dn42/wiki
1
Fork 0
mirror of https://git.dn42.dev/wiki/wiki.git synced 2025-03-25 19:52:43 +01:00
Code Releases Activity

Fix Headers, Spaces

Browse Source
This commit is contained in:
KIOUBIT-MNT 2021-06-01 00:48:53 +03:00
parent 570bc4abde
commit c10f15e424
68 changed files with 138 additions and 352 deletions

2
FAQ.md

@ -1,5 +1,5 @@
### How do I connect to DN42?
## How do I connect to DN42?
We have a [page](/howto/Getting-started) for that!

2
Home.md

@ -77,6 +77,6 @@ The [Getting started](/howto/Getting-Started) page helps you to get your first n
This wiki is the main reference about dn42. It is available in read-only mode from the Internet [here](https://wiki.dn42.us) or [here](https://dn42.dev) or [here](https://dn42.tk) or [here](https://dn42.eu), [tor](http://jsptropkiix3ki5u.onion) and [i2p](http://beb6v2i4jevo72vvnx6segsk4zv3pu3prbwcfuta3bzrcv7boy2q.b32.i2p/) and for editing from within dn42, at [https://wiki.dn42](https://wiki.dn42) - [https](services/Certificate-Authority) required for editing.
#### DN42 Logo
### DN42 Logo
An svg of the DN42 Logo is available [here](/dn42.svg).

66
howto/BGP-on-Extreme-Summit1i.md

@ -1,66 +0,0 @@
# DN42 peering on Extreme Summit 1i
Here i'll show how to configure DN42 peering via BGP on an old Extreme Networks [Summit 1i](http://docs.google.com/viewer?url=https://www.mtmnet.com/PDF_FILES/summit1i.pdf) routing switch. This how-to should be also applicable to any other 'i'-series switch.
## Caveats
Looks like ExtremeWare doesn't support any tunneling mechanism in contrast to ExtremeWare IPv6 or ExtremeXOS operating systems. So you need either put your switch behind the router which will do tunneling with DN42 participant or directly connect the switch to our network, if that possible.
## Snipplet
This configuration was tested on latest EW of 7.8.4.1 patch1-r4 version. But it should work on most of older releases as well.
## DN42 should go both in internal (for clients) and external VLANs
create vlan svlan
configure vlan svlan ipaddress 192.168.1.100/24
# Adding an alias
enable multinetting standard
configure vlan svlan add secondary-ip 172.22.251.2/23
...
enable ipforwarding
configure vlan svlan add subvlan ext
...
# It is worth to filter alien nets
create access-list deny_int ip destination any source 192.168.1.0/24 deny ports 2-16
...
##
# Adding route to a neighbor
configure iproute add 172.22.151.1/32 172.22.251.1
configure bgp soft-reconfiguration
configure bgp AS-number 65534
configure bgp routerid 172.22.251.2
enable bgp
Now, if you're trying EBGP with your peer:
# Announce our network
configure bgp add network 172.22.151.0/23
create bgp neighbor 172.22.151.1 remote-AS-number 65535
# Point to a proper outgoing interface, useless in case when Super VLAN is used
#configure bgp neighbor 172.22.151.1 source-interface vlan ext
enable bgp neighbor 172.22.151.1
Or IBGP (local router does the EBGP in following example):
# Don't wait for an EBGP
disable bgp synchronization
create bgp neighbor 192.168.1.1 remote-AS-number 65534
enable bgp neighbor 192.168.1.1
Next, you may diagnose the things doing:
show bgp
show bgp neighbor
show bgp neighbor 172.22.151.1 received-routes all
show bgp neighbor 172.22.151.1 transmitted-routes all
After that ping and traceroute are your mates. It is worth to point switch to the DNS which knows .dn42 zone:
`configure dns-client add name-server 192.168.1.1`
And use names.

