Lars Gierth 59cdcca686 tools: use nthen from npm | 9 years ago | |
---|---|---|
admin | 9 years ago | |
benc | 10 years ago | |
client | 9 years ago | |
contrib | 9 years ago | |
crypto | 9 years ago | |
debian | 9 years ago | |
dht | 9 years ago | |
doc | 9 years ago | |
exception | 10 years ago | |
interface | 9 years ago | |
io | 9 years ago | |
memory | 9 years ago | |
net | 9 years ago | |
node_build | 9 years ago | |
node_modules | 10 years ago | |
switch | 9 years ago | |
test | 9 years ago | |
tools | 9 years ago | |
tunnel | 9 years ago | |
util | 9 years ago | |
wire | 9 years ago | |
.dockerignore | 9 years ago | |
.gitignore | 9 years ago | |
.jshintignore | 10 years ago | |
.travis.yml | 9 years ago | |
Dockerfile | 9 years ago | |
HACKING.md | 9 years ago | |
LICENSE | 11 years ago | |
README.md | 9 years ago | |
README_HR.md | 9 years ago | |
README_RU.md | 9 years ago | |
android_do | 9 years ago | |
clean | 11 years ago | |
cross-do | 9 years ago | |
do | 9 years ago | |
package.json | 10 years ago |
Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues that plague existing networks.
23:26 <@jercos> well, cjdns is now officially more reliable than the open
internet for getting to my cheaper VPSes :|
12:52 < mariner> so i don't know if it's been done before, and i assume it's
obvious, but I think it's neat. Currently on hype from an
airplane
00:36 < tester> man sites take so long to load on i2p
00:36 < tester> i value speed over anonymity any day
<DuoNoxSol> it's notably more reliable than the normal internet
09:46 < Kubuxu> I so love cjdns code base
<whyrusleeping> my internet is way better now.
<whyrusleeping> thanks
<whyrusleeping> i'm really upset and sad that its better
<whyrusleeping> but also quite happy
Advanced configuration:
Thank you for your time and interest,
The cjdns developers.
These instructions are for Debian-based Linux distributions and OS X. They should be informative enough for use on other distributions - just don't expect them to work verbatim.
On both platforms, installing Node.js, although preferable, is not strictly necessary. If Node.js is unavailable or an unacceptable version, it will be downloaded and installed in the source tree.
sudo apt-get install nodejs git build-essential
sudo dnf install install nodejs git
sudo dnf install @development-tools
sudo yum localinstall https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install install nodejs git
sudo yum install @development-tools
Install with homebrew:
brew install cjdns
Sadly, OpenBSD is a bit experimental right now.
pkg_add git node gcc gmake bash
Select version gcc-4.8.1p2 or more recent.
The compiler expects GCC version 4.7, please install it from ports first.
portsnap fetch extract
cd /usr/ports/lang/gcc47/ && make config && make install clean
Clone the repository from GitHub and change to the source directory:
git clone https://github.com/cjdelisle/cjdns.git cjdns
cd cjdns
./do
Look for Build completed successfully, type ./cjdroute to begin setup.
, then
proceed below:
Run cjdroute without options for HELP:
./cjdroute
cat /dev/net/tun
If it says: cat: /dev/net/tun: File descriptor in bad state
Good!
If it says: cat: /dev/net/tun: No such file or directory
, create it using:
sudo mkdir -p /dev/net &&
sudo mknod /dev/net/tun c 10 200 &&
sudo chmod 0666 /dev/net/tun
Then cat /dev/net/tun
again.
If it says: cat: /dev/net/tun: Permission denied
You're probably using a VPS
based on the OpenVZ virtualization platform. Ask your provider to enable the
TUN/TAP device - this is standard protocol so they should know exactly what you
need. If you're on OS X, don't worry about this step.
./cjdroute --genconf >> cjdroute.conf
Protect your conf file! A lost conf file means you lost your password and connections and anyone who connected to you will no longer be able to connect. A compromised conf file means that other people can impersonate you on the network.
To set generate a conf file with permissions set so that only your user can read it and write to it:
(umask 077 && ./cjdroute --genconf > cjdroute.conf)
To get into an existing network (e.g. Hyperboria), you need to connect to someone who is already in the network. This is required for a number of reasons:
To find a friend, get out there and join our community. Also, have a look at the Hyperboria Map to find peers near you.
To initiate the connection OUTbound
In your conf file, you will see:
// Nodes to connect to.
