{ // Private key: // Your confidentiality and data integrity depend on this key, keep it secret! "privateKey": "<<>>", // This key corresponds to the public key and ipv6 address: "publicKey": "<<>>", "ipv6": "<<>>", "authorizedPasswords": [ {"password": "<<>>", "user": "default-login"} ], "admin": { "bind": "127.0.0.1:11234", "password": "NONE" }, // Interfaces to connect to the switch core. "interfaces": { // The interface which connects over UDP/IP based VPN tunnel. "UDPInterface": [ { // Bind to this port. "bind": "0.0.0.0:2085", // Set the DSCP value for Qos. Default is 0. // "dscp": 46, // Nodes to connect to (IPv4 only). "connectTo": { "92.241.12.189:22569": { "password": "6mDHySCSJYVgyJqphpgnokqKrCq045mF", "publicKey": "9qz459vnkb1v36ypq84m29g2q7dn8gndg9bh0w1499urnkx9nmt0.k", "peerName": "h.start-com.ru", "Contact": "vvk@start-com.ru" }, "173.208.215.53:6129": { "login": "public", "password":"wvmrnb31sgtw03d73buyjybwr6vrw1z", "publicKey":"p2r0nst699p2gc9cztcmkr5z05522h51jvj5xw7z4x135cz4j9p0.k", "peerName":"Don't Sell.Me" }, "198.199.124.143:27313": { "contact": "kasm@kasm.eu", "location": "Europe/Amsterdam", "login": "public-peer", "password": "9md1m1sntffbrkq1brb85rw312fr5gb", "peerName": "h.kasm.eu", "publicKey": "g34d0nbyltxj3sqnc0t5gps32ks4tyl3m9w9qzpk832f9dmp6fh0.k" }, "192.169.7.142:14400":{ "contact":"Igel@hyperboria.ca", "gpg":"A84DFFE62B451511", "password":"alfa-charlie-alfa-bravo", "peerName":"igel-losangeles", "publicKey":"mh9m0411cfcg7xhdc8n6ckls1tjgnvvbdfzdgqf5196tfkw96rr0.k" }, "138.68.245.159:50505":{ "contact":"chapman.shoop@riseup.net", "login":"public-peer", "password":"7ztkh2m3p97z0fcyn50wmtx863n6b3j", "peerName":"salesforce-tower", "publicKey":"6d2kt2hbcp7v0pw9q6f1u2s039kfnt4m4123rjxg26hsgrc12v80.k" }, "162.254.117.11:8351":{ "contact":"cornfeedhobo@fuzzlabs.org", "gpg":"6610FE2B6BD98C42", "location":"Chicago, IL, USA", "login":"public-access", "password":"39XBepVM7TxGWAoROgUzixlbAnkh7WRY", "peerName":"vishnu", "publicKey":"dhndkly9mhmckbcrb1rgl051ty9fg5zq0tmnms8wxns08fu7kvv0.k" }, "192.34.85.155:2359":{ "contact":"Igel@hyperboria.ca", "gpg":"A84DFFE62B451511", "password":"alfa-charlie-alfa-bravo", "peerName":"igel-boston", "publicKey":"rdxg1nzvmjdj4fyguqydmnl659p7m3x26r6un4ql966q4xt988j0.k" }, "104.200.29.163:53053":{ "contact":"ansuz@transitiontech.ca", "gpg":"024A7C03E67ED8CF", "password":"cLjDBorhsYJUmJrESGueHsRY4HXcFyj", "peerName":"transitiontech", "publicKey":"1941p5k8qqvj17vjrkb9z97wscvtgc1vp8pv1huk5120cu42ytt0.k" }, "107.170.57.34:63472":{ "contact":"code@ventricle.us", "gpg":"7FE895160E3314027CD3B5D37392CF088BB4345C", "location":"digitalocean nyc2", "login":"public-peer", "password":"ppm6j89mgvss7uvtntcd9scy6166mwb", "peerName":"cord.ventricle.us", "publicKey":"1xkf13m9r9h502yuffsq1cg13s5648bpxrtf2c3xcq1mlj893s90.k" }, "185.140.54.73:30800":{ "contact":"iczero4@gmail.com", "gpg":"613CE9DA0E9A3F70EC97760E4BAC4EBB8461FC7E", "login":"public", "password":"fwlmbx2f3udkd0ymknq4pwwgu2bjklx", "peerName":"ic2.hellomouse.cf", "publicKey":"c15sfmskdpmj2qw5lfvgfuzggyyk1bjzj4lu3yf6h1x2ckclwdd0.k" }, "173.62.245.186:55249":{ "contact":"natebrune@gmail.com", "country":"us", "gpg":"C95CE6BC6735BAD7", "ipv6":"fcda:9958:9093:49f2:2677:6df6:2a5a:b01d", "password":"Public", "peerName":"NAT", "publicKey":"vgxqyputh4ldhxktg9msmr61pw938l0ymhkmryljsyzvmr0dtwy0.k", "website":"https://github.com/NateBrune" }, "198.58.100.240:22237":{ "contact":"jhj@trnsz.com", "login":"default-login", "password":"pqr5brz16vzzu6vhjuj7tv3n078kr5f", "peerName":"trnsz", "publicKey":"ubbtkp0txwjh44v8kkznvhjqqwr1hd2jzv5ms9zlkfk25svxvtg0.k" }, "149.56.98.167:3703":{ "contact":"code@ventricle.us", "gpg":"7FE895160E3314027CD3B5D37392CF088BB4345C", "location":"ovh beauharnois", "login":"public-peer", "password":"ppm6j89mgvss7uvtntcd9scy6166mwb", "peerName":"larynx.ventricle.us", "publicKey":"jg035j9hup776kwz1k4n0bwpggxp1qmts6t715x53g8vutxktzz0.k" }, "165.227.44.84:34838":{ "contact":"wattersm@watters.ws", "gpg":"E2A3328281D1DA0A08D34FC2058F0C51586CA8C6", "location":"Digital Ocean