2
howto/Bird.md

@ -26,7 +26,7 @@ Note: This file covers the configuration of Bird 1.x. For an example configurati
* Replace `<PEER_AS>` the Autonomous System Number of your peer (only the digits)
* Replace `<PEER_NAME>` a self chosen name for your peer
### IPv6
## IPv6
```
#/etc/bird/bird6.conf

2
howto/EMail.md

@ -7,7 +7,7 @@ Running email in dn42 is not very complicated. Your SMTP daemon probably alread
## Redirect
~~There are forwarding rules for _PERSON_ @ dn42.org to the mail addresses which have been given in the registry. Please note that the trailing `-DN42` is stripped from the local part.~~
####Example####
### Example
| Handle | Alias | Redirection |
|:------------ |:-------------- |:--------------------- |

148
howto/Edgeos-Config-Example-number-2.md

@ -1,148 +0,0 @@
#EdgeRouterPro-8 config example with v1.9.0
After a lot of searching and trying I [Phil/ALS7] finnaly got a working config
Also thanx to drathir for his patience and support
##Features
* IPv4/IPv6 Tunnel via OpenVPN
* dn42 DNS
##How-To
--> still work in Progress
* Basic EdgeOS knowledge is required
1) you need to create all required fields in the registry --> look at [Getting Started](/Getting-Started) page
2) get a peer --> ask nice @ [IRC](/IRC)
3) You need following data from the peer
--tunnel options, secret key --ASN from the peer --ip's
...
The data i used are the following:
Own ASN: AS111111
Own IPv4: 172.AA.AA.64/27
Own IPv6: fdBB:BBBB:CCCC::/48
Peer OpenVPN Remote Address: X.X.X.X
Peer OpenVPN Remote Host: X.X.X.Y
Peer OpenVPN IP for you: fdAA::BBB/64
Peer OpenVPN IP: fdAA::CC
Peer OpenVPN Port: 1194
Peer OpenVPN encryption: aes256
Peer ASN: AS222222
Peer BGP Neighbour IPv4: Z.Z.Z.Z
Peer BGP Neighbour IPv6: fdAA::CC
###Copy OpenVPN key to the ErPro
copy vpn key to /config/auth/giveITaName
sudo su
cd /config
mkdir auth
cd auth
cat > giveITaName
now paste the key in the terminal window, hit return once and kill cat with CTRL+C
last thing to do is type exit
###Create IPv4 OpenVPN Interface
Set up Interface vtunX -- i used vtun0
configure
set interface openssh vtun0
set interfaces openvpn vtun0 mode site-to-site
set interfaces openvpn vtun0 local-port 1194
set interfaces openvpn vtun0 remote-port 1194
set interfaces openvpn vtun0 local-address 172.AA.AA.64
set interfaces openvpn vtun0 remote-address X.X.X.X
set interfaces openvpn vtun0 remote-host X.X.X.Y
set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName
set interfaces openvpn vtun0 encryption aes256
set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression
commit
save
exit
Now the ipv4 tunnel should be up&running
Check it with:
show interfaces openvpn
show interfaces openvpn detail
show openvpn status site-to-site
###Create IPv4 BGP Session
####Open Firewall
* You need to open the firewall to local for the tunnel Interface on port 179/tcp
####Configure the BGP Neighbor
* You must not use AS before the as numbers !!
With this step you create the basic bgp session
configure
set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222
set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound
set protocols bgp 111111 neighbor update-source 172.AA.AA.64
commit
save
When commit this configuration you should be able to see a BGP neighbor session start and come up.
You can check this with:
show ip bgp summary
####Set route to blackhole
so bgp can announce the route
set protocols static route 172.AA.AA.64/27 blackhole
commit
save
####Announce prefix to BGP
set protocols bgp 111111 network 172.A.A.64/27
commit
save
exit
You should now be able to see networks being advertised via
show ip bgp neighbors Z.Z.Z.Z advertised-routes
###Define Nameservers
Now ping to 172.23.0.53 ... thats the nameserver we are using
If everything is allright it should work
####NS Config
Enter the configure mode
configure
set service dns forwarding name-server 8.8.8.8
set service dns forwarding name-server 8.8.4.4
set service dns forwarding options rebind-domain-ok=/dn42/
set service dns forwarding options server=/23.172.in-addr.arpa/172.23.0.53
set service dns forwarding options server=/22.172.in-addr.arpa/172.23.0.53
set service dns forwarding options server=/dn42/172.23.0.53
commit
save
exit
Now try to access any .dn42 tld

2
howto/IPsecWithPublicKeys/RouterOSExample.md

@ -10,7 +10,7 @@
# NAME KEY-SIZE
0 PR mykey 4096-bit
### Exchange public keys with your peer
## Exchange public keys with your peer
1. Export the public key to a file.
[admin@mtk1] /ip ipsec key> export-pub-key mykey file-name=mykey.pub

6
howto/Registry-Authentication.md

@ -16,7 +16,7 @@ The signature and verification process varies depending on the type of public ke
---
#### Finding the commit hash
## Finding the commit hash
`git log` will list all the recent commits and show the commit hash:
```
@ -31,7 +31,7 @@ Date: Mon Jan 01 01:01:01 2020 +0000
PGP keys may be uploaded to a public keyserver for verification, or added in the registry.
#### Using a public keyserver
### Using a public keyserver
- Use the following `auth` attribute in your `mntner` object:
```
@ -72,7 +72,7 @@ auth: ssh-<keytype> <pubkey>
```
There are examples below for each specific key type.
#### Generic process for signing with an SSH key
### Generic process for signing with an SSH key
OpenSSH v8 introduced new functionality for creating signatures using SSH keys. If you have an older version, you can compile the latest version of ssh-keygen from the [openssh-portable repo](https://github.com/openssh/openssh-portable).

