cwinfo/yggdrasil-network.github.io
5
0
Fork 0
mirror of https://github.com/cwinfo/yggdrasil-network.github.io.git synced 2024-11-09 16:50:31 +00:00
Code Releases Activity

Update 2018-11-06-crypto-key-routing.md

Browse Source
This commit is contained in:
Neil Alexander 2019-11-03 21:45:34 +00:00 committed by GitHub
parent fbc16787c4
commit 71ec4e47da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
_posts/2018-11-06-crypto-key-routing.md
View File

@ -33,25 +33,25 @@ is released:
TunnelRouting:
{
Enable: false
IPv6Destinations: {}
IPv6Sources: []
IPv4Destinations: {}
IPv4Sources: []
IPv6RemoteSubnets: {}
IPv6LocalSubnets: []
IPv4RemoteSubnets: {}
IPv4LocalSubnets: []
}
```
The `IPv6Destinations` and `IPv4Destinations` options are used to specify
The `IPv6RemoteSubnets` and `IPv4RemoteSubnets` options are used to specify
crypto-key routes. The subnet refers to an encryption public key of another
node, for example:
```
IPv6Destinations: {
IPv6RemoteSubnets: {
"fd64:642b:1a20::/48": "ef78da7fc983c6c210609529921a701ca3e43fa5cfd79f5f20cc67bf66e45c1a",
"fd25:8a33:9311:a53b::/64": "417fd0a66a104f050ae3544b3bc03eeb3648dded4a8c1fb085d65ffa25e83d6e"
}
```
As with a typical routing table, more specific routes are preferred.
The `IPv6Sources` and `IPv4Sources` options are used to specify which source
The `IPv6LocalSubnets` and `IPv4LocalSubnets` options are used to specify which source
addresses are eligible to be routed across a tunnel. For IPv6, this is optional
as each Yggdrasil node already has an address and a routed subnet, and these are
always allowed as source addresses. Specifying additional source addresses means
@ -63,32 +63,32 @@ mandatory as Yggdrasil nodes do not have IPv4 addresses by default.
Assume that node A is `a.a.a.a/24` and `aaaa:aaaa:aaaa:aaaa::/64` and node B is `b.b.b.b/24` and `bbbb:bbbb:bbbb:bbbb::/64`. On node A, use the following `TunnelRouting` configuration:
```
Enable: true
IPv6Destinations: {
IPv6RemoteSubnets: {
"bbbb:bbbb:bbbb:bbbb::/64": "xxxxxxxxxxxxxx"
}
IPv6Sources: {
IPv6LocalSubnets: {
aaaa:aaaa:aaaa:aaaa::/64
}
IPv4Destinations: {
IPv4RemoteSubnets: {
"b.b.b.b/24": "xxxxxxxxxxxxxx"
}
IPv4Sources: {
IPv4LocalSubnets: {
a.a.a.a/24
}
```
On node B, use the reverse `TunnelRouting` configuration:
```
Enable: true
IPv6Destinations: {
IPv6RemoteSubnets: {
"aaaa:aaaa:aaaa:aaaa::/64": "xxxxxxxxxxxxxx"
}
IPv6Sources: {
IPv6LocalSubnets: {
bbbb:bbbb:bbbb:bbbb::/64
}
IPv4Destinations: {
IPv4RemoteSubnets: {
"a.a.a.a/24": "xxxxxxxxxxxxxx"
}
IPv4Sources: {
IPv4LocalSubnets: {
b.b.b.b/24
}
```