tildeverse
/
net
4
1
Fork 6
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: tildeverse:master
Branches Tags
tildeverse:master
ubergeek:master
..
compare: ubergeek:master
Branches Tags
ubergeek:master
tildeverse:master

No commits in common. "master" and "master" have entirely different histories.
master ... master

5 changed files with 25 additions and 115 deletions
Show Stats Expand all files Collapse all files

13
README.md
View File

@ -1,13 +1,2 @@
# TildeNet
TildeNet is a type of network called an "overlay" network. In simple terms, it's a small, private network, built on top of the public internet. You cannot access it unless you are either on a server already connected, in an always-on fashion, or access it via a VPN, or, if you become a node yourself.
# net
# Current Nodes
A current list of nodes can be found here: (https://www.thunix.net/~ubergeek/media/netstatus).
One subnet is current reserved for VPN clients, to connect via Thunix. Others will come in the future.
# Addressing
TildeNet addresses are in the 10.0.0.0/8 space. Don't worry if you don't know what that means, just know that TildeNet addresses will start with 10. always.
Hub nodes are in the 10.0.0.0/24 address space. So, 10.0.0.1, 10.0.0.10, 10.0.0.48, etc etc.
10.0.1.0 is reserved for Thunix clients, at this time.

7
index.html
View File

@ -16,11 +16,10 @@
<p>TildeNet intends to connect all servers of the <a href="https://tildeverse.org">tildeverse</a> federation. At the moment, ~Net connects the following servers:</p>
<ul>
<li><a href="https://tilde.summit.tildex.com">Summit Tilde</a> (10.0.0.2)</li>
<li><a href="https://tilde.best">~best</a> (10.0.0.3)</li>
<li><a href="https://thunix.net">thunix.net</a> (10.0.0.5)</li>
<li><a href="https://thebackupbox.net">thebackupbox.net</a> (10.0.0.41)</li>
<li><a href="https://tilde.team">~team</a> (10.0.0.48)</li>
<li><a href="https://thebackupbox.net">thebackupbox.net</a> (10.0.0.41)</li>
<li><a href="https://thunix.net">thunix.net</a> (10.0.0.5)</li>
</ul>
<h1>Technical details</h1>
@ -42,7 +41,7 @@ either:
<p>Join <code>#tildenet</code> at <code>irc.tilde.chat</code>. All node operators are on this channel, so you can ask them to add your Wireguard server to TildeNet as peer.</p>
<p>Also there is a <a href="https://tildegit.org/tildeverse/net/raw/branch/master/peers.txt">list of peers</a>.</p>
<p>Also there is a <a href="peers.txt">list of peers</a>.</p>
<h1>Future plans/ideas</h1>

45
peers.txt
View File

@ -1,23 +1,14 @@
# 10.0.0.1 is reserved for network use
# 10.0.0.254 is reserved for network use
# am32.org (and clients)
# paranoid.network
[Peer]
PublicKey = eKWuJLsfzI4TLdbcNliicpEBxT/kuoEPt+r3lJTTbgY=
AllowedIPs = 10.0.0.2/32, 10.0.2.0/24
Endpoint = 167.88.120.21:51820
# yourtilde.com (and clients)
[Peer]
PublicKey = gQqvj/A75SD7dVd1HFbc/YbuF4NF37mSvIeVVYxOKSA=
AllowedIPs = 10.0.0.3/32, 10.0.3.0/24
Endpoint = 142.44.189.32:51820
PublicKey = BDVvf4/V0GUU4NazeJj5iUgBFbc+AlmJZgOka5dh1lo=
AllowedIPs = 10.0.0.1/32
Endpoint = 85.119.82.111:54224
# thunix.net (thunix, and thunix vpn clients)
[Peer]
PublicKey = YSWs2hRjJXU9jiqnGydxjg7pyoqC5VjF32vev4fu7Bw=
AllowedIPs = 10.0.0.5/32, 10.0.1.0/24
Endpoint = 188.40.73.235:51820
Endpoint = 213.239.234.117:51820
# thebackupbox.net
[Peer]
@ -28,8 +19,8 @@ Endpoint = thebackupbox.net:1017
# tilde.team
[Peer]
PublicKey = 1kTCrkiu8j2hV1pa2TXtDvWFXZja9dvFyVsVbCUkrE0=
AllowedIPs = 10.0.0.65/32
Endpoint = 167.114.7.65:54224
AllowedIPs = 10.0.0.48/32
Endpoint = 51.79.32.48:54224
# radiofreqs.space
[Peer]
@ -37,24 +28,20 @@ PublicKey = Ge5O/IjdFeTWSCikbAVvFQ3kPAhcl1+6jcTG5OtGWVs=
AllowedIPs = 10.0.0.73/32
Endpoint = 149.248.19.232:51820
# l4p1n.ch
[Peer]
PublicKey = lDwSgYLrnx8tc7LSivGeN5dNEVBEZtc3GGwRSjxHXC4=
AllowedIPs = 10.0.0.42/32
Endpoint = l4p1n.ch:51820
# IP address is 83.77.215.83 in case it's needed.
# aussies.space
[Peer]
PublicKey = OTp3CLRBXeECB0gEnDr2btL07Fs3am5eb5x7gf1LtEc=
AllowedIPs = 10.0.0.27/32
Endpoint = 139.99.134.13:764
# darksnow (clemat.is)
[Peer]
PublicKey = G/doxil/NgUO0TuNGde5JaE/a3nqp8vwRz4OJiAEYiI=
AllowedIPs = 10.0.0.49/32, 10.0.49.0/24
Endpoint = darksnow.clemat.is:54224
# pi.tilde
[Peer]
PublicKey = G/GItTmwD/cNVvp41uZdA9x9mnk4bkDUTaYN7TX9OSY=
AllowedIPs = 10.0.0.10/32, 10.0.10.0/24
Endpoint = 149.28.186.154:764
# You need to contact before adding your network to TildeNet.
# You can find us at [ #tildenet on irc.tilde.chat] otherwise
# ubergeek@thunix.net or ben@tilde.team.

