blob: 13bf01dc224987624ca70c0376037594c336da0e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# freyanet
peer multiple ospf nodes over wireguard to make an internal network
## running
### docker
```yml
version: "3"
services:
inet2:
image: g.freya.cat/freya/freyanet
network_mode: host # needed otherwise internal network wont be accessable
privileged: true
volumes:
- ./inet2.conf:/etc/inet2.conf
```
### host
run the following commands with the provided makefile
```bash
$ make
$ make <os>
```
the current supported os's are: `alpine`
start the `inet2` service to start freyanet
## config
- if running in docker mount a file called `inet2.conf` at `/etc/inet2.conf`
- if running on host make a file called `/etc/inet2.conf`
```
# specify router id for ospf
RouterID 10.1.1.1
# optionally assign static addresses to the loopback interface
Loopback 1.2.3.4
# specify routed subnets
# ips that are not in these subnets will be ignored
# put the ip blocks for your entire internal network
Subnet 10.0.0.0/8
Subnet fd:cafe::/32
# specify node stubnets
# ip blocks that this node is gurenteed to route
Stubnet 10.1.0.0/8
Stubnet fd:cafe:dead::/48
# optional global private key gets used for all interfaces
PrivateKey = {host private key}
# create a peered wireguard interface
# specify addresses, routes, ports, pre/post commands, and peers
# keys can be generated with wg genkey and wg pubkey
interface interfacename
# indentation is a single tab per level
# otherwise file will fail to parse
# set the address(es) to assign to the interface
# route lines are usually the same as Address but with host bits zeroed
Address 10.2.255.1/30
Route 10.2.255.0/30 # must specify route
# you can also set ipv6
Address fd:cafe::ffff/64
Address fd:cafe::/64
# link local is also possible (and prefered for peering routers)
# link-local addresses should *not* have an associated Route line
Address fe80::1/64
Route 1.1.1.0/24
# more syntax options
Route 1.1.2.0/24 via 1.1.1.2
Route default via 1.1.1.3
# port to listen on in the host's network namespace, over udp
# you probably have to allow this through your firewall
ListenPort {host port}
# omit if using global private key
PrivateKey {host private key}
# all optional
PreUp command
PostUp command
PreDown command
PostDown command
# if running ospf on this interface
OSPF
# if running ospf on this interface and it's a stub network (no other routers)
OSPF stub
peer peername
PublicKey {peer public key}
# if the peer is a router, it has to have AllowedIPs set to everything and be the only
# peer on the interface
AllowedIPs 0.0.0.0/0, ::/0
# either:
Domain = {domain name of peer}
Port = {peer port}
# or:
Endpoint = {peer ip}:{peer port}
# make domain enpoint resolve with ipv (ipv6 is default)
IPv4
# optional
PersistentKeepalive = 25
```
## licenses
| License | Author | Project |
|---------|--------|---------|
| [MIT](https://mit-license.org/) | tint | [inet2](https://git.tint.red/tint/inet2) |
| [MIT](https://mit-license.org/) | freya | freyanet |
|
