4.3 KiB
4.3 KiB
Lixonet Enterprise Edition (LIXONET 3)
This is the semi-official, testing Lixonet EE repository.
Custom configurations should be supplied in a lixonet.conf
file in the name=value
format, such as your subnet. Additionally, a tinc keypair is also be required.
Generating keypairs for tinc (tinc.key
):
Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html
Run: tincd -n lixonet -K
Configuration options
All options are supplied in the name=value
format on individual lines, i.e. name=test_name_lixo
Required options
You MUST specify these options, or Lixonet will not work.
Network options
name
- The global neighbor name. Tinc and Bird use this to identify a peer in the network, and to exclude your own pre-packed config automagically from Tinc and BIRD dialing out so you don't connect to yourself over and over again.address
- The router address to use. This is your Lixonet routing layer address: 172.xxx.0.xxxnetwork_address
- The network address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's:0.0
-- it MUST end with zeros corresponding to the network size)asn
- The BGP ASN to use. We usually follow the format4206969XXX
where XXX is the last octet of youraddress
, zero-padded (i.e. 008 or 212)
Tinc options
tinc_bind_address
- OPTIONAL: The address that Tinc should bind to to listen for incoming WAN-sided connections (i.e. 10.0.0.1). This is not the tunnel IP.tinc_connect_to
- OPTIONAL: A comma-separated list of well-known/pre-defined hosts to connect to (i.e.denco_mane_lixo
). If not supplied, this is automatically set to all core routers that aren't yourself (name
).
Non-required options:
Network options
global_prefix
: global network prefix: defaults to16
.router_prefix
: router network prefix: defaults to24
. If you change this you SHOULD changenetmask
too.netmask
: router netmask: defaults to255.255.255.0
(/24
); SHOULD be the bitmask that corresponds to therouter_prefix
BGP
For options we expose here, for information see: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3
bgp_path_metric
: Enable comparison of path lengths when deciding which BGP route is the best one (0
or1
): defaults to1
bgp_aigp
: BGP AIGP state (enable
,disable
, ororiginate
): defaults tooriginate
(see BIRD documentation)bgp_rpki_retry
: If RPKI cache data cannot be obtained, the time period in seconds between a failed query the next attempt. Defaults to90
.bgp_rpki_refresh
: How long to wait in seconds before attempting to poll RPKI cache data after the last successful poll. Defaults to900
.bgp_rpki_expire
: How long to keep any records locally cached before they are deleted. Defaults to172800
(2 days).bgp_rpki_known_hosts
: The file path for the SSH keyknown_hosts
file to use when validating remote RPKI hosts. Defaults to/etc/bird/rpki/known_hosts
(provided by Lixonet; don't change this unless you need to!).
Setup
Prerequisites:
docker
anddocker-compose
(Alpine: community repository; https://docs.genesys.com/Documentation/System/8.5.x/DDG/InstallationofDockeronAlpineLinux),git
, andcurl
are installed (Alpine:apk add
). You may also want to make docker run at boot:rc-update add docker boot
.eth0
is the LAN or WAN interface supporting external routing, DNS, etc., and is the birdged interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/16) through ittun
andtap
are in/etc/modules
to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards.sigil
is installed (curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.5.0/sigil_0.5.0_$(uname -sm|tr ' ' '_').tgz" | tar -zxC /usr/local/bin
)- IPv4 forwarding is on:
sysctl -w net.ipv4.ip_forward=1
andiptables -P FORWARD ACCEPT
are run (and persisted) to allow IP forwarding. Install: - Clone this repository:
git clone
mkdir /etc/lixonet/
- Fill out
/etc/lixonet/lixonet.conf
(see: Configuration options) - Supply
/etc/lixonet/tinc.key
- Run
chmod +x build.sh && ./build.sh
to deploy the stack on Docker.