Update bird/bird.conf.tmpl, tinc/lixonet/tinc-up.tmpl, README.md files
This commit is contained in:
parent
5feb5ab492
commit
cadbcca75c
28
README.md
28
README.md
@ -10,18 +10,40 @@ Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html
|
||||
|
||||
Run: `tincd -n lixonet -K`
|
||||
|
||||
**Configuration options**
|
||||
# Configuration options
|
||||
|
||||
All options are supplied in the `name=value` format on individual lines, i.e. `name=test_name_lixo`
|
||||
|
||||
## Required options
|
||||
|
||||
You **MUST** specify these options, or Lixonet will not work.
|
||||
|
||||
#### Network options
|
||||
|
||||
* `name` - The global neighbor name. Tinc and Bird use this to identify a peer in the network, and to exclude your own pre-packed config automagically from Tinc and BIRD dialing out so you don't connect to yourself over and over again.
|
||||
* `address` - The *router* address to use. This is your Lixonet routing layer address: 172.xxx.0.xxx
|
||||
* `network_address` - The *network* address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: `0.0` -- it _MUST_ end with zeros corresponding to the network size)
|
||||
* `asn` - The BGP ASN to use. We usually follow the format `4206969XXX` where _XXX_ is the last octet of your `address`, zero-padded (i.e. 008 or 212)
|
||||
* `netmask` - The routing layer netmask to use. This should be `255.255.255.0` in most cases as our routing layer has always been a ``/24` subnet. Used by Tinc and BIRD for the L2 mesh and route security ingress filtering respectively.
|
||||
|
||||
#### Tinc options
|
||||
* `tinc_bind_address` - OPTIONAL: The address that Tinc should bind to to _listen_ for incoming WAN-sided connections (i.e. 10.0.0.1). This is _not_ the tunnel IP.
|
||||
* `tinc_connect_to` - OPTIONAL: A comma-separated list of well-known/pre-defined hosts to connect to (i.e. `denco_mane_lixo`). If not supplied, this is automatically set to all core routers that aren't yourself (`name`).
|
||||
|
||||
**Setup**
|
||||
## Non-required options:
|
||||
|
||||
#### Network options
|
||||
* `global_prefix`: global network prefix: defaults to `16`.
|
||||
* `router_prefix`: router network prefix: defaults to `24`. If you change this you _SHOULD_ change `netmask` too.
|
||||
* `netmask`: router netmask: defaults to `255.255.255.0` (`/24`); _SHOULD_ be the bitmask that corresponds to the `router_prefix`
|
||||
|
||||
#### BGP
|
||||
|
||||
For options we expose here, for information see: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3
|
||||
|
||||
* `bgp_path_metric`: Enable comparison of path lengths when deciding which BGP route is the best one (`0` or `1`): defaults to `1`
|
||||
* `bgp_aigp`: BGP AIGP state (`enable`, `disable`, or `originate`): defaults to `originate` (see BIRD documentation)
|
||||
|
||||
# Setup
|
||||
|
||||
Prerequisites:
|
||||
1. `docker` and `docker-compose` (Alpine: community repository; https://docs.genesys.com/Documentation/System/8.5.x/DDG/InstallationofDockeronAlpineLinux), `git`, and `curl` are installed (Alpine: `apk add`). You may also want to make docker run at boot: `rc-update add docker boot`.
|
||||
|
@ -54,7 +54,7 @@ protocol kernel { # Primary routing table
|
||||
# the global mesh network.
|
||||
function net_lixonet_global()
|
||||
{
|
||||
return net ~ [ ${address:-172.30.0.0}/${global_prefix:-16} ];
|
||||
return net ~ [ ${network_address}/${global_prefix:-16} ];
|
||||
}
|
||||
|
||||
# Returns TRUE if the given tested network is within the router network prefix for
|
||||
@ -62,7 +62,7 @@ function net_lixonet_global()
|
||||
# for us. Helps prevent a security vulnerability of hijacking another router.
|
||||
function net_lixonet_router()
|
||||
{
|
||||
return net ~ [ ${address:-172.30.0.0}/${router_prefix:-24} ];
|
||||
return net ~ [ ${network_address}/${router_prefix:-24} ];
|
||||
}
|
||||
|
||||
filter lixonet_import
|
||||
@ -91,7 +91,7 @@ template bgp lixonet_client {
|
||||
source address ${address}; # What local IP address we use for any outbound TCP
|
||||
# connections on port 179
|
||||
|
||||
path metric 1; # 1 = Prefer routes with shorter paths (like Cisco does)
|
||||
path metric ${bgp_path_metric:-1}; # 1 = Prefer routes with shorter paths (like Cisco does)
|
||||
|
||||
# BGP channels
|
||||
# See: Channel configuration (BIRD BGP configuration) and the table shown there.
|
||||
@ -109,7 +109,7 @@ template bgp lixonet_client {
|
||||
# automatically attached to non-BGP routes with valid IGP metric (e.g. ospf_metric1)
|
||||
# as they are exported to the BGP session.
|
||||
# Thank-you, BIRD <3 - mane and nurd
|
||||
aigp originate;
|
||||
aigp ${bgp_aigp:-originate};
|
||||
};
|
||||
|
||||
# Set filters for both exported (sent) and imported (received) BGP prefixes.
|
||||
|
@ -1,2 +1,2 @@
|
||||
#!/bin/sh
|
||||
ifconfig \$INTERFACE ${address} netmask ${netmask}
|
||||
ifconfig \$INTERFACE ${address} netmask ${netmask:-255.255.255.0}
|
||||
|
Loading…
x
Reference in New Issue
Block a user