable |
| http://files.martin89.dn42/ | | max 2Mbit/s | download only |
| http://filer.mhm.dn42 | 4TB | 1GBit | 24/7/365 | |
| http://storage.hq.c3d2.de:8080/rpool | | 2.4Mbit/s | download only webdav:k-ot|
| http://filer.mhm.dn42 | 4TB | 1GBit | 24/7/365 |
| http://storage.hq.c3d2.de:8080/rpool | | 2.4Mbit/s | download only webdav:k-ot |
| ftp://nas.jan.dn42/ | 6TB | 10 Mbit/s | anonymous read/write |
| http://storage.hb.jplitza.de | 6TB | 10 Mbit/s | http, rsync, download only |
### Torrent Tracker
@ -199,16 +198,16 @@ Also check [Repository Mirrors](/services/Repository-Mirrors)
| ------------------------------------------------- | ------------------------------------------------------------------------------ |
| http://teams.dn42[.us]/dn42 | Mattermost (Slack clone) instance: get notifications for wiki/CA changes here |
| http://nowhere.ws/dn42 | Some random stuff concerning dn42, packages for Debian, e.g. Quagga |
|https://bin.dn42 | AES-encrypted pastebin-like service ([zerobin](https://github.com/sebsauvage/ZeroBin)) |
| http://pastebin.trunet.dn42 | AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) |
| https://paste.weiti.dn42 | AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) |
| ~~https://paste.synhacx.dn42~~(OFFLINE 2016-08-24)| AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) |
| ~~http://zerobin.e-utp.dn42~~(OFFLINE 2016-08-24) | AES-encrypted pastebin-like, second one ([zerobin](https://github.com/sebsauvage/ZeroBin)) |
| ~~https://flo.dn42/paste/~~(OFFLINE 2016-08-24) | AES-256-encrypted pastebin-like, with HTTPS ([zerobin]) |
| ~~https://szf.dn42/paste/~~(OFFLINE 2016-08-24) | AES-encrypted pastebin-like, another one |
| https://paste.weiti.dn42 | AES-encrypted pastebin-like ([privatebin]|
(https://github.com/sebsauvage/ZeroBin)) |
| ~~http://zerobin.e-utp.dn42 | AES-encrypted pastebin-like, second one ([zerobin](https://github.com/sebsauvage/ZeroBin)) | ]
| ~~https://szf.dn42/paste/~~(TLSNOTHAPPY 2016-11-26) | AES-encrypted pastebin-like, another one |
| https://pad.dn42 | [Etherpad](http://etherpad.org) service for collaborative work |
| http://ip.synhacx.dn42 | Basic "whatismyip" service ([description](http://synhacx.dn42/showmyip)) |
| http://nixnodes.dn42/ip | Simple 'myip' service |
| https://szf.dn42/ip (text) https://szf.dn42/ifconfig (html) | Another simple 'myip' service |
| https://weiti.dn42/cgi-bin/my-ip | Another 'myip' service |
| https://git.dn42[.us] | Git Repository Hosting (Signup: email ssh pubkey to xuu@dn42.us) |
| https://git.dn42[.us]/pubkeys/[username] | Get ssh public keys from Git Users of git.dn42. |
| http://ngit.dn42 | |

3
internal/services/Tor.md
View File

@ -6,7 +6,8 @@ Tor bridges allow for the Tor client to connect to a specific IP address and val
| Name | Bandwidth | Contact | Protocol | Fingerprint | Info |
|-----------------------|-----------|------------------|----------|------------------------------------------|------------------------------------|
| photon.flat.dn42:8443 | 500kB/s | irl@flat.dn42 | obfs4 | 79B30C78C9DA0F812589D336B399307435DC452A | Limited to 100GB transfer per week |
| photon.flat.dn42:8443 | 500kB/s | irl@flat.dn42 | obfs4 | 83B02FB88253A7FD313B7912B12B05AF2A42D3B9 | Limited to 100GB transfer per week |
| gouda.flat.dn42:8443 | 500kB/s | irl@flat.dn42 | obfs4 | DF8CA08A9BED62B319D1E52610510959374444A2 | |
# Anycast Tor

