Compare commits
No commits in common. "master" and "master" have entirely different histories.
13
README.md
13
README.md
|
@ -1,13 +1,2 @@
|
|||
# TildeNet
|
||||
TildeNet is a type of network called an "overlay" network. In simple terms, it's a small, private network, built on top of the public internet. You cannot access it unless you are either on a server already connected, in an always-on fashion, or access it via a VPN, or, if you become a node yourself.
|
||||
# net
|
||||
|
||||
# Current Nodes
|
||||
A current list of nodes can be found here: (https://www.thunix.net/~ubergeek/media/netstatus).
|
||||
|
||||
One subnet is current reserved for VPN clients, to connect via Thunix. Others will come in the future.
|
||||
# Addressing
|
||||
TildeNet addresses are in the 10.0.0.0/8 space. Don't worry if you don't know what that means, just know that TildeNet addresses will start with 10. always.
|
||||
|
||||
Hub nodes are in the 10.0.0.0/24 address space. So, 10.0.0.1, 10.0.0.10, 10.0.0.48, etc etc.
|
||||
|
||||
10.0.1.0 is reserved for Thunix clients, at this time.
|
||||
|
|
|
@ -16,11 +16,10 @@
|
|||
<p>TildeNet intends to connect all servers of the <a href="https://tildeverse.org">tildeverse</a> federation. At the moment, ~Net connects the following servers:</p>
|
||||
|
||||
<ul>
|
||||
<li><a href="https://tilde.summit.tildex.com">Summit Tilde</a> (10.0.0.2)</li>
|
||||
<li><a href="https://tilde.best">~best</a> (10.0.0.3)</li>
|
||||
<li><a href="https://thunix.net">thunix.net</a> (10.0.0.5)</li>
|
||||
<li><a href="https://thebackupbox.net">thebackupbox.net</a> (10.0.0.41)</li>
|
||||
<li><a href="https://tilde.team">~team</a> (10.0.0.48)</li>
|
||||
<li><a href="https://thebackupbox.net">thebackupbox.net</a> (10.0.0.41)</li>
|
||||
<li><a href="https://thunix.net">thunix.net</a> (10.0.0.5)</li>
|
||||
</ul>
|
||||
|
||||
<h1>Technical details</h1>
|
||||
|
@ -42,7 +41,7 @@ either:
|
|||
|
||||
<p>Join <code>#tildenet</code> at <code>irc.tilde.chat</code>. All node operators are on this channel, so you can ask them to add your Wireguard server to TildeNet as peer.</p>
|
||||
|
||||
<p>Also there is a <a href="https://tildegit.org/tildeverse/net/raw/branch/master/peers.txt">list of peers</a>.</p>
|
||||
<p>Also there is a <a href="peers.txt">list of peers</a>.</p>
|
||||
|
||||
<h1>Future plans/ideas</h1>
|
||||
|
||||
|
|
45
peers.txt
45
peers.txt
|
@ -1,23 +1,14 @@
|
|||
# 10.0.0.1 is reserved for network use
|
||||
# 10.0.0.254 is reserved for network use
|
||||
|
||||
# am32.org (and clients)
|
||||
# paranoid.network
|
||||
[Peer]
|
||||
PublicKey = eKWuJLsfzI4TLdbcNliicpEBxT/kuoEPt+r3lJTTbgY=
|
||||
AllowedIPs = 10.0.0.2/32, 10.0.2.0/24
|
||||
Endpoint = 167.88.120.21:51820
|
||||
|
||||
# yourtilde.com (and clients)
|
||||
[Peer]
|
||||
PublicKey = gQqvj/A75SD7dVd1HFbc/YbuF4NF37mSvIeVVYxOKSA=
|
||||
AllowedIPs = 10.0.0.3/32, 10.0.3.0/24
|
||||
Endpoint = 142.44.189.32:51820
|
||||
PublicKey = BDVvf4/V0GUU4NazeJj5iUgBFbc+AlmJZgOka5dh1lo=
|
||||
AllowedIPs = 10.0.0.1/32
|
||||
Endpoint = 85.119.82.111:54224
|
||||
|
||||
# thunix.net (thunix, and thunix vpn clients)
|
||||
[Peer]
|
||||
PublicKey = YSWs2hRjJXU9jiqnGydxjg7pyoqC5VjF32vev4fu7Bw=
|
||||
AllowedIPs = 10.0.0.5/32, 10.0.1.0/24
|
||||
Endpoint = 188.40.73.235:51820
|
||||
Endpoint = 213.239.234.117:51820
|
||||
|
||||
# thebackupbox.net
|
||||
[Peer]
|
||||
|
@ -28,8 +19,8 @@ Endpoint = thebackupbox.net:1017
|
|||
# tilde.team
|
||||
[Peer]
|
||||
PublicKey = 1kTCrkiu8j2hV1pa2TXtDvWFXZja9dvFyVsVbCUkrE0=
|
||||
AllowedIPs = 10.0.0.65/32
|
||||
Endpoint = 167.114.7.65:54224
|
||||
AllowedIPs = 10.0.0.48/32
|
||||
Endpoint = 51.79.32.48:54224
|
||||
|
||||
# radiofreqs.space
|
||||
[Peer]
|
||||
|
@ -37,24 +28,20 @@ PublicKey = Ge5O/IjdFeTWSCikbAVvFQ3kPAhcl1+6jcTG5OtGWVs=
|
|||
AllowedIPs = 10.0.0.73/32
|
||||
Endpoint = 149.248.19.232:51820
|
||||
|
||||
# l4p1n.ch
|
||||
[Peer]
