Mirror of CJDNS repository

Caleb James DeLisle eda9529134 Merge branch 'rust-lto' of https://github.com/CJDNS-Development-Team/cjdns-router into rust-build 4 lat temu
admin 3cf79da359 Iface_DEFUN return an error type 4 lat temu
benc 2298997092 Manual merge 79a60b9 4 lat temu
client 3cf79da359 Iface_DEFUN return an error type 4 lat temu
contrib 56ce22d57c Need to return a value from pseudo-main function 4 lat temu
crypto dbb8f6b868 Couple more missing prototypes 4 lat temu
debian 0382e74bed Let Debian package build without setting extra variables 7 lat temu
dht 3cf79da359 Iface_DEFUN return an error type 4 lat temu
doc e5a7baf2b0 Add a minimal man page for cjdroute. 4 lat temu
exception 89f0ae89dc 1. Flow the builder 4 lat temu
interface 3cf79da359 Iface_DEFUN return an error type 4 lat temu
io 2298997092 Manual merge 79a60b9 4 lat temu
memory b9e41a2521 Make sure to cast uintptr to long before passing it to a printf 4 lat temu
net 3cf79da359 Iface_DEFUN return an error type 4 lat temu
node_build 9478617365 Tolerate multiple libsodium directories in build 4 lat temu
node_modules 6a29c552ab Separation of concerns between builder and cjdns-specific build stuff 4 lat temu
rust 6352a17096 Upgrade sodiumoxide 4 lat temu
subnode 3cf79da359 Iface_DEFUN return an error type 4 lat temu
switch 3cf79da359 Iface_DEFUN return an error type 4 lat temu
test 3cf79da359 Iface_DEFUN return an error type 4 lat temu
tools 6a29c552ab Separation of concerns between builder and cjdns-specific build stuff 4 lat temu
tunnel 3cf79da359 Iface_DEFUN return an error type 4 lat temu
util 3cf79da359 Iface_DEFUN return an error type 4 lat temu
wire 3cf79da359 Iface_DEFUN return an error type 4 lat temu
.dockerignore 65201059da docker: add dockerfile and entrypoint script 9 lat temu
.flowconfig 0d1456e618 Move jshint config to top level and add flow config 4 lat temu
.gitignore caf9963793 Switch to a Rust libsodium build 4 lat temu
.jshintignore ff83bcb287 FIx .jshintignore 5 lat temu
.jshintrc 0d1456e618 Move jshint config to top level and add flow config 4 lat temu
.travis.yml 0824aa92f4 Add android toolchains for rust 4 lat temu
Cargo.lock b862f19264 Got mingw32 build working 4 lat temu
Cargo.toml 4148196cd6 Enable link-time optimizations for the Rust build 4 lat temu
Dockerfile 65201059da docker: add dockerfile and entrypoint script 9 lat temu
HACKING.md 3f26979b41 update hacking 6 lat temu
LICENSE c49cc24869 links update 7 lat temu
README.md 56aa2fc359 Update readme with Rust requirement 4 lat temu
README_DE.md a27104afc5 Match German documentation. 7 lat temu
README_ES.md 2f7986c62f Manually merged woshilapin's pull req, thanks 7 lat temu
README_FR.md a3db672407 manual merge 6 lat temu
README_GR.md 2f7986c62f Manually merged woshilapin's pull req, thanks 7 lat temu
README_HR.md 6673c78930 Update README_HR.md 7 lat temu
README_PT-BR.md 2efcbd7e99 Create README_PT-BR.md 4 lat temu
README_RU.md 00b118f7de Add more distros instructions & fix typos 7 lat temu
README_SV.md 2f7986c62f Manually merged woshilapin's pull req, thanks 7 lat temu
README_ZHT.md 2f7986c62f Manually merged woshilapin's pull req, thanks 7 lat temu
android_do f41d5ea18c Fix android cross-builds 4 lat temu
clean c49cc24869 links update 7 lat temu
compile_flags.txt b9b7c329b4 support for clangd 5 lat temu
cross-do 0b86b9fc81 Fixed cross-do for Bash 3 10 lat temu
do 4cf501c8d0 ./do add ~/.cargo/bin to PATH to help be sure of building 4 lat temu
package-lock.json 6a29c552ab Separation of concerns between builder and cjdns-specific build stuff 4 lat temu
package.json 6a29c552ab Separation of concerns between builder and cjdns-specific build stuff 4 lat temu
windows_do b862f19264 Got mingw32 build working 4 lat temu

README.md

cjdns

Русская версия Hrvatski Svenska Ελληνικά Deutsch 繁體中文 Español Français Português brasileiro

Networking Reinvented

Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues that plague existing networks.

