You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
385 lines
14 KiB
Plaintext
385 lines
14 KiB
Plaintext
{
|
|
// Private key:
|
|
// Your confidentiality and data integrity depend on this key, keep it secret!
|
|
"privateKey": "<<<REDACTED>>>",
|
|
// This key corresponds to the public key and ipv6 address:
|
|
"publicKey": "<<<REDACTED>>>",
|
|
"ipv6": "<<<REDACTED>>>",
|
|
"authorizedPasswords":
|
|
[
|
|
{"password": "<<<REDACTED>>>", "user": "default-login"}
|
|
],
|
|
|
|
"admin":
|
|
{
|
|
"bind": "127.0.0.1:11234",
|
|
"password": "NONE"
|
|
},
|
|
|
|
// Interfaces to connect to the switch core.
|
|
"interfaces":
|
|
{
|
|
// The interface which connects over UDP/IP based VPN tunnel.
|
|
"UDPInterface":
|
|
[
|
|
{
|
|
// Bind to this port.
|
|
"bind": "0.0.0.0:2085",
|
|
// Set the DSCP value for Qos. Default is 0.
|
|
// "dscp": 46,
|
|
|
|
// Nodes to connect to (IPv4 only).
|
|
"connectTo":
|
|
{
|
|
"92.241.12.189:22569": {
|
|
"password": "6mDHySCSJYVgyJqphpgnokqKrCq045mF",
|
|
"publicKey": "9qz459vnkb1v36ypq84m29g2q7dn8gndg9bh0w1499urnkx9nmt0.k",
|
|
"peerName": "h.start-com.ru",
|
|
"Contact": "vvk@start-com.ru"
|
|
},
|
|
"173.208.215.53:6129": {
|
|
"login": "public",
|
|
"password":"wvmrnb31sgtw03d73buyjybwr6vrw1z",
|
|
"publicKey":"p2r0nst699p2gc9cztcmkr5z05522h51jvj5xw7z4x135cz4j9p0.k",
|
|
"peerName":"Don't Sell.Me"
|
|
},
|
|
"198.199.124.143:27313": {
|
|
"contact": "kasm@kasm.eu",
|
|
"location": "Europe/Amsterdam",
|
|
"login": "public-peer",
|
|
"password": "9md1m1sntffbrkq1brb85rw312fr5gb",
|
|
"peerName": "h.kasm.eu",
|
|
"publicKey": "g34d0nbyltxj3sqnc0t5gps32ks4tyl3m9w9qzpk832f9dmp6fh0.k"
|
|
},
|
|
"192.169.7.142:14400":{
|
|
"contact":"Igel@hyperboria.ca",
|
|
"gpg":"A84DFFE62B451511",
|
|
"password":"alfa-charlie-alfa-bravo",
|
|
"peerName":"igel-losangeles",
|
|
"publicKey":"mh9m0411cfcg7xhdc8n6ckls1tjgnvvbdfzdgqf5196tfkw96rr0.k"
|
|
},
|
|
"138.68.245.159:50505":{
|
|
"contact":"chapman.shoop@riseup.net",
|
|
"login":"public-peer",
|
|
"password":"7ztkh2m3p97z0fcyn50wmtx863n6b3j",
|
|
"peerName":"salesforce-tower",
|
|
"publicKey":"6d2kt2hbcp7v0pw9q6f1u2s039kfnt4m4123rjxg26hsgrc12v80.k"
|
|
},
|
|
"162.254.117.11:8351":{
|
|
"contact":"cornfeedhobo@fuzzlabs.org",
|
|
"gpg":"6610FE2B6BD98C42",
|
|
"location":"Chicago, IL, USA",
|
|
"login":"public-access",
|
|
"password":"39XBepVM7TxGWAoROgUzixlbAnkh7WRY",
|
|
"peerName":"vishnu",
|
|
"publicKey":"dhndkly9mhmckbcrb1rgl051ty9fg5zq0tmnms8wxns08fu7kvv0.k"
|
|
},
|
|
"192.34.85.155:2359":{
|
|
"contact":"Igel@hyperboria.ca",
|
|
"gpg":"A84DFFE62B451511",
|
|
"password":"alfa-charlie-alfa-bravo",
|
|
"peerName":"igel-boston",
|
|
"publicKey":"rdxg1nzvmjdj4fyguqydmnl659p7m3x26r6un4ql966q4xt988j0.k"
|
|
},
|
|
"104.200.29.163:53053":{
|
|
"contact":"ansuz@transitiontech.ca",
|
|
"gpg":"024A7C03E67ED8CF",