10
peers_update
View File

@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash
###########################################################################
#
@ -20,12 +20,12 @@ HEADER_SRC="/root/wg_header"
# You can point this direct to your wg-conf, or you can cron something else. Your call
WG_CONF="/etc/wireguard/wg0.conf"
curl "$PEERS_SRC" > "$TMP_PEERS"
curl $PEERS_SRC > $TMP_PEERS
cat "$HEADER_SRC" "$TMP_PEERS" > "$WG_CONF"
cat $HEADER_SRC $TMP_PEERS > $WG_CONF
# Clean up our mess.
rm "$TMP_PEERS"
rm $TMP_PEERS
# Uncomment the below, and adjust it to your interface names...
# wg-quick down wg-p2p
@ -34,4 +34,4 @@ rm "$TMP_PEERS"
# We need this to activate the tunnel
ping -c 1 10.0.0.1
ping -c 1 10.0.0.5
ping -c 1 10.0.0.65
ping -c 1 10.0.0.48

65
quick_howto.txt
View File

@ -1,65 +0,0 @@
How to create a wireguard tunnel to tildenet.
https://intranet.tildeverse.org/
https://tildegit.org/tildeverse/net/
On your local system. (Example below is based on OpenBSD 6.9)
Wireguard is part of the base system. You still need to install 'wireguard-tools':
# pkg_add wireguard-tools
Accept packet forwarding in between interfaces:
# sysctl net.inet.ip.forwarding=1
# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
Note: 10.0.0.X/24 is being used for the tunnel in between tildes. Each tilde can then use 10.0.X.0/24 for their local clients.
Create the configuration folder:
mkdir /etc/wireguard
chmod 700 /etc/wireguard
cd /etc/wireguard
Generate your server keypair
wg genkey > secret.key
chmod 600 secret.key
wg pubkey < secret.key > public.key
Create your tunnel/interface config file: /etc/wireguard/wg0.conf
Based on : https://tildegit.org/tildeverse/net/src/branch/master/peers.txt
Pickup your IP range for your tilde and the associate tunnel IP
PrivateKey is the content of your /etc/wireguard/secret.key
Address = the ip you've choosen for this server
For the other tilde to add you as [Peer] open a PR against https://tildegit.org/tildeverse/net
// need an account on tildegit which has to be from a known tilde email@.
The PR should contain your local tunnel IP (10.0.0.X/32 that will be their AllowedIPs and 10.0.X.0/24 for your local tilde peers) and your Endpoint being your public IP or hostname with the port WG is listening to. Just as the other are formated.
Back to your system, setup /etc/hostname.wg0:
inet 10.0.0.49 255.255.255.0 NONE
up
!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
Update your PF config by adding to /etc/pf.conf:
# wireguard setup for tildenet
pass in on wg0
pass in inet proto udp from any to any port 54224
pass out on egress inet from (wg0:network) nat-to (em0:0)
(em0 being your interface name then pfctl -f /etc/pf.conf)