Build Status CII Best Practices tip for next commit irc License

Testimonials

23:26 <@jercos> well, cjdns is now officially more reliable than the open
                internet for getting to my cheaper VPSes :|

12:52 < mariner> so i don't know if it's been done before, and i assume it's
                 obvious, but I think it's neat. Currently on hype from an
                 airplane

00:36 < tester> man sites take so long to load on i2p
00:36 < tester> i value speed over anonymity any day

<DuoNoxSol> it's notably more reliable than the normal internet

09:46 < Kubuxu> I so love cjdns code base

<whyrusleeping> my internet is way better now.
<whyrusleeping> thanks
<whyrusleeping> i'm really upset and sad that its better
<whyrusleeping> but also quite happy

21:01 <@grewalsat> this is amazing. with my workpalce speedtest.net results I get around 6+mb speed, and with my cjdns-gate as vpn network I'm getting like 11-15mb download speed in speedtest.net
21:01 <@grewalsat> :P
21:01 <@grewalsat> plus, access anything! :D

<davidar> Yeah, I have to admit I sort of avoided hypeirc because of stuff like that

Community

Documentation

Advanced configuration:

Thank you for your time and interest,

The cjdns developers.


How to install cjdns

These instructions are for Debian-based Linux distributions and macOS. They should be informative enough for use on other distributions - just don't expect them to work verbatim. If you want to know what operating system's base is go here.

0. Install dependencies

You must have Rust/Cargo, see: https://rustup.rs/ for information about how to install.

If you have Node.js installed, the build will be slightly faster but this is not necessary. If Node.js is unavailable or an unacceptable version, it will be downloaded and installed in the source tree.

Debian-based distro:

sudo apt-get install nodejs git build-essential python2.7

Fedora 22+ based distro:

sudo dnf install nodejs git
sudo dnf install @development-tools

RHEL based distro (adds the EPEL repo):

sudo yum localinstall https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
sudo yum install nodejs git
sudo yum install @development-tools

Gentoo

emerge --ask nodejs sys-devel/gcc dev-lang/python:3.4 dev-vcs/git

MacOS:

Install with MacPorts:

sudo port install cjdns

OpenBSD:

pkg_add git node gcc gmake bash

Select version gcc-4.8.1p2 or more recent.

FreeBSD:

Everything you need is available prebuild in FreeBSD' ports.

pkg install gmake node

Arch:

You can install cjdns by running:

pacman -S cjdns

If you need to build from source, everything you need can be installed like this:

pacman -S nodejs git base-devel

Alternatively, you may like to install via AUR from the package, cjdns-git. After Installation, The configuration file is located at /etc/cjdroute.conf. To start the service cjdns.service, do:

systemctl start cjdns

To stop it:

systemctl stop cjdns

Gentoo:

cjdns is not yet in the main Gentoo repository, so you will have to use an overlay. The easiest way is to use Layman but you can do it by hand, too.

Layman:

First, you need to install layman.

emerge layman

If layman is installed correctly, you can add the overlay

layman -f
layman -a weuxel

For future update of the overlay use

layman -S

Now you can install cjdns

emerge cjdns
By hand:

You will have to clone the overlay repository

cd /opt
git clone https://github.com/Weuxel/portage-weuxel.git

Now tell portage to use this repo

cd /etc/portage/repos.conf/

Create a file portage-weuxel.conf containing

[weuxel]
location = /opt/portage-weuxel
masters = gentoo
auto-sync = yes

Now sync

emerge --sync

And install cjdns

emerge cjdns

Automatic crash detection and restart

Copy the the openrc init script from contrib/openrc to /etc/init.d/ and modify the CONFFILE and command parameter to your needs. Then start cjdns by issuing