|
|
"password":"cLjDBorhsYJUmJrESGueHsRY4HXcFyj",
|
|
"peerName":"transitiontech",
|
|
"publicKey":"1941p5k8qqvj17vjrkb9z97wscvtgc1vp8pv1huk5120cu42ytt0.k"
|
|
},
|
|
"107.170.57.34:63472":{
|
|
"contact":"code@ventricle.us",
|
|
"gpg":"7FE895160E3314027CD3B5D37392CF088BB4345C",
|
|
"location":"digitalocean nyc2",
|
|
"login":"public-peer",
|
|
"password":"ppm6j89mgvss7uvtntcd9scy6166mwb",
|
|
"peerName":"cord.ventricle.us",
|
|
"publicKey":"1xkf13m9r9h502yuffsq1cg13s5648bpxrtf2c3xcq1mlj893s90.k"
|
|
},
|
|
"185.140.54.73:30800":{
|
|
"contact":"iczero4@gmail.com",
|
|
"gpg":"613CE9DA0E9A3F70EC97760E4BAC4EBB8461FC7E",
|
|
"login":"public",
|
|
"password":"fwlmbx2f3udkd0ymknq4pwwgu2bjklx",
|
|
"peerName":"ic2.hellomouse.cf",
|
|
"publicKey":"c15sfmskdpmj2qw5lfvgfuzggyyk1bjzj4lu3yf6h1x2ckclwdd0.k"
|
|
},
|
|
"173.62.245.186:55249":{
|
|
"contact":"natebrune@gmail.com",
|
|
"country":"us",
|
|
"gpg":"C95CE6BC6735BAD7",
|
|
"ipv6":"fcda:9958:9093:49f2:2677:6df6:2a5a:b01d",
|
|
"password":"Public",
|
|
"peerName":"NAT",
|
|
"publicKey":"vgxqyputh4ldhxktg9msmr61pw938l0ymhkmryljsyzvmr0dtwy0.k",
|
|
"website":"https://github.com/NateBrune"
|
|
},
|
|
"198.58.100.240:22237":{
|
|
"contact":"jhj@trnsz.com",
|
|
"login":"default-login",
|
|
"password":"pqr5brz16vzzu6vhjuj7tv3n078kr5f",
|
|
"peerName":"trnsz",
|
|
"publicKey":"ubbtkp0txwjh44v8kkznvhjqqwr1hd2jzv5ms9zlkfk25svxvtg0.k"
|
|
},
|
|
"149.56.98.167:3703":{
|
|
"contact":"code@ventricle.us",
|
|
"gpg":"7FE895160E3314027CD3B5D37392CF088BB4345C",
|
|
"location":"ovh beauharnois",
|
|
"login":"public-peer",
|
|
"password":"ppm6j89mgvss7uvtntcd9scy6166mwb",
|
|
"peerName":"larynx.ventricle.us",
|
|
"publicKey":"jg035j9hup776kwz1k4n0bwpggxp1qmts6t715x53g8vutxktzz0.k"
|
|
},
|
|
"165.227.44.84:34838":{
|
|
"contact":"wattersm@watters.ws",
|
|
"gpg":"E2A3328281D1DA0A08D34FC2058F0C51586CA8C6",
|
|
"location":"Digital Ocean tor1",
|
|
"login":"public-access",
|
|
"password":"8n2w2qu2lfndhgx8xwgp18vyq7fhvux",
|
|
"peerName":"linux1.tor1.watters.ws",
|
|
"publicKey":"b465hml7z3g1vj22ktqdrc3z17mwjxl44cg0mj903n9vycxzqpv0.k"
|
|
},
|
|
"149.56.19.79:55159":{
|
|
"contact":"infrastructure@stashcrypto.com",
|
|
"login":"default-login",
|
|
"password":"dgv86ktpblc2h4y93fsqpshcg2lbp5d",
|
|
"peerName":"git.stashcrypto.net",
|
|
"publicKey":"zbfurpx9n6whzwu6vrlfgmw8g56rmchfmhxxtpg0hwhl84vqf1y0.k"
|
|
},
|
|
"158.69.119.35:9218":{
|
|
"contact":"infrastructure@stashcrypto.com",
|
|
"login":"default-login",
|
|
"password":"w5huch4mn6tkgfp3j9sr8p8r13j3j33",
|
|
"peerName":"seed.stashcrypto.net",
|
|
"publicKey":"rzg61b3fsb675732g5rn8g1x61ypm1z7402n072qmrbbhgzm93f0.k"
|
|
},
|
|
}
|
|
},
|
|
{
|
|
// Bind to this port.
|
|
"bind": "[::]:2085",
|
|
// Set the DSCP value for Qos. Default is 0.
|
|
// "dscp": 46,
|
|
|
|
// Nodes to connect to (IPv6 only).