2
howto/networksettings.md

@ -32,7 +32,7 @@ Check that ALL your vpn interfaces allow ip forwarding for ipv6/ipv4.
$ sysctl -a | grep forwarding
```
### Note on firewalls, conntrack and asymmetric routing
## Note on firewalls, conntrack and asymmetric routing
Do not configure iptables/nftables to drop packets with invalid conntrack state in forward chain.

2
internal/Ideas.md

@ -2,7 +2,7 @@
… or the service that would make dn42 truly interesting for people (for non-technical reasons).
#### Criterias
## Criterias
- it should be difficult to setup on the Internet (for technical or legal reasons)
- it should interest people that are likely to know dn42 (hackerspaces, etc)

2
internal/Internal-Services.md

@ -54,7 +54,7 @@ To use the service, please message Kioubit on IRC to have your domain activated.
| irc.hackint.hack/dn42 | Yes | ChaosVPN |
| irc.dn42 | Yes | Internal IRC |
#### Clients
### Clients
| Hostname / IP | Remarks |
|:--------------|:--------|

4
services/Distributed-Wiki.md

@ -76,7 +76,7 @@ RACK_ENV=production gollum --css --host 127.0.0.1 --port 4567 --no-edit <path>
## Nginx reverse proxy
#### SSL
### SSL
- Setup your maintainer object according to [Automatic CA](/services/Automatic-CA)
- Generate a [CSR](/services/Certificate-Authority) and send DNS Key Pin to [xuu@sour.is](mailto:xuu@sour.is):
@ -188,7 +188,7 @@ server {
## ExaBGP
#### Announcing
### Announcing
The prefix AS-PATH should show the announcement is originating from your AS. After peering ExaBGP to the nearest speaker(s), check if the prefix is routing properly inside your network. Try not to blackhole the passing traffic (e.g. no static routes to `172.23.0.80/32`). Test the whole thing by shutting down nginx/gollum and watch what happens.

4
services/Virtual-Machines.md

@ -2,7 +2,7 @@
Previously, some DN42 users had provided VMs to the community, but it is not known if any of these are currently active any more. The list of old providers is below the break.
#### burble.dn42
## burble.dn42
If you have a DN42 project but do not have the resources to host it yourself, the burble.dn42 network may be able to provide hosting for you. Contact burble on IRC or via email to discuss.
@ -13,7 +13,7 @@ If you have a DN42 project but do not have the resources to host it yourself, th
---
#### Old Providers:
### Old Providers:
| Person | RAM | HDD | Net | CPU | Description | No. Available
|:------------- |:------ |:--------- |:---------- |:---------- |:-------------------------- |:--------------------------|

2
services/Whois.md

@ -90,7 +90,7 @@ We have anycast IPv4 and IPv6, both reachable under whois.dn42. IPs are 172.22.0
| burble | whois.burble.dn42 | 172.20.129.8 / fd42:4242:2601:ac43::1 |
| taavi | whois.svc.as4242423270.dn42 | 172.22.130.143 / fd96:70f6:b174:<span>ac</span>::43 |
### Down?
## Down?
| **person** | **dns** | **ip** |
|------------|---------------------------|-----------------|