tor1", "login":"public-access", "password":"8n2w2qu2lfndhgx8xwgp18vyq7fhvux", "peerName":"linux1.tor1.watters.ws", "publicKey":"b465hml7z3g1vj22ktqdrc3z17mwjxl44cg0mj903n9vycxzqpv0.k" }, "149.56.19.79:55159":{ "contact":"infrastructure@stashcrypto.com", "login":"default-login", "password":"dgv86ktpblc2h4y93fsqpshcg2lbp5d", "peerName":"git.stashcrypto.net", "publicKey":"zbfurpx9n6whzwu6vrlfgmw8g56rmchfmhxxtpg0hwhl84vqf1y0.k" }, "158.69.119.35:9218":{ "contact":"infrastructure@stashcrypto.com", "login":"default-login", "password":"w5huch4mn6tkgfp3j9sr8p8r13j3j33", "peerName":"seed.stashcrypto.net", "publicKey":"rzg61b3fsb675732g5rn8g1x61ypm1z7402n072qmrbbhgzm93f0.k" }, } }, { // Bind to this port. "bind": "[::]:2085", // Set the DSCP value for Qos. Default is 0. // "dscp": 46, // Nodes to connect to (IPv6 only). "connectTo": { "[2602:ff65:0:1::fc00]:2359":{ "contact":"Igel@hyperboria.ca", "gpg":"A84DFFE62B451511", "password":"alfa-charlie-alfa-bravo", "peerName":"igel-boston", "publicKey":"rdxg1nzvmjdj4fyguqydmnl659p7m3x26r6un4ql966q4xt988j0.k" }, "[2604:a880:0:1010::f:4001]:63472":{ "contact":"code@ventricle.us", "gpg":"7FE895160E3314027CD3B5D37392CF088BB4345C", "location":"digitalocean nyc2", "login":"public-peer", "password":"ppm6j89mgvss7uvtntcd9scy6166mwb", "peerName":"cord.ventricle.us", "publicKey":"1xkf13m9r9h502yuffsq1cg13s5648bpxrtf2c3xcq1mlj893s90.k" }, "[2a05:dfc7:dfc8:1d3::1]:30800":{ "contact":"iczero4@gmail.com", "gpg":"613CE9DA0E9A3F70EC97760E4BAC4EBB8461FC7E", "login":"public", "password":"fwlmbx2f3udkd0ymknq4pwwgu2bjklx", "peerName":"ic2.hellomouse.cf", "publicKey":"c15sfmskdpmj2qw5lfvgfuzggyyk1bjzj4lu3yf6h1x2ckclwdd0.k" }, "[2607:5300:61:44f::]:55159":{ "contact":"infrastructure@stashcrypto.com", "login":"default-login", "password":"dgv86ktpblc2h4y93fsqpshcg2lbp5d", "peerName":"git.stashcrypto.net", "publicKey":"zbfurpx9n6whzwu6vrlfgmw8g56rmchfmhxxtpg0hwhl84vqf1y0.k" } } } ] , "ETHInterface": [ // Alternatively bind to just one device and either beacon and/or // connect to a specified MAC address { // Bind to this device (interface name, not MAC) // "all" is a pseudo-name which will try to connect to all devices. "bind": "all", // Auto-connect to other cjdns nodes on the same network. // Options: // // 0 -- Disabled. // // 1 -- Accept beacons, this will cause cjdns to accept incoming // beacon messages and try connecting to the sender. // // 2 -- Accept and send beacons, this will cause cjdns to broadcast // messages on the local network which contain a randomly // generated per-session password, other nodes which have this // set to 1 or 2 will hear the beacon messages and connect // automatically. // "beacon": 2, // Node(s) to connect to manually // Note: does not work with "all" pseudo-device-name "connectTo": { // Credentials for connecting look similar to UDP credentials // except they begin with the mac address, for example: // "01:02:03:04:05:06":{"password":"a","publicKey":"b"} } } ] }, // Configuration for the router. "router": { // supernodes, if none are specified they'll be taken from your peers "supernodes": [ //"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k", ] // The interface which is used for connecting to the cjdns network. "interface": { // The type of interface (only TUNInterface is supported for now) "type": "TUNInterface" // The type of tunfd (only "android" for now) // If "android" here, the tunDevice should be used as the pipe path // to transfer the tun file description. // "tunfd" : "android" // The name of a persistent TUN device to use. // This for starting cjdroute as its own user. // *MOST USERS DON'T NEED THIS* //"tunDevice": "tun0" }, // System for tunneling IPv4 and ICANN IPv6 through cjdns. // This is using the cjdns switch layer as a VPN carrier. "ipTunnel": { // Nodes allowed to connect to us. // When a node with the given public key connects, give them the // ip4 and/or ip6 addresses listed. "allowedConnections": [ // Give the client an address on 192.168.1.0/24, and an address // it thinks has all of IPv6 behind it. // ip4Prefix is the set of addresses which are routable from the tun // for example, if