"connectTo":
{
// Add connection credentials here to join the network
// Ask somebody who is already connected.
}
A conf file with multiple friend-nodes, setup OUTbound, should look like:
// Nodes to connect to.
"connectTo":
{
//friend_1 (IPv4: 0.1.2.3; IPv6 fcaa:5bac:66e4:713:cb00:e446:c317:fc39)
"0.1.2.3:45678":
{
"login": "k.alexander"
"password": "thisIsNotARealConnection_1",
"publicKey": "thisIsJustForAnExampleDoNotUseThisInYourConfFile_1.k"
}
//friend_2 (IPv4: 5.1.2.3; IPv6 fcbb:5bac:66e4:713:cb00:e446:c317:fc39)
"5.1.2.3:5678":
{
"login": "k.alexander"
"password": "thisIsNotARealConnection_2",
"publicKey": "thisIsJustForAnExampleDoNotUseThisInYourConfFile_2.k"
}
}
You can add as many connections as you want to the connectTo
attribute,
following JSON syntax.
To allow your friend to initiate the connection INbound
In your conf file, you will see:
"authorizedPasswords":
[
// A unique string which is known to the client and server.
{"password": "thisisauniquestring_001"}
// More passwords should look like this.
// {"password": "thisisauniquestring_002"}
// {"password": "thisisauniquestring_003"}
// {"password": "thisisauniquestring_004"}
...
// "your.external.ip.goes.here:45678":{"password": "thisisauniquestring_001","publicKey":thisisauniqueKEY_001.k"}
],
A conf file with multiple friend-nodes, setup INbound, should look like:
"authorizedPasswords":
[
// A unique string which is known to the client and server.
{"password": "thisisauniquestring_001", "user": "k.alexander"}
// More passwords should look like this.
//William Jevons (IPv4: 0.1.2.3; IPv6 fcaa:5bac:66e4:713:cb00:e446:c317:fc39)
{"password": "thisisauniquestring_002", "user": "William Jevons"}
//Marilyn Patel (IPv4: 5.1.2.3; IPv6 fcbb:5bac:66e4:713:cb00:e446:c317:fc39)
{"password": "thisisauniquestring_003", "user": "Marilyn Patel"}
// {"password": "thisisauniquestring_004"}
...
// "your.external.ip.goes.here:45678":{"password": "thisisauniquestring_001","publicKey":thisisauniqueKEY_001.k"}
],
You need to give William Jevons (who is making the INbound connection) the following 4 items:
The port found in your conf file here:
// Bind to this port.
"bind": "0.0.0.0:yourportnumberishere",
Their unique password that you uncommented or created: "password": "thisisauniquestring_002"
Your public key: "publicKey":thisisauniqueKEY_001.k"
His username: "William Jevons"
His login credentials will look something like this (with your IPv4 and port):
"1.2.3.4:56789": {
"login": "William Jevons",
"password": "thisisauniquestring_002",
"publicKey": "thisIsJustForAnExampleDoNotUseThisInYourConfFile_1.k"
}
Please note that you and your friend can initiate a connection either outbound (from YOU --> FRIEND) or inbound (from FRIEND --> YOU) but traffic flows both ways once the connection is established.
See doc/configure.md for more details on configuration, including how to peer with other cjdns nodes over ethernet and wifi.
Once your node is running, you're now a newly minted IPv6 host. Your operating system may automatically reconfigure network services to use this new address. If this is not what you intend, you should check to see that you are not offering more services then you intended to. ;)
See doc/network-services.md for instructions.
sudo ./cjdroute < cjdroute.conf
If you want to have your logs written to a file:
sudo ./cjdroute < cjdroute.conf > cjdroute.log
To stop cjdns:
sudo killall cjdroute
If you are having problems use killall cjdroute
to return to sanity. Use
pgrep cjdroute
or top
to see if it running.
Note: this starts cjdns as the root user so it can configure your system without concern for permissions. To start cjdns as a non-root user, see doc/non-root-user.md.
Welcome to the network! You're now a network administrator. There are responsibilities which come with being a network administrator which include being available in case there is something wrong with your equipment. You should stay on IRC so that people can reach you.
When cjdnroute is up and running, the admin interface will be available at
udp://localhost:11234
(this can be changed in the cjdroute.conf
configuration file). See admin/README.md for more
information about the admin interface. There are several tools in contrib/
that can interact with it.
You can access the admin API with: