Difference between revisions of "Gateway Configuration"

Jump to navigation Jump to search
m
(Add mm-cli instructions for clients.)
Line 3: Line 3:
 
{{Info|Our gateway's public key is d5ce5d9e98bf9d5031c0e78a64339915b71e77b808830a719241afb7dd6c8c25. After coordinating with [mailto:lurker@riseup.net our gateway operator], you will get an IPv4 address necessary to complete the [[#Gateway Client Configuration]] steps.}}
 
{{Info|Our gateway's public key is d5ce5d9e98bf9d5031c0e78a64339915b71e77b808830a719241afb7dd6c8c25. After coordinating with [mailto:lurker@riseup.net our gateway operator], you will get an IPv4 address necessary to complete the [[#Gateway Client Configuration]] steps.}}
  
= Diagnostics Commands =
+
= Gateway Server Configuration =
 +
 
 +
== Using mm-cli ==
  
tcpdump -nqi any net 4.2.2.1
+
This method will work as long as you connect your client device to the Internet during the install.
ip a | grep 200
+
<pre>
# think metric as in "cost" -> higher is lower priority
+
opkg update
ip route del default via 192.168.42.1 dev enp0s25
+
opkg install python3-pip
ip route del default via 192.168.42.1 dev enp0s25 metric 700
+
pip install mm-cli
./build -d # build w/ debug flag
+
alias mm="python -m mm_cli
env PPROFLISTEN=localhost:6060 ./yggdrasil -useconffile /etc/yggdrasil/yggdrasil.conf
+
mm cl setgateway d5ce5d9e98bf9d5031c0e78a64339915b71e77b808830a719241afb7dd6c8c25 10.42.0.{Client_IP}/24 10.42.0.1
http://localhost:6060/debug/pprof/
+
</pre>
./yggdrasilctl -v getself
 
  
= Gateway Server Configuration =
+
== Manual Configuration ==
  
 
Add <code>0.0.0.0/0</code> to <code>IPv4LocalSubnets</code> and enable <code>TunnelRouting</code> in <code>/etc/yggdrasil.conf</code>
 
Add <code>0.0.0.0/0</code> to <code>IPv4LocalSubnets</code> and enable <code>TunnelRouting</code> in <code>/etc/yggdrasil.conf</code>
Line 81: Line 82:
  
 
  ip ro replace default via 10.42.0.1
 
  ip ro replace default via 10.42.0.1
 +
 +
= Diagnostics Commands =
 +
 +
tcpdump -nqi any net 4.2.2.1
 +
ip a | grep 200
 +
# think metric as in "cost" -> higher is lower priority
 +
ip route del default via 192.168.42.1 dev enp0s25
 +
ip route del default via 192.168.42.1 dev enp0s25 metric 700
 +
./build -d # build w/ debug flag
 +
env PPROFLISTEN=localhost:6060 ./yggdrasil -useconffile /etc/yggdrasil/yggdrasil.conf
 +
http://localhost:6060/debug/pprof/
 +
./yggdrasilctl -v getself

Revision as of 14:26, 24 May 2020


Note: Our gateway's public key is d5ce5d9e98bf9d5031c0e78a64339915b71e77b808830a719241afb7dd6c8c25. After coordinating with our gateway operator, you will get an IPv4 address necessary to complete the #Gateway Client Configuration steps.

Gateway Server Configuration

Using mm-cli

This method will work as long as you connect your client device to the Internet during the install.

opkg update
opkg install python3-pip
pip install mm-cli
alias mm="python -m mm_cli
mm cl setgateway d5ce5d9e98bf9d5031c0e78a64339915b71e77b808830a719241afb7dd6c8c25 10.42.0.{Client_IP}/24 10.42.0.1

Manual Configuration

Add 0.0.0.0/0 to IPv4LocalSubnets and enable TunnelRouting in /etc/yggdrasil.conf

TunnelRouting:
{
  # Enable or disable tunnel routing.
  Enable: true
  # IPv4 subnets belonging to this node's end of the tunnels. Only traffic  
  # from these ranges will be tunnelled.
  IPv4LocalSubnets:
  [
    0.0.0.0/0
  ]
}

Restart yggdrasil with systemctl restart yggdrasil.service or service yggdrasil restart

Assign an IP/subnet to the yggdrasil interface (tun0 or ygg0)

ip addr add 10.42.0.1/16 dev tun0

For every node using the gateway, pick an IP address in the previous subnet and inform yggdrasil of the public key of the node to be associated with the chosen IP

yggdrasilctl addremotesubnet subnet=10.42.0.10/32 box_pub_key=<client_public_key>

Finally, add iptables rules to route / forward traffic to the internet. Replace eth0 with the WAN interface of the gateway

iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT                                                      
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE                                       
echo 1 | tee /proc/sys/net/ipv4/ip_forward

Gateway Client Configuration

Add 0.0.0.0/0 to IPv4LocalSubnets and enable TunnelRouting in /etc/yggdrasil.conf

TunnelRouting:
{
  # Enable or disable tunnel routing.
  Enable: true
  # IPv4 subnets belonging to this node's end of the tunnels. Only traffic  
  # from these ranges will be tunnelled.
  IPv4LocalSubnets:
  [
    0.0.0.0/0
  ]
}

Restart yggdrasil with systemctl restart yggdrasil.service or service yggdrasil restart

Add the IP address allocated on the gateway for this node to the yggdrasil interface

ip addr add 10.42.0.10/16 dev ygg0

Inform yggdrasil of the gateway node's public key

yggdrasilctl addremotesubnet subnet=0.0.0.0/0 box_pub_key=<gateway_public_key>

If the client device is connected to WAN, add routes to each yggdrasil peer's IP address to override the default route. Replace <peer_ip> with the IP address of the yggdrasil peer (likely found in yggdrasil.conf), replace <wan_gw> with the IP address of the router or gateway the client device is connected to (likely 192.168.1.1), and replace <wan_dev> with the interface name of the WAN port on the client device. Do this for every peer yggdrasil is configured to use.

ip ro add <peer_ip> via <wan_gw> dev <wan_dev>

Finally, replace the default route with one pointing to the gateway node's tunnel IP

ip ro replace default via 10.42.0.1

Diagnostics Commands

tcpdump -nqi any net 4.2.2.1
ip a | grep 200
# think metric as in "cost" -> higher is lower priority
ip route del default via 192.168.42.1 dev enp0s25
ip route del default via 192.168.42.1 dev enp0s25 metric 700
./build -d # build w/ debug flag
env PPROFLISTEN=localhost:6060 ./yggdrasil -useconffile /etc/yggdrasil/yggdrasil.conf
http://localhost:6060/debug/pprof/
./yggdrasilctl -v getself