Changes in 6548998: Merge branch 'master' of git.dn42:dn42/wiki

Hierarchical-DNS.md

...	...	@@ -32,7 +32,7 @@ For all of these servers they have a specific IP assigned, only respond to their
32	32
33	33	{{name}}.in-addr-servers.arpa - This server is authoritative for "arpa", "in-addr", and each of the 172 zones for dn42 ip space. For non dn42 ip space NS records to the respective darknet would need to be registered.
34	34
35		-{{name}}.dn42-servers.arpa - This server is authoritative for RFC 2317 delegations. For any inetnum object smaller than /24 and whos parent has no nameserver records, a C class parent zone is created (all its subnetworks are delegated to appropriate namservers with CNAME)
	35	+{{name}}.dn42-servers.arpa - This server is authoritative for RFC 2317 delegations. For any inetnum object smaller than /24 and whos parent has no nameserver records, a C class parent zone is created (all its subnetworks are delegated to appropriate nameservers with CNAME)
36	36
37	37	Real-time server monitor is available at http://nixnodes.net/dn42/dnsview or http://nixnodes.dn42/dn42/dnsview/
38	38

_Sidebar.md

...	...	@@ -14,6 +14,7 @@
14	14	* [[Email\|email]]
15	15	* [[GRE on FreeBSD\|gre-on-freebsd]]
16	16	* [[Mikrotik RouterOS\|mikrotik]]
	17	+ * [[EdgeOS Config]]
17	18
18	19	* [[Services\|/pages/services/]]
19	20	* [[IRC]]
...	...	@@ -39,4 +40,3 @@
39	40	--------------
40	41
41	42	[[_TOC_]]
42		-

howto/Bird-communities.md

...	...	@@ -12,9 +12,15 @@ To properly assign the right community to your peer, please reference the table
12	12
13	13	## BGP community criteria
14	14	```
15		-(64511, 1) :: latency \in [0, 2.7ms]
16		-(64511, 2) :: latency \in [2.7ms, 7.3ms]
17		-(64511, 3) :: latency \in [7.3ms, 20ms]
	15	+(64511, 1) :: latency \in (0, 2.7ms]
	16	+(64511, 2) :: latency \in (2.7ms, 7.3ms]
	17	+(64511, 3) :: latency \in (7.3ms, 20ms]
	18	+(64511, 4) :: latency \in (20ms, 55ms]
	19	+(64511, 5) :: latency \in (55ms, 148ms]
	20	+(64511, 6) :: latency \in (148ms, 403ms]
	21	+(64511, 7) :: latency \in (403ms, 1097ms]
	22	+(64511, 8) :: latency \in (1097ms, 2981ms]
	23	+(64511, 9) :: latency > 2981ms
18	24	(64511, x) :: latency \in [exp(x-1), exp(x)] ms (for x < 10)
19	25
20	26	(64511, 21) :: bw >= 0.1mbit
...	...	@@ -36,7 +42,7 @@ Propagation:
36	42	```
37	43	For example, if your peer is 12ms away and the link speed between you is 250Mbit/s and you are peering using OpenVPN P2P, then the community string would be (3, 24, 33).
38	44
39		-You might want to use this [script](https://github.com/Mic92/bird-dn42/blob/master/bgp-community.rb) to measure round trip time and calculate community values automatically:
	45	+Two utilites which measure round trip time and calculate community values automatically are provided, written in [ruby](https://github.com/Mic92/bird-dn42/blob/master/bgp-community.rb) and [C](https://github.com/nixnodes/bird/blob/master/misc/dn42-comgen.c).
40	46
41	47	```
42	48	$ ruby bgp-community.rb --help

howto/Bird.md

...	...	@@ -3,7 +3,10 @@ Compared to quagga, bird supports multiple routing tables, which is useful, if y
3	3	want to learn the practical details behind routing protocols in bird, see the following [guide](https://github.com/knorrie/network-examples)
4	4
5	5	# Debian
6		-The version in the Debian repositories might be quite old, therefore it makes sense to install a newer one directly from bird:
	6	+In the Debian release cycle the bird packages may become outdated at times, if that is the case you should use the official bird package repository maintained by the developers of nic.cz.
	7	+
	8	+This is not necessary for Debian Stretch, which currently ships the most recent version (1.6.3) in this repositories.
	9	+
7	10	```sh
8	11	wget -O - http://bird.network.cz/debian/apt.key \| apt-key add -
9	12	apt-get install lsb-release
...	...	@@ -11,7 +14,6 @@ echo "deb http://bird.network.cz/debian/ $(lsb_release -sc) main" > /etc/apt/sou
11	14	apt-get update
12	15	apt-get install bird
13	16	```
14		-In case you are running Debian Jessie and this is not working for you, try replacing jessie with wheezy in the /etc/apt/sources.list.d/bird.list.
15	17
16	18	# Example configuration
17	19
...	...	@@ -106,91 +108,12 @@ define OWNIP = <GATEWAY_IP>;
106	108	function is_self_net() {
107	109	return net ~ [<SUBNET>+];
108	110	}
109		-```
110		-
111		-Generate the filter list from the monotone repository
112		-
113		-```
114		-$ cd net.dn42.registry
115		-$ ruby utils/bgp-filter.rb --format bird < data/filter6.txt > /etc/bird/filter6.conf
116	111
117		-or
118		-
119		-$ curl -s https://ca.dn42.us/reg/filter6.txt \| \
120		- awk '/^[0-9]/ && $2 ~ /permit/ {printf "%s{%s,%s}\n", $3, $4, $5}' \| \
121		- awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n"} \
122		- NR > 1 {printf ",\n"} {printf " %s", $1}
123		- END {printf "\n ];\n}\n"}' > /etc/bird/filter6.conf
124		-```
125		-
126		-example filter list:
127		-
128		-```
129	112	function is_valid_network() {
130	113	return net ~ [
131		- fc00::/8{48,64}, # ULA (undefined)
132		- fd00::/8{48,64}, # ULA (defined)
133		- 2001:67c:20c1::/48{48,48}, # E-UTP IPv6
134		- 2001:bf7::/32{32,128}, # Freifunk (Foerderverein Freie Netzwerke) IPv6 Range
135		- 2001:67c:20a1::/48{48,48}, # CCC Event Network
136		- 2001:0470:006c:01d5::/64{64,64}, # Registered IANA
137		- 2001:0470:006d:0655::/64{64,64},
138		- 2001:0470:1f09:172d::/64{64,64},
139		- 2001:0470:1f0b:0592::/64{64,64},
140		- 2001:0470:1f0b:0bca::/64{64,64},
141		- 2001:0470:1f0b:1af5::/64{64,64},
142		- 2001:0470:1f10:0275::/64{64,64},
143		- 2001:0470:1f12:0004::/64{64,64},
144		- 2001:0470:5084::/48{48,64},
145		- 2001:0470:51c6::/48{48,64},
146		- 2001:0470:73d3::/48{48,64},
147		- 2001:0470:7972::/48{48,64},
148		- 2001:0470:9949::/48{48,64},
149		- 2001:0470:99fc::/48{48,64},
150		- 2001:0470:9af8::/48{48,64},
151		- 2001:0470:9ce6::/55{55,64},
152		- 2001:0470:9f43::/48{48,64},
153		- 2001:0470:caab::/48{48,64},
154		- 2001:0470:cd99::/48{48,64},
155		- 2001:0470:d4df::/48{48,64},
156		- 2001:0470:d889:0010::/64{64,64},
157		- 2001:0470:e3f0:000a::/64{64,64},
158		- 2001:067c:21ec::/48{48,64},
159		- 2001:06f8:1019:0000::/64{64,64},
160		- 2001:06f8:118b::/48{48,64},
161		- 2001:06f8:1194::/48{48,64},
162		- 2001:06f8:121a::/48{48,64},
163		- 2001:06f8:1c1b::/48{48,64},
164		- 2001:06f8:1d14::/48{48,64},
165		- 2001:06f8:1d26::/48{48,64},
166		- 2001:06f8:1d53::/48{48,64},
167		- 2001:07f0:3003::/48{48,64},
168		- 2001:08d8:0081:05c8::/63{63,64},
169		- 2001:08d8:0081:05ca::/64{64,64},
170		- 2001:15c0:1000:0100::/64{64,64},
171		- 2001:1b60:1000:0001::/64{64,64},
172		- 2001:41d0:0001:b6bb::/64{64,64},
173		- 2001:41d0:0001:cd42::/64{64,64},
174		- 2001:4dd0:fcff::/48{48,64},
175		- 2001:4dd0:fdd3::/48{48,64},
176		- 2001:4dd0:ff00:8710::/64{64,64},
177		- 2604:8800:0179:4200::/56{56,64},
178		- 2801:0000:80:8000::/50{50,64},
179		- 2a00:1328:e101:0200::/56{56,64},
180		- 2a00:1828:2000:0289::/64{64,64},
181		- 2a00:1828:a013:d242::/64{64,64},
182		- 2a00:5540:0387::/48{48,64},
183		- 2a01:0198:022c::/48{48,64},
184		- 2a01:0198:035a:fd13::/64{64,64},
185		- 2a01:0198:0485::/48{48,64},
186		- 2a01:04f8:0121:4fff::/64{64,64},
187		- 2a01:04f8:0140:1ffd::/64{64,64},
188		- 2a01:04f8:0d13:17c0::/64{64,64},
189		- 2a02:0a00:e010:3c00::/56{56,64},
190		- 2a02:0ee0:0002:0051::/64{64,64},
191		- 2a03:2260::/30{30,64}
192		- ];
193		-}
	114	+ 'fd00::/8' # ULA address space as per RFC 4193
	115	+ ]
	116	+}
194	117	```
195	118
196	119	```
...	...	@@ -295,52 +218,18 @@ define OWNIP = <GATEWAY_IP>;
295	218	function is_self_net() {
296	219	return net ~ [<SUBNET>+];
297	220	}
298		-```
299		-
300		-Generate the filter list from the monotone repository
301		-
302		-```
303		-$ cd net.dn42.registry
304		-$ ruby utils/bgp-filter.rb --format bird < data/filter.txt > /var/lib/bird/filter4.conf
305	221
306		-or
307		-
308		-$ curl -s https://ca.dn42.us/reg/filter.txt \| \
309		- awk '/^[0-9]/ && $2 ~ /permit/ {printf "%s{%s,%s}\n", $3, $4, $5}' \| \
310		- awk 'BEGIN {printf "function is_valid_network() {\n return net ~ [\n"} \
311		- NR > 1 {printf ",\n"} {printf " %s", $1}
312		- END {printf "\n ];\n}\n"}' > /var/lib/bird/filter4.conf
313		-```
314		-
315		-example filter list:
316		-
317		-```
318	222	function is_valid_network() {
319	223	return net ~ [
320		- 172.20.0.0/14{21,29}, # dn42 main net
321		- 172.20.0.0/24{28,32}, # dn42 Anycast range
322		- 172.21.0.0/24{28,32}, # dn42 Anycast range
323		- 172.22.0.0/24{28,32}, # dn42 Anycast range
324		- 172.23.0.0/24{28,32}, # dn42 Anycast range
325		- 192.175.48.0/24{24,32}, # AS112-prefix for reverse-dns
326		- 10.0.0.0/8{12,28}, # freifunk/chaosvpn
327		- 172.31.0.0/16{22,28}, # chaosvpn
328		- 100.64.0.0/10{12,28}, # iana private range
329		- 195.160.168.0/23{23,28}, # ctdo
330		- 91.204.4.0/22{22,28}, # free.de via ctdo
331		- 193.43.220.0/23{23,28}, # durchdieluft via ctdo
332		- 83.133.178.0/23{23,28}, # muccc kapsel
333		- 87.106.29.254/32{32,32}, # wintix (please don' announce /32)
334		- 85.25.246.16/28{28,32}, # leon
335		- 46.4.248.192/27{27,32}, # welterde
336		- 94.45.224.0/19{19,28}, # ccc event network
337		- 151.217.0.0/16{16,28}, # ccc event network 2
338		- 195.191.196.0/23{23,29}, # ichdasich pi space
339		- 80.244.241.224/27{27,32}, # jchome service network
340		- 188.40.34.241/32{32,32},
341		- 37.1.89.192/26{26,28}, # siska
342		- 87.98.246.19/32{32,32}
343		- ];
	224	+ 172.20.0.0/14{21,29}, # dn42
	225	+ 172.20.0.0/24{28,32}, # dn42 Anycast
	226	+ 172.21.0.0/24{28,32}, # dn42 Anycast
	227	+ 172.22.0.0/24{28,32}, # dn42 Anycast
	228	+ 172.23.0.0/24{28,32}, # dn42 Anycast
	229	+ 172.31.0.0/16+, # ChaosVPN
	230	+ 10.100.0.0/14+, # ChaosVPN
	231	+ 10.0.0.0/8{15,22} # Freifunk.net
	232	+ ]
344	233	}
345	234	```
346	235

