freyanet/README.md
2023-12-30 15:23:30 -05:00

119 lines
3.1 KiB
Markdown

# freyanet
peer multiple ospf nodes over wireguard to make an internal network
## running
### docker
```yml
version: "3"
services:
inet2:
image: g.freya.cat/freya/freyanet
network_mode: host # needed otherwise internal network wont be accessable
privileged: true
volumes:
- ./inet2.conf:/etc/inet2.conf
```
### host
run the following commands with the provided makefile
```bash
$ make
$ make <os>
```
the current supported os's are: `alpine`
start the `inet2` service to start freyanet
## config
- if running in docker mount a file called `inet2.conf` at `/etc/inet2.conf`
- if running on host make a file called `/etc/inet2.conf`
```
# specify router id for ospf
RouterID 10.1.1.1
# optionally assign static addresses to the loopback interface
Loopback 1.2.3.4
# specify routed subnets
# ips that are not in these subnets will be ignored
# put the ip blocks for your entire internal network
Subnet 10.0.0.0/8
Subnet fd:cafe::/32
# specify node stubnets
# ip blocks that this node is gurenteed to route
Stubnet 10.1.0.0/8
Stubnet fd:cafe:dead::/48
# optional global private key gets used for all interfaces
PrivateKey = {host private key}
# create a peered wireguard interface
# specify addresses, routes, ports, pre/post commands, and peers
# keys can be generated with wg genkey and wg pubkey
interface interfacename
# indentation is a single tab per level
# otherwise file will fail to parse
# set the address(es) to assign to the interface
# route lines are usually the same as Address but with host bits zeroed
Address 10.2.255.1/30
Route 10.2.255.0/30 # must specify route
# you can also set ipv6
Address fd:cafe::ffff/64
Address fd:cafe::/64
# link local is also possible (and prefered for peering routers)
# link-local addresses should *not* have an associated Route line
Address fe80::1/64
Route 1.1.1.0/24
# more syntax options
Route 1.1.2.0/24 via 1.1.1.2
Route default via 1.1.1.3
# port to listen on in the host's network namespace, over udp
# you probably have to allow this through your firewall
ListenPort {host port}
# omit if using global private key
PrivateKey {host private key}
# all optional
PreUp command
PostUp command
PreDown command
PostDown command
# if running ospf on this interface
OSPF
# if running ospf on this interface and it's a stub network (no other routers)
OSPF stub
peer peername
PublicKey {peer public key}
# if the peer is a router, it has to have AllowedIPs set to everything and be the only
# peer on the interface
AllowedIPs 0.0.0.0/0, ::/0
# either:
Domain = {domain name of peer}
Port = {peer port}
# or:
Endpoint = {peer ip}:{peer port}
# make domain enpoint resolve with ipv (ipv6 is default)
IPv4
# optional
PersistentKeepalive = 25
```
## licenses
| License | Author | Project |
|---------|--------|---------|
| [MIT](https://mit-license.org/) | tint | [inet2](https://git.tint.red/tint/inet2) |
| [MIT](https://mit-license.org/) | freya | freyanet |