cwinfo/yggdrasil-network.github.io
5
0
Fork 0
mirror of https://github.com/cwinfo/yggdrasil-network.github.io.git synced 2025-02-28 21:01:33 +00:00
Code Releases Activity

Update 2018-11-06-crypto-key-routing.md

Browse Source
This commit is contained in:
Neil Alexander 2019-11-03 21:45:34 +00:00 committed by GitHub
parent fbc16787c4
commit 71ec4e47da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
_posts/2018-11-06-crypto-key-routing.md
View File

@ -33,25 +33,25 @@ is released:
TunnelRouting: TunnelRouting:
{ {
Enable: false Enable: false
IPv6Destinations: {} IPv6RemoteSubnets: {}
IPv6Sources: [] IPv6LocalSubnets: []
IPv4Destinations: {} IPv4RemoteSubnets: {}
IPv4Sources: [] IPv4LocalSubnets: []
} }
``` ```
The `IPv6Destinations` and `IPv4Destinations` options are used to specify The `IPv6RemoteSubnets` and `IPv4RemoteSubnets` options are used to specify
crypto-key routes. The subnet refers to an encryption public key of another crypto-key routes. The subnet refers to an encryption public key of another
node, for example: node, for example:
``` ```
IPv6Destinations: { IPv6RemoteSubnets: {
"fd64:642b:1a20::/48": "ef78da7fc983c6c210609529921a701ca3e43fa5cfd79f5f20cc67bf66e45c1a", "fd64:642b:1a20::/48": "ef78da7fc983c6c210609529921a701ca3e43fa5cfd79f5f20cc67bf66e45c1a",
"fd25:8a33:9311:a53b::/64": "417fd0a66a104f050ae3544b3bc03eeb3648dded4a8c1fb085d65ffa25e83d6e" "fd25:8a33:9311:a53b::/64": "417fd0a66a104f050ae3544b3bc03eeb3648dded4a8c1fb085d65ffa25e83d6e"
} }
``` ```
As with a typical routing table, more specific routes are preferred. As with a typical routing table, more specific routes are preferred.
The `IPv6Sources` and `IPv4Sources` options are used to specify which source The `IPv6LocalSubnets` and `IPv4LocalSubnets` options are used to specify which source
addresses are eligible to be routed across a tunnel. For IPv6, this is optional addresses are eligible to be routed across a tunnel. For IPv6, this is optional
as each Yggdrasil node already has an address and a routed subnet, and these are as each Yggdrasil node already has an address and a routed subnet, and these are
always allowed as source addresses. Specifying additional source addresses means always allowed as source addresses. Specifying additional source addresses means
@ -63,32 +63,32 @@ mandatory as Yggdrasil nodes do not have IPv4 addresses by default.
Assume that node A is `a.a.a.a/24` and `aaaa:aaaa:aaaa:aaaa::/64` and node B is `b.b.b.b/24` and `bbbb:bbbb:bbbb:bbbb::/64`. On node A, use the following `TunnelRouting` configuration: Assume that node A is `a.a.a.a/24` and `aaaa:aaaa:aaaa:aaaa::/64` and node B is `b.b.b.b/24` and `bbbb:bbbb:bbbb:bbbb::/64`. On node A, use the following `TunnelRouting` configuration:
``` ```
Enable: true Enable: true
IPv6Destinations: { IPv6RemoteSubnets: {
"bbbb:bbbb:bbbb:bbbb::/64": "xxxxxxxxxxxxxx" "bbbb:bbbb:bbbb:bbbb::/64": "xxxxxxxxxxxxxx"
} }
IPv6Sources: { IPv6LocalSubnets: {
aaaa:aaaa:aaaa:aaaa::/64 aaaa:aaaa:aaaa:aaaa::/64
} }
IPv4Destinations: { IPv4RemoteSubnets: {
"b.b.b.b/24": "xxxxxxxxxxxxxx" "b.b.b.b/24": "xxxxxxxxxxxxxx"
} }
IPv4Sources: { IPv4LocalSubnets: {
a.a.a.a/24 a.a.a.a/24
} }
``` ```
On node B, use the reverse `TunnelRouting` configuration: On node B, use the reverse `TunnelRouting` configuration:
``` ```
Enable: true Enable: true
IPv6Destinations: { IPv6RemoteSubnets: {
"aaaa:aaaa:aaaa:aaaa::/64": "xxxxxxxxxxxxxx" "aaaa:aaaa:aaaa:aaaa::/64": "xxxxxxxxxxxxxx"
} }
IPv6Sources: { IPv6LocalSubnets: {
bbbb:bbbb:bbbb:bbbb::/64 bbbb:bbbb:bbbb:bbbb::/64
} }
IPv4Destinations: { IPv4RemoteSubnets: {
"a.a.a.a/24": "xxxxxxxxxxxxxx" "a.a.a.a/24": "xxxxxxxxxxxxxx"
} }
IPv4Sources: { IPv4LocalSubnets: {
b.b.b.b/24 b.b.b.b/24
} }
``` ```