/etc/init.d/cjdns start

Configure the init system to autostart cjdns

rc-update add cjdns default

Copy the service_restart script contrib/gentoo/service_restart.sh to any convenient directory on your system and modify the eMail address. If you do not wish to be notified, comment out the whole line. Now add a crontab entry like this

# Restart crashed Services
* * * * *       root    /path/to/script/service_restart.sh

Solus:

Dependencies:

sudo eopkg install nodejs git build-essential system.devel python gcc binutils kernal-headers xorg-server-devel

Then Follow the steps below:

Sorry for so many steps. A package is being worked on currently

1. Retrieve cjdns from GitHub

Clone the repository from GitHub and change to the source directory:

git clone https://github.com/cjdelisle/cjdns.git cjdns
cd cjdns
2. Build
./do

Look for Build completed successfully, type ./cjdroute to begin setup., then proceed below:


Setup

Run cjdroute without options for HELP:

./cjdroute

0. Make sure you've got the stuff.

If you're on macOS, don't worry about this step.

LANG=C cat /dev/net/tun

If it says: cat: /dev/net/tun: File descriptor in bad state Good!

If it says: cat: /dev/net/tun: No such file or directory, create it using:

sudo mkdir -p /dev/net &&
sudo mknod /dev/net/tun c 10 200 &&
sudo chmod 0666 /dev/net/tun

Then cat /dev/net/tun again.

If it says: cat: /dev/net/tun: Permission denied You're probably using a VPS based on the OpenVZ virtualization platform. Ask your provider to enable the TUN/TAP device - this is standard protocol so they should know exactly what you need.

1. Generate a new configuration file

./cjdroute --genconf >> cjdroute.conf

Protect your conf file!

A lost conf file means you lost your password and connections and anyone who connected to you will no longer be able to connect. A compromised conf file means that other people can impersonate you on the network.

To generate a conf file with permissions set so that only your user can read it and write to it:

(umask 077 && ./cjdroute --genconf > cjdroute.conf)

2. Find a friend

To get into an existing network (e.g. Hyperboria), you need to connect to someone who is already in the network. This is required for a number of reasons:

  1. It helps prevent abuse because bad people will be less likely to abuse a system after they were, in an act of human kindness, given access to that system.
  2. This is not intended to overlay The Old Internet, it is intended to replace it. Each connection will in due time be replaced by a wire, a fiber optic cable, or a wireless network connection.
  3. In any case of a disagreement, there will be a "chain of friends" linking the people involved so there will already be a basis for coming to a resolution.

To find a friend, get out there and join our community. Also, have a look at the Hyperboria Map to find peers near you.

You can also use the geographically assorted list of public peering credentials for joining Hyperboria at hyperboria/peers.

3. Connect your node to your friend's node

To initiate the connection OUTbound

In your conf file, you will see:

// Nodes to connect to.
"connectTo":
{
    // Add connection credentials here to join the network
    // Ask somebody who is already connected.
}

A conf file with multiple friend-nodes, setup OUTbound, should look like:

// Nodes to connect to.
"connectTo":
{
    //friend_1 (IPv4: 0.1.2.3; IPv6 fcaa:5bac:66e4:713:cb00:e446:c317:fc39)
    "0.1.2.3:45678":
    {
        "login": "k.alexander"
        "password": "thisIsNotARealConnection_1",
        "publicKey": "thisIsJustForAnExampleDoNotUseThisInYourConfFile_1.k"
    },

    //friend_2 (IPv4: 5.1.2.3; IPv6 fcbb:5bac:66e4:713:cb00:e446:c317:fc39)
    "5.1.2.3:5678":
    {
        "login": "k.alexander"
        "password": "thisIsNotARealConnection_2",
        "publicKey": "thisIsJustForAnExampleDoNotUseThisInYourConfFile_2.k"
    }
}

You can add as many connections as you want to the connectTo attribute, following JSON syntax.

To allow your friend to initiate the connection INbound

In your conf file, you will see:

"authorizedPasswords":
[
    // A unique string which is known to the client and server.
    {"password": "password001", "login": "default-login"}

    // More passwords should look like this.
    // {"password": "password002", "login": "my-second-peer"}
    // {"password": "password003", "login": "my-third-peer}
    // {"password": "password004", "login": "my-fourth-peer"}
    ...