|
||||
PublicKey = lDwSgYLrnx8tc7LSivGeN5dNEVBEZtc3GGwRSjxHXC4=
|
||||
AllowedIPs = 10.0.0.42/32
|
||||
Endpoint = l4p1n.ch:51820
|
||||
# IP address is 83.77.215.83 in case it's needed.
|
||||
|
||||
# aussies.space
|
||||
[Peer]
|
||||
PublicKey = OTp3CLRBXeECB0gEnDr2btL07Fs3am5eb5x7gf1LtEc=
|
||||
AllowedIPs = 10.0.0.27/32
|
||||
Endpoint = 139.99.134.13:764
|
||||
|
||||
# darksnow (clemat.is)
|
||||
[Peer]
|
||||
PublicKey = G/doxil/NgUO0TuNGde5JaE/a3nqp8vwRz4OJiAEYiI=
|
||||
AllowedIPs = 10.0.0.49/32, 10.0.49.0/24
|
||||
Endpoint = darksnow.clemat.is:54224
|
||||
|
||||
# pi.tilde
|
||||
[Peer]
|
||||
PublicKey = G/GItTmwD/cNVvp41uZdA9x9mnk4bkDUTaYN7TX9OSY=
|
||||
AllowedIPs = 10.0.0.10/32, 10.0.10.0/24
|
||||
|
||||
Endpoint = 149.28.186.154:764
|
||||
|
||||
# You need to contact before adding your network to TildeNet.
|
||||
# You can find us at [ #tildenet on irc.tilde.chat] otherwise
|
||||
# ubergeek@thunix.net or ben@tilde.team.
|
||||
|
||||
|
|
10
peers_update
10
peers_update
|
@ -1,4 +1,4 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
###########################################################################
|
||||
#
|
||||
|
@ -20,12 +20,12 @@ HEADER_SRC="/root/wg_header"
|
|||
# You can point this direct to your wg-conf, or you can cron something else. Your call
|
||||
WG_CONF="/etc/wireguard/wg0.conf"
|
||||
|
||||
curl "$PEERS_SRC" > "$TMP_PEERS"
|
||||
curl $PEERS_SRC > $TMP_PEERS
|
||||
|
||||
cat "$HEADER_SRC" "$TMP_PEERS" > "$WG_CONF"
|
||||
cat $HEADER_SRC $TMP_PEERS > $WG_CONF
|
||||
|
||||
# Clean up our mess.
|
||||
rm "$TMP_PEERS"
|
||||
rm $TMP_PEERS
|
||||
|
||||
# Uncomment the below, and adjust it to your interface names...
|
||||
# wg-quick down wg-p2p
|
||||
|
@ -34,4 +34,4 @@ rm "$TMP_PEERS"
|
|||
# We need this to activate the tunnel
|
||||
ping -c 1 10.0.0.1
|
||||
ping -c 1 10.0.0.5
|
||||
ping -c 1 10.0.0.65
|
||||
ping -c 1 10.0.0.48
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
How to create a wireguard tunnel to tildenet.
|
||||
https://intranet.tildeverse.org/
|
||||
https://tildegit.org/tildeverse/net/
|
||||
|
||||
|
||||
On your local system. (Example below is based on OpenBSD 6.9)
|
||||
|
||||
Wireguard is part of the base system. You still need to install 'wireguard-tools':
|
||||
|
||||
# pkg_add wireguard-tools
|
||||
|
||||
Accept packet forwarding in between interfaces:
|
||||
|
||||
# sysctl net.inet.ip.forwarding=1
|
||||
# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
|
||||
|
||||
|
||||
Note: 10.0.0.X/24 is being used for the tunnel in between tildes. Each tilde can then use 10.0.X.0/24 for their local clients.
|
||||
|
||||
|
||||
Create the configuration folder:
|
||||
|
||||
mkdir /etc/wireguard
|
||||
chmod 700 /etc/wireguard
|
||||
cd /etc/wireguard
|
||||
|
||||
Generate your server keypair
|
||||
wg genkey > secret.key
|
||||
chmod 600 secret.key
|
||||
wg pubkey < secret.key > public.key
|
||||
|
||||
Create your tunnel/interface config file: /etc/wireguard/wg0.conf
|
||||
|
||||
Based on : https://tildegit.org/tildeverse/net/src/branch/master/peers.txt
|
||||
|
||||
Pickup your IP range for your tilde and the associate tunnel IP
|
||||
|
||||
PrivateKey is the content of your /etc/wireguard/secret.key
|
||||
|
||||
Address = the ip you've choosen for this server
|
||||
|
||||
For the other tilde to add you as [Peer] open a PR against https://tildegit.org/tildeverse/net
|
||||
|
||||
// need an account on tildegit which has to be from a known tilde email@.
|
||||
|
||||
|
||||
The PR should contain your local tunnel IP (10.0.0.X/32 that will be their AllowedIPs and 10.0.X.0/24 for your local tilde peers) and your Endpoint being your public IP or hostname with the port WG is listening to. Just as the other are formated.
|
||||
|
||||
|
||||
Back to your system, setup /etc/hostname.wg0:
|
||||
|
||||
inet 10.0.0.49 255.255.255.0 NONE
|
||||
up
|
||||
!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
|
||||
|
||||
|
||||
Update your PF config by adding to /etc/pf.conf:
|
||||
|
||||
# wireguard setup for tildenet
|
||||
pass in on wg0
|
||||
pass in inet proto udp from any to any port 54224
|
||||
pass out on egress inet from (wg0:network) nat-to (em0:0)
|
||||
|
||||
(em0 being your interface name then pfctl -f /etc/pf.conf)
|
||||
|
Loading…
Reference in New Issue