nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
158 Commits 1 Branch 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Lixonet Enterprise Edition (LIXONET 3)

This is the semi-official, testing Lixonet EE repository.

Custom configurations should be supplied in a lixonet.conf file in the name=value format, such as your subnet. Additionally, a tinc keypair is also be required.

Generating keypairs for tinc (tinc.key):

Source: https://www.tinc-vpn.org/documentation/Generating-keypairs.html

Run: tincd -n lixonet -K

Configuration options

All options are supplied in the name=value format on individual lines, i.e. name=test_name_lixo

Required options

You MUST specify these options, or Lixonet will not work.

Network options

  • name - The global neighbor name. Tinc and Bird use this to identify a peer in the network, and to exclude your own pre-packed config automagically from Tinc and BIRD dialing out so you don't connect to yourself over and over again.
  • address - The router address to use. This is your Lixonet routing layer address: 172.xxx.0.xxx
  • network_address - The network address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: 0.0 -- it MUST end with zeros corresponding to the network size)
  • asn - The BGP ASN to use. We usually follow the format 4206969XXX where XXX is the last octet of your address, zero-padded (i.e. 008 or 212)

Non-required options:

Tinc options

  • tinc_bind_address - The address that Tinc should bind to to listen for incoming WAN-sided connections (i.e. 10.0.0.1). This is not the tunnel IP.
  • tinc_connect_to - A comma-separated list of well-known/pre-defined hosts to connect to (i.e. denco_mane_lixo). If not supplied, this is automatically set to all core routers that aren't yourself (name). Use this if you have an eth1 that you don't want to use for binding tinc to, and would prefer to bind tinc to eth0 instead.

Network options

  • global_prefix: global network prefix: defaults to 16.
  • router_prefix: router network prefix: defaults to 24. If you change this you SHOULD change netmask too.
  • netmask: router netmask: defaults to 255.255.255.0 (/24); SHOULD be the bitmask that corresponds to the router_prefix

BGP

For options we expose here, for information see: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.3

  • bgp_path_metric: Enable comparison of path lengths when deciding which BGP route is the best one (0 or 1): defaults to 1
  • bgp_aigp: BGP AIGP state (enable, disable, or originate): defaults to originate (see BIRD documentation)
  • bgp_rpki_retry: If RPKI cache data cannot be obtained, the time period in seconds between a failed query the next attempt. Defaults to 90.
  • bgp_rpki_refresh: How long to wait in seconds before attempting to poll RPKI cache data after the last successful poll. Defaults to 900.
  • bgp_rpki_expire: How long to keep any records locally cached before they are deleted. Defaults to 172800 (2 days).
  • bgp_rpki_known_hosts: The file path for the SSH key known_hosts file to use when validating remote RPKI hosts. Defaults to /etc/bird/rpki/known_hosts (provided by Lixonet; don't change this unless you need to!).

Setup

Prerequisites:

  1. docker and docker-compose (Alpine: community repository; https://docs.genesys.com/Documentation/System/8.5.x/DDG/InstallationofDockeronAlpineLinux), git, and curl are installed (Alpine: apk add). You may also want to make docker run at boot: rc-update add docker boot.
  2. eth0 is the LAN or WAN interface supporting external routing, DNS, etc., and is the bridged interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/21) through it. You may also have an eth1 (and so on, so forth) that you statically configure for your entire, wide subnet (i.e. x.x.0.0/21) if you want to use two physical adapters.
  3. tun and tap are in /etc/modules to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards.
  4. sigil is installed (curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.5.0/sigil_0.5.0_$(uname -sm|tr ' ' '_').tgz" | tar -zxC /usr/local/bin)
  5. IPv4 forwarding is on: sysctl -w net.ipv4.ip_forward=1 and iptables -P FORWARD ACCEPT are run (and persisted) to allow IP forwarding.

Install:

  1. Clone this repository: git clone
  2. mkdir /etc/lixonet/
  3. Fill out /etc/lixonet/lixonet.conf (see: Configuration options)
  4. Supply /etc/lixonet/tinc.key
  5. Run chmod +x build.sh && ./build.sh to deploy the stack on Docker.
Description
No description provided
Readme 498 KiB
Languages
Shell 96.6%
Dockerfile 3.4%