you're advertizing a VPN into a company network // which exists in 10.123.45.0/24 space, ip4Prefix should be 24 // default is 32 for ipv4 and 128 for ipv6 // so by default it will not install a route // ip4Alloc is the block of addresses which are allocated to the // for example if you want to issue 4 addresses to the client, those // being 192.168.123.0 to 192.168.123.3, you would set this to 30 // default is 32 for ipv4 and 128 for ipv6 (1 address) // { // "publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k", // "ip4Address": "192.168.1.24", // "ip4Prefix": 0, // "ip4Alloc": 32, // "ip6Address": "2001:123:ab::10", // "ip6Prefix": 0 // "ip6Alloc": 64, // }, // It's ok to only specify one address and prefix/alloc are optional. // { // "publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k", // "ip4Address": "192.168.1.25", // "ip4Prefix": 0, // } ], "outgoingConnections": [ // Connect to one or more machines and ask them for IP addresses. // "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k", // "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k", // "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k" ] } }, // Dropping permissions. // In the event of a serious security exploit in cjdns, leak of confidential // network traffic and/or keys is highly likely but the following rules are // designed to prevent the attack from spreading to the system on which cjdns // is running. // Counter-intuitively, cjdns is *more* secure if it is started as root because // non-root users do not have permission to use chroot or change usernames, // limiting the effectiveness of the mitigations herein. "security": [ // Change the user id to sandbox the cjdns process after it starts. // If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses // and ETHInterface will be unable to hot-add new interfaces // Use { "setuser": 0 } to disable. // Default: enabled with keepNetAdmin { "setuser": "nobody", "keepNetAdmin": 1 }, // Chroot changes the filesystem root directory which cjdns sees, blocking it // from accessing files outside of the chroot sandbox, if the user does not // have permission to use chroot(), this will fail quietly. // Use { "chroot": 0 } to disable. // Default: enabled (using "/var/run") { "chroot": "/var/run/" }, // Nofiles is a deprecated security feature which prevents cjdns from opening // any files at all, using this will block setting of IP addresses and // hot-adding ETHInterface devices but for users who do not need this, it // provides a formidable sandbox. // Default: disabled { "nofiles": 0 }, // Noforks will prevent cjdns from spawning any new processes or threads, // this prevents many types of exploits from attacking the wider system. // Default: enabled { "noforks": 1 }, // Seccomp is the most advanced sandboxing feature in cjdns, it uses // SECCOMP_BPF to filter the system calls which cjdns is able to make on a // linux system, strictly limiting it's access to the outside world // This will fail quietly on any non-linux system // Default: enabled { "seccomp": 1 }, // The client sets up the core using a sequence of RPC calls, the responses // to these calls are verified but in the event that the client crashes // setup of the core completes, it could leave the core in an insecure state // This call constitutes the client telling the core that the security rules // have been fully applied and the core may run. Without it, the core will // exit within a few seconds with return code 232. // Default: enabled { "setupComplete": 1 } ], // Logging "logging": { // Uncomment to have cjdns log to stdout rather than making logs available // via the admin socket. // "logTo":"stdout" }, // If set to non-zero, cjdns will not fork to the background. // Recommended for use in conjunction with "logTo":"stdout". "noBackground":0 // Pipe file will store in this path, recommended value: /tmp (for unix), // \\.\pipe (for windows) // /data/local/tmp (for rooted android) // /data/data/AppName (for non-root android) // This only needs to be specified if cjdroute's guess is incorrect // "pipe":"/tmp" }