|
|
"connectTo":
|
|
{
|
|
"[2602:ff65:0:1::fc00]:2359":{
|
|
"contact":"Igel@hyperboria.ca",
|
|
"gpg":"A84DFFE62B451511",
|
|
"password":"alfa-charlie-alfa-bravo",
|
|
"peerName":"igel-boston",
|
|
"publicKey":"rdxg1nzvmjdj4fyguqydmnl659p7m3x26r6un4ql966q4xt988j0.k"
|
|
},
|
|
"[2604:a880:0:1010::f:4001]:63472":{
|
|
"contact":"code@ventricle.us",
|
|
"gpg":"7FE895160E3314027CD3B5D37392CF088BB4345C",
|
|
"location":"digitalocean nyc2",
|
|
"login":"public-peer",
|
|
"password":"ppm6j89mgvss7uvtntcd9scy6166mwb",
|
|
"peerName":"cord.ventricle.us",
|
|
"publicKey":"1xkf13m9r9h502yuffsq1cg13s5648bpxrtf2c3xcq1mlj893s90.k"
|
|
},
|
|
"[2a05:dfc7:dfc8:1d3::1]:30800":{
|
|
"contact":"iczero4@gmail.com",
|
|
"gpg":"613CE9DA0E9A3F70EC97760E4BAC4EBB8461FC7E",
|
|
"login":"public",
|
|
"password":"fwlmbx2f3udkd0ymknq4pwwgu2bjklx",
|
|
"peerName":"ic2.hellomouse.cf",
|
|
"publicKey":"c15sfmskdpmj2qw5lfvgfuzggyyk1bjzj4lu3yf6h1x2ckclwdd0.k"
|
|
},
|
|
"[2607:5300:61:44f::]:55159":{
|
|
"contact":"infrastructure@stashcrypto.com",
|
|
"login":"default-login",
|
|
"password":"dgv86ktpblc2h4y93fsqpshcg2lbp5d",
|
|
"peerName":"git.stashcrypto.net",
|
|
"publicKey":"zbfurpx9n6whzwu6vrlfgmw8g56rmchfmhxxtpg0hwhl84vqf1y0.k"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
,
|
|
"ETHInterface":
|
|
[
|
|
// Alternatively bind to just one device and either beacon and/or
|
|
// connect to a specified MAC address
|
|
{
|
|
// Bind to this device (interface name, not MAC)
|
|
// "all" is a pseudo-name which will try to connect to all devices.
|
|
"bind": "all",
|
|
|
|
// Auto-connect to other cjdns nodes on the same network.
|
|
// Options:
|
|
//
|
|
// 0 -- Disabled.
|
|
//
|
|
// 1 -- Accept beacons, this will cause cjdns to accept incoming
|
|
// beacon messages and try connecting to the sender.
|
|
//
|
|
// 2 -- Accept and send beacons, this will cause cjdns to broadcast
|
|
// messages on the local network which contain a randomly
|
|
// generated per-session password, other nodes which have this
|
|
// set to 1 or 2 will hear the beacon messages and connect
|
|
// automatically.
|
|
//
|
|
"beacon": 2,
|
|
|
|
// Node(s) to connect to manually
|
|
// Note: does not work with "all" pseudo-device-name
|
|
"connectTo":
|
|
{
|
|
// Credentials for connecting look similar to UDP credentials
|
|
// except they begin with the mac address, for example:
|
|
// "01:02:03:04:05:06":{"password":"a","publicKey":"b"}
|
|
}
|
|
}
|
|
]
|
|
|
|
},
|
|
|
|
// Configuration for the router.
|
|
"router":
|
|
{
|
|
// supernodes, if none are specified they'll be taken from your peers
|
|
"supernodes": [
|
|
//"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
|
|
]
|
|
|
|
// The interface which is used for connecting to the cjdns network.
|
|
"interface":
|
|
{
|
|
// The type of interface (only TUNInterface is supported for now)
|
|
"type": "TUNInterface"
|
|
// The type of tunfd (only "android" for now)
|
|
// If "android" here, the tunDevice should be used as the pipe path
|
|
// to transfer the tun file description.
|
|
// "tunfd" : "android"
|
|
|
|
// The name of a persistent TUN device to use.
|
|
// This for starting cjdroute as its own user.
|
|
// *MOST USERS DON'T NEED THIS*
|
|
//"tunDevice": "tun0"
|
|
},
|
|
|
|
// System for tunneling IPv4 and ICANN IPv6 through cjdns.
|
|
// This is using the cjdns switch layer as a VPN carrier.
|
|
"ipTunnel":
|
|
{
|
|
// Nodes allowed to connect to us.
|
|
// When a node with the given public key connects, give them the
|
|
// ip4 and/or ip6 addresses listed.
|
|
"allowedConnections":
|
|
[
|
|
// Give the client an address on 192.168.1.0/24, and an address
|
|
// it thinks has all of IPv6 behind it.
