4.3 KiB
4.3 KiB
Lixonet Enterprise Edition (LIXONET 3)
This is the semi-official, testing Lixonet EE repository.
Custom configurations should be supplied in a lixonet.conf file in the name=value format, such as your subnet. Additionally, a tinc keypair is also be required.
Generating keypairs for tinc (tinc.key):
Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html
Run: tincd -n lixonet -K
Configuration options
All options are supplied in the name=value format on individual lines, i.e. name=test_name_lixo
Required options
You MUST specify these options, or Lixonet will not work.
Network options
name- The global neighbor name. Tinc and Bird use this to identify a peer in the network, and to exclude your own pre-packed config automagically from Tinc and BIRD dialing out so you don't connect to yourself over and over again.address- The router address to use. This is your Lixonet routing layer address: 172.xxx.0.xxxnetwork_address- The network address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's:0.0-- it MUST end with zeros corresponding to the network size)asn- The BGP ASN to use. We usually follow the format4206969XXXwhere XXX is the last octet of youraddress, zero-padded (i.e. 008 or 212)
Tinc options
tinc_bind_address- OPTIONAL: The address that Tinc should bind to to listen for incoming WAN-sided connections (i.e. 10.0.0.1). This is not the tunnel IP.tinc_connect_to- OPTIONAL: A comma-separated list of well-known/pre-defined hosts to connect to (i.e.denco_mane_lixo). If not supplied, this is automatically set to all core routers that aren't yourself (name).
Non-required options:
Network options
global_prefix: global network prefix: defaults to16.router_prefix: router network prefix: defaults to24. If you change this you SHOULD changenetmasktoo.netmask: router netmask: defaults to255.255.255.0(/24); SHOULD be the bitmask that corresponds to therouter_prefix
BGP
For options we expose here, for information see: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3
bgp_path_metric: Enable comparison of path lengths when deciding which BGP route is the best one (0or1): defaults to1bgp_aigp: BGP AIGP state (enable,disable, ororiginate): defaults tooriginate(see BIRD documentation)bgp_rpki_retry: If RPKI cache data cannot be obtained, the time period in seconds between a failed query the next attempt. Defaults to90.bgp_rpki_refresh: How long to wait in seconds before attempting to poll RPKI cache data after the last successful poll. Defaults to900.bgp_rpki_expire: How long to keep any records locally cached before they are deleted. Defaults to172800(2 days).bgp_rpki_known_hosts: The file path for the SSH keyknown_hostsfile to use when validating remote RPKI hosts. Defaults to/etc/bird/rpki/known_hosts(provided by Lixonet; don't change this unless you need to!).
Setup
Prerequisites:
dockeranddocker-compose(Alpine: community repository; https://docs.genesys.com/Documentation/System/8.5.x/DDG/InstallationofDockeronAlpineLinux),git, andcurlare installed (Alpine:apk add). You may also want to make docker run at boot:rc-update add docker boot.eth0is the LAN or WAN interface supporting external routing, DNS, etc., and is the birdged interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/16) through ittunandtapare in/etc/modulesto load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards.sigilis installed (curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.5.0/sigil_0.5.0_$(uname -sm|tr ' ' '_').tgz" | tar -zxC /usr/local/bin)- IPv4 forwarding is on:
sysctl -w net.ipv4.ip_forward=1andiptables -P FORWARD ACCEPTare run (and persisted) to allow IP forwarding. Install: - Clone this repository:
git clone mkdir /etc/lixonet/- Fill out
/etc/lixonet/lixonet.conf(see: Configuration options) - Supply
/etc/lixonet/tinc.key - Run
chmod +x build.sh && ./build.shto deploy the stack on Docker.