Difference between revisions of "Manual Gateway Configuration"
(Add mm-cli instructions for clients.) |
m (Move client-side mm-cli instructions to client section.) |
||
Line 4: | Line 4: | ||
= Gateway Server Configuration = | = Gateway Server Configuration = | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Manual Configuration == | == Manual Configuration == | ||
Line 50: | Line 39: | ||
= Gateway Client Configuration = | = Gateway Client Configuration = | ||
+ | |||
+ | == Using mm-cli == | ||
+ | |||
+ | This method will work as long as you connect your client device to the Internet during the install. | ||
+ | <pre> | ||
+ | opkg update | ||
+ | opkg install python3-pip | ||
+ | pip install mm-cli | ||
+ | alias mm="python -m mm_cli | ||
+ | mm cl setgateway d5ce5d9e98bf9d5031c0e78a64339915b71e77b808830a719241afb7dd6c8c25 10.42.0.{Client_IP}/24 10.42.0.1 | ||
+ | </pre> | ||
+ | |||
+ | == Manual Configuration == | ||
Add <code>0.0.0.0/0</code> to <code>IPv4LocalSubnets</code> and enable <code>TunnelRouting</code> in <code>/etc/yggdrasil.conf</code> | Add <code>0.0.0.0/0</code> to <code>IPv4LocalSubnets</code> and enable <code>TunnelRouting</code> in <code>/etc/yggdrasil.conf</code> |
Revision as of 13:27, 24 May 2020
Contents
Gateway Server Configuration
Manual Configuration
Add 0.0.0.0/0
to IPv4LocalSubnets
and enable TunnelRouting
in /etc/yggdrasil.conf
TunnelRouting: { # Enable or disable tunnel routing. Enable: true # IPv4 subnets belonging to this node's end of the tunnels. Only traffic # from these ranges will be tunnelled. IPv4LocalSubnets: [ 0.0.0.0/0 ] }
Restart yggdrasil with systemctl restart yggdrasil.service
or service yggdrasil restart
Assign an IP/subnet to the yggdrasil interface (tun0
or ygg0
)
ip addr add 10.42.0.1/16 dev tun0
For every node using the gateway, pick an IP address in the previous subnet and inform yggdrasil of the public key of the node to be associated with the chosen IP
yggdrasilctl addremotesubnet subnet=10.42.0.10/32 box_pub_key=<client_public_key>
Finally, add iptables rules to route / forward traffic to the internet. Replace eth0 with the WAN interface of the gateway
iptables -A FORWARD -i eth0 -j ACCEPT iptables -A FORWARD -o eth0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 | tee /proc/sys/net/ipv4/ip_forward
Gateway Client Configuration
Using mm-cli
This method will work as long as you connect your client device to the Internet during the install.
opkg update opkg install python3-pip pip install mm-cli alias mm="python -m mm_cli mm cl setgateway d5ce5d9e98bf9d5031c0e78a64339915b71e77b808830a719241afb7dd6c8c25 10.42.0.{Client_IP}/24 10.42.0.1
Manual Configuration
Add 0.0.0.0/0
to IPv4LocalSubnets
and enable TunnelRouting
in /etc/yggdrasil.conf
TunnelRouting: { # Enable or disable tunnel routing. Enable: true # IPv4 subnets belonging to this node's end of the tunnels. Only traffic # from these ranges will be tunnelled. IPv4LocalSubnets: [ 0.0.0.0/0 ] }
Restart yggdrasil with systemctl restart yggdrasil.service
or service yggdrasil restart
Add the IP address allocated on the gateway for this node to the yggdrasil interface
ip addr add 10.42.0.10/16 dev ygg0
Inform yggdrasil of the gateway node's public key
yggdrasilctl addremotesubnet subnet=0.0.0.0/0 box_pub_key=<gateway_public_key>
If the client device is connected to WAN, add routes to each yggdrasil peer's IP address to override the default route. Replace <peer_ip>
with the IP address of the yggdrasil peer (likely found in yggdrasil.conf), replace <wan_gw>
with the IP address of the router or gateway the client device is connected to (likely 192.168.1.1), and replace <wan_dev>
with the interface name of the WAN port on the client device. Do this for every peer yggdrasil is configured to use.
ip ro add <peer_ip> via <wan_gw> dev <wan_dev>
Finally, replace the default route with one pointing to the gateway node's tunnel IP
ip ro replace default via 10.42.0.1
Diagnostics Commands
tcpdump -nqi any net 4.2.2.1 ip a | grep 200 # think metric as in "cost" -> higher is lower priority ip route del default via 192.168.42.1 dev enp0s25 ip route del default via 192.168.42.1 dev enp0s25 metric 700 ./build -d # build w/ debug flag env PPROFLISTEN=localhost:6060 ./yggdrasil -useconffile /etc/yggdrasil/yggdrasil.conf http://localhost:6060/debug/pprof/ ./yggdrasilctl -v getself