|
|
// ip4Prefix is the set of addresses which are routable from the tun
|
|
// for example, if you're advertizing a VPN into a company network
|
|
// which exists in 10.123.45.0/24 space, ip4Prefix should be 24
|
|
// default is 32 for ipv4 and 128 for ipv6
|
|
// so by default it will not install a route
|
|
// ip4Alloc is the block of addresses which are allocated to the
|
|
// for example if you want to issue 4 addresses to the client, those
|
|
// being 192.168.123.0 to 192.168.123.3, you would set this to 30
|
|
// default is 32 for ipv4 and 128 for ipv6 (1 address)
|
|
// {
|
|
// "publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k",
|
|
// "ip4Address": "192.168.1.24",
|
|
// "ip4Prefix": 0,
|
|
// "ip4Alloc": 32,
|
|
// "ip6Address": "2001:123:ab::10",
|
|
// "ip6Prefix": 0
|
|
// "ip6Alloc": 64,
|
|
// },
|
|
|
|
// It's ok to only specify one address and prefix/alloc are optional.
|
|
// {
|
|
// "publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k",
|
|
// "ip4Address": "192.168.1.25",
|
|
// "ip4Prefix": 0,
|
|
// }
|
|
],
|
|
|
|
"outgoingConnections":
|
|
[
|
|
// Connect to one or more machines and ask them for IP addresses.
|
|
// "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
|
|
// "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
|
|
// "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
|
|
]
|
|
}
|
|
},
|
|
|
|
// Dropping permissions.
|
|
// In the event of a serious security exploit in cjdns, leak of confidential
|
|
// network traffic and/or keys is highly likely but the following rules are
|
|
// designed to prevent the attack from spreading to the system on which cjdns
|
|
// is running.
|
|
// Counter-intuitively, cjdns is *more* secure if it is started as root because
|
|
// non-root users do not have permission to use chroot or change usernames,
|
|
// limiting the effectiveness of the mitigations herein.
|
|
"security":
|
|
[
|
|
// Change the user id to sandbox the cjdns process after it starts.
|
|
// If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses
|
|
// and ETHInterface will be unable to hot-add new interfaces
|
|
// Use { "setuser": 0 } to disable.
|
|
// Default: enabled with keepNetAdmin
|
|
{ "setuser": "nobody", "keepNetAdmin": 1 },
|
|
|
|
// Chroot changes the filesystem root directory which cjdns sees, blocking it
|
|
// from accessing files outside of the chroot sandbox, if the user does not
|
|
// have permission to use chroot(), this will fail quietly.
|
|
// Use { "chroot": 0 } to disable.
|
|
// Default: enabled (using "/var/run")
|
|
{ "chroot": "/var/run/" },
|
|
|
|
// Nofiles is a deprecated security feature which prevents cjdns from opening
|
|
// any files at all, using this will block setting of IP addresses and
|
|
// hot-adding ETHInterface devices but for users who do not need this, it
|
|
// provides a formidable sandbox.
|
|
// Default: disabled
|
|
{ "nofiles": 0 },
|
|
|
|
// Noforks will prevent cjdns from spawning any new processes or threads,
|
|
// this prevents many types of exploits from attacking the wider system.
|
|
// Default: enabled
|
|
{ "noforks": 1 },
|
|
|
|
// Seccomp is the most advanced sandboxing feature in cjdns, it uses
|
|
// SECCOMP_BPF to filter the system calls which cjdns is able to make on a
|
|
// linux system, strictly limiting it's access to the outside world
|
|
// This will fail quietly on any non-linux system
|
|
// Default: enabled
|
|
{ "seccomp": 1 },
|
|
|
|
// The client sets up the core using a sequence of RPC calls, the responses
|
|
// to these calls are verified but in the event that the client crashes
|
|
// setup of the core completes, it could leave the core in an insecure state
|
|
// This call constitutes the client telling the core that the security rules
|
|
// have been fully applied and the core may run. Without it, the core will
|
|
// exit within a few seconds with return code 232.
|
|
// Default: enabled
|
|
{ "setupComplete": 1 }
|
|
],
|
|
|
|
// Logging
|
|
"logging":
|
|
{
|
|
// Uncomment to have cjdns log to stdout rather than making logs available
|
|
// via the admin socket.
|
|
// "logTo":"stdout"
|
|
},
|
|
|
|
// If set to non-zero, cjdns will not fork to the background.
|
|
// Recommended for use in conjunction with "logTo":"stdout".
|
|
"noBackground":0
|
|
|
|
// Pipe file will store in this path, recommended value: /tmp (for unix),
|
|
// \\.\pipe (for windows)
|
|
// /data/local/tmp (for rooted android)
|
|
// /data/data/AppName (for non-root android)
|
|
// This only needs to be specified if cjdroute's guess is incorrect
|
|
// "pipe":"/tmp"
|
|
}
|