From 92365d477c14efa6cb75b66bc995ce5ce0d62da1 Mon Sep 17 00:00:00 2001 From: Alexander Ivanov Date: Sun, 18 Feb 2024 18:25:07 +0800 Subject: [PATCH] Add peering reference (#523) --- README.md | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 3bca5dc..1d667e6 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,11 @@ file. Example in `yggdrasil.conf`: ``` -Peers: -[ +Peers: [ tcp://a.b.c.d:e - tcp://d.c.b.a:e + tls://d.c.b.a:e tcp://[a:b:c::d]:e - tcp://[d:c:b::a]:e + tls://[d:c:b::a]:e ] ``` @@ -30,20 +29,30 @@ page to find public peers that are online. Always try to pick peers that are as close to you geographically as possible, as this will keep the latency of the network down. -If you are using a home connection then you should avoid peering with any nodes +If you are using a home connection, then you should avoid peering with any nodes that are far away, as you may end up carrying traffic for the rest of the network. For normal usage, you probably only need 2 or 3 peers. -### TLS peers +### Peering reference +URI format: `[protocol]://[host]:[port]?[options]` -As of Yggdrasil v0.3.11, peering connections over TLS are now possible. This hides -the peering connection inside a regular TLS session, which can help in some cases -where firewalls or deep packet inspection may identify or block regular Yggdrasil -peering traffic. +**Available protocols:** +- Cleartext TCP: `tcp://` +- TLS: `tls://` +- TCP over SOCKS5: `socks://[proxyhost]:[proxyport]/[host]:[port]` +- UNIX sockets: `unix://` +- QUIC (v0.5.0+): `quic://` +- TLS over SOCKS5 (v0.5.2+): `sockstls://[proxyhost]:[proxyport]/[host]:[port]` -TLS public peers are identified by the prefix `tls://` instead of `tcp://`. +Yggdrasil supports basic authentication for SOCKS5 using credentials in the URI like this: -Note that, due to the additional layer of encryption, performance via TLS peers -may be slightly worse than via regular `tcp://` peers. +`socks://[username]:[password]@[proxyhost]:[proxyport]/[host]:[port]` + +**Query options:** +- Public-key authentication: `?key=[publickey]` (can have multiple values) +- Custom SNI (for TLS/QUIC): `?sni=[domain]` (default is host if it's domain) +- Same-peer link priority: `?priority=[integer]` (default is 0, maximum 254 for lowest priority) +- Password authentication (v0.5.0+): `?password=[string]` (length up to 64 characters) +- Maximum back-off time (v0.5.5+): `?maxbackoff=[seconds]` (supports duration values like 5m, 1h etc)