    // "your.external.ip.goes.here:45678":{"login": "default-login", "password": "password001","publicKey":thisisauniqueKEY_001.k"}

],

A conf file with multiple friend-nodes, setup INbound, should look like:

"authorizedPasswords":
[
    // A unique string which is known to the client and server.
    {"password": "thisisauniquestring_001", "user": "k.alexander"}

    // More passwords should look like this.
    //William Jevons (IPv4: 0.1.2.3; IPv6 fcaa:5bac:66e4:713:cb00:e446:c317:fc39)
    {"password": "thisisauniquestring_002", "user": "William Jevons"}
    //Marilyn Patel (IPv4: 5.1.2.3; IPv6 fcbb:5bac:66e4:713:cb00:e446:c317:fc39)
    {"password": "thisisauniquestring_003", "user": "Marilyn Patel"}
    // {"password": "thisisauniquestring_004"}
    ...

    // "your.external.ip.goes.here:45678":{"password": "thisisauniquestring_001","publicKey":thisisauniqueKEY_001.k"}
],

You need to give William Jevons (who is making the INbound connection) the following 4 items:

  1. Your external IPv4
  2. The port found in your conf file here:

    // Bind to this port. "bind": "0.0.0.0:yourportnumberishere",

  3. Their unique password that you uncommented or created: "password": "thisisauniquestring_002"

  4. Your public key: "publicKey": "thisisauniqueKEY_001.k"

  5. His username: "William Jevons"

His login credentials will look something like this (with your IPv4 and port):

"1.2.3.4:56789": {
    "login": "William Jevons",
    "password": "thisisauniquestring_002",
    "publicKey": "thisIsJustForAnExampleDoNotUseThisInYourConfFile_1.k"
}

Please note that you and your friend can initiate a connection either outbound (from YOU --> FRIEND) or inbound (from FRIEND --> YOU) but traffic flows both ways once the connection is established.

See doc/configure.md for more details on configuration, including how to peer with other cjdns nodes over ethernet and wifi.

4. Secure your system - check for listening services

Once your node is running, you're now a newly minted IPv6 host. Your operating system may automatically reconfigure network services to use this new address. If this is not what you intend, you should check to see that you are not offering more services than you intended to. ;)

See doc/network-services.md for instructions.

5. Start it up!

sudo ./cjdroute < cjdroute.conf

If you want to have your logs written to a file:

sudo ./cjdroute < cjdroute.conf > cjdroute.log

To stop cjdns:

sudo killall cjdroute

If you are having problems use killall cjdroute to return to sanity. Use pgrep cjdroute or top to see if it running.

NOTE!

This starts cjdns as the root user so it can configure your system without concern for permissions. To start cjdns as a non-root user, see doc/non-root-user.md.

6. Get in IRC

Welcome to the network! You're now a network administrator. There are responsibilities which come with being a network administrator which include being available in case there is something wrong with your equipment. You should stay on IRC so that people can reach you.

Admin interface

When cjdroute is up and running, the admin interface will be available at udp://localhost:11234 (this can be changed in the cjdroute.conf configuration file). See doc/admin-api.md for more information about the admin interface. There are several tools in contrib/ that can interact with it.

You can access the admin API with:

  • the Python library; see here.
  • the Perl library, maintained by Mikey; see here.

Reporting issues

  1. Don't report in this repo, please instead report it at https://github.com/hyperboria/bugs/issues
  2. Get on IRC and talk to somebody
  3. What will happen is either
    • Someone feels like fixing it
    • You feel like fixing it
    • Nobody cares about it and it will be forgotten for a while and maybe someone will hit it later and fix it or else it will get wiped away in a refactoring
    • Nobody can fix it at the moment but it is considered worth remembering because it has great significance to the way the code is developed, in this case it needs to be explained in technical terms by someone with strong familiarity with the code. They will make a pull request to the docs/bugs directory.

Security

Security issues should be reported on IRC the same as other bugs. We don't have a closed group of people with special knowledge so that means the default security reporting method is full disclosure.

See: security_specification.md to see if a possible security issue is really a security issue.

That time of year again... Time for some open source Projects! Hacktoberfest