14
services/Certificate-Authority.md
View File

@ -121,7 +121,19 @@ Install `ca-certificates-dn42` from [AUR](https://aur.archlinux.org/packages/ca-
### Debian/Ubuntu
There is no packet at the moment, but you can install it manually:
#### Unofficial Debian Package
```bash
wget https://ca.dn42.us/ca-dn42_20161122.0_all.deb
# If you're on a dn42-only network:
# wget --no-check-certificate https://ca.dn42/ca-dn42_20161122.0_all.deb
sudo dpkg -i ca-dn42_20161122.0_all.deb
sudo dpkg-reconfigure ca-certificates
```
You will be asked which certificates you would like to enabled. By default, the dn42 root certifcate (dn42/root-ca.crt) is not enable, be sure to enable it. This package is waiting for inclusion in Debian (Debian bug [#845351](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845351)).
#### Manual Installation
```bash
$ mkdir /usr/share/ca-certificates/extra

4
services/DNS.md
View File

@ -1,5 +1,5 @@
# DNS
**The new anycast resolver for `.dn42` runs on `172.23.0.53` and `TBD`. Please see [[Hierarchical DNS]] for more information.**
# DNS (DEPRECATED)
**The new anycast resolver for `.dn42` runs on `172.23.0.53` and `fd42:d42:d42:53::1`. Please see [[Hierarchical DNS]] for more information.**
**The information below is outdated.**
***

17
services/Distributed-Wiki.md
View File

@ -19,7 +19,7 @@ The local webserver is monitored with a simple [[shell script|Distributed-Wiki#e
## Network
- Install wiki anycast IP address `172.23.0.80/32` on the system
- Install wiki anycast IP addresses `172.23.0.80/32` and `fd42:d42:d42:80::1/64` on the system
- Assign a unicast IP address to be used by Nginx
- Establish connectivity to the dn42 network
@ -47,7 +47,6 @@ GIT=/usr/bin/git
cd "${WIKI_PATH}"
${GIT} push
sleep 1
${GIT} pull
exit 0
@ -75,11 +74,11 @@ RACK_ENV=production gollum --css <path>/custom.css --gollum-path <path> --host 1
Set `<path>` to the location where wiki Git repo was cloned.
## Nginx proxy
## Nginx reverse proxy
#### SSL
- Setup your MNTNR according to [Automatic CA](https://internal.dn42/services/Automatic-CA)
- Setup your maintainer object according to [Automatic CA](https://internal.dn42/services/Automatic-CA)
- Generate a [CSR](/services/Certificate-Authority) and send DNS Key Pin to [xuu@sour.is](mailto:xuu@sour.is):
```
@ -149,8 +148,8 @@ server {
listen 172.23.0.80:80 default;
listen [fd42:d42:d42:80::1]:80 default;
listen 80;
listen [::]:80;
listen <unicast ipv4> 80;
listen [<unicast ipv6>]:80;
add_header X-SiteID '<aut-num>-<cc>';
@ -167,8 +166,8 @@ server {
listen 172.23.0.80:443 ssl default;
listen [fd42:d42:d42:80::1]:443 ssl default;
listen 443 ssl;
listen [::]:443 ssl;
listen <unicast ipv4> 443 ssl;
listen [<unicast ipv6>]:443 ssl;
ssl on;
ssl_certificate <path>/ssl.crt;
@ -214,7 +213,7 @@ group gollum-watchdog {
## (example ipv6) peer with one of our iBGP speakers:
neighbor fd42:4992:6a6d::1 {
router-id 172.22.0.80;
router-id 172.23.0.80;
local-address fd42:4992:6a6d::2;
local-as 123456;
peer-as 123456;

6
services/Exchanges.md
View File

@ -6,4 +6,8 @@ The following exchanges are available:
* Amsterdam (OpenVPN) - NL Zuid (marlinc) - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
* Los Angeles (OpenVPN) - tombii - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
* New York (OpenVPN) - tombii - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
* Falkenstein/Hetzner (OpenVPN) - GRMML (Nurtic-Vibe) - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
* Falkenstein/Hetzner (OpenVPN) - GRMML (Nurtic-Vibe) - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
The NL-Zuid website is also available from the public internet: https://nl-zuid.nl
Its generally recommended to only announce prefixes from your own network and that of your transit customers.

2
services/Looking-Glasses.md
View File

@ -30,6 +30,6 @@ Please sort by AS number.
| 4242422342 | dn42: http://lg.gbe.dn42 <br> Semi-interactive (no traceroute, no ping) | UP |
| 4242422700 | dn42: http://lg.gotroot.dn42 | UP |
| 4242423827 | ext: https://sky.nullroute.eu.org/dn42/lg/ <br> dn42: http://lg.nullroute.dn42 | UP |
| 4242423905 | ext: https://vpn01.weiti.org/ulg/ <br> dn42: https://lg.weiti.dn42/ | UP |
| 4242423905 | ext: https://dn42-svc.weiti.org/ulg/ <br> dn42: https://lg.weiti.dn42/ | UP |
| 4242423905 | ext: http://zeus.nowhere.ws/dn42/routes.cgi <br> dn42: http://zeus.nihilus.dn42/dn42/routes.cgi <br> Non-interactive (route listing only). | DOWN |
| 4242423955 | dn42: http://lg.flo.dn42 | DOWN |

10
services/Repository-Mirrors.md
View File

@ -4,24 +4,22 @@ There are some mirrors available in DN42. All mirrors are subdomains of "mirror.
## Debian
**http://debian.mirror.dn42**
**http://debian.mirrors.dn42**
Hosted by:
* Basil
* Trunet
## Ubuntu
**http://ubuntu.mirror.dn42**
**http://ubuntu.mirrors.dn42**
**http://archive.ubuntu.mirror.dn42**
**http://archive.ubuntu.mirrors.dn42**
Hosted by:
* Trunet
* Basil
## CentOS
**http://centos.mirror.dn42**
**http://centos.mirrors.dn42**
Hosted by:
* Trunet

2
services/Whois.md
View File

@ -141,6 +141,7 @@ Monotone is an distributed revision control system. Monotone tracks revisions to
| Person | Address | Status |
|----------|----------------------------------------|--------|
| crest | mtn.crest.dn42 | UP |
| siska | mtn.nixnodes.net (mtn.nixnodes.dn42) | UP |
| dracoling | dn42.smrsh.net (net.smrsh.dn42) | UP |
| xuu | mtn.xuu.dn42 (172.22.141.181) | UP |
| zorun | mtn.polyno.me / mtn.polynome.dn42 (172.23.184.71)| UP |
@ -149,6 +150,7 @@ Monotone is an distributed revision control system. Monotone tracks revisions to
| hexa- | mtn.hexa.dn42 (172.23.42.130) | UP |
| tombii | mtn.tombii.dn42 (172.22.102.133) | UP |
| Mic92 | mtn.evenet.dn42 (172.23.75.6/fd42:4992:6a6d::6) | UP |
| weiti | mtn.weiti.dn42 (172.20.175.251/fdf7:17d5:de49::251) | UP |
## Monotone branches