howto/EdgeOS-Config.md

...	...	@@ -0,0 +1,156 @@
	1	+#EdgeRouter config example
	2	+
	3	+After a lot of searching and trying I [Phil/ALS7] finnaly got a working config
	4	+
	5	+I used for this example V1.9.0 on an ErPro-8
	6	+
	7	+Also thanx to drathir for his patience and support
	8	+
	9	+##Features
	10	+
	11	+* IPv4/IPv6 Tunnel via OpenVPN
	12	+* dn42 DNS
	13	+
	14	+##How-To
	15	+
	16	+--> still work in Progress
	17	+
	18	+* Basic EdgeOS knowledge is required
	19	+* If you are using LoadBalancing make shure 172.20.0.0/14 is under 'PRIVATE NETS'
	20	+
	21	+1) you need to create all required fields in the registry --> look at [[Getting started]]
	22	+
	23	+2) get a peer --> ask nice @ [[IRC]]
	24	+
	25	+3) You need following data from the peer
	26	+
	27	+--tunnel options, secret key --ASN from the peer --ip's
	28	+
	29	+...
	30	+
	31	+The data i used are the following:
	32	+
	33	+Own ASN: AS111111
	34	+Own IPv4 Space: 172.AA.AA.64/27
	35	+Own IPv6 Space: fdBB:BBBB:CCCC::/48
	36	+Own IPv4 If-Address: 172.AA.AA.65
	37	+Own IPv6 If-Address: fdBB:BBBB:CCCC::1
	38	+
	39	+
	40	+Peer OpenVPN Remote Address: 172.X.X.X //that's the peers OpenVPN IF IP
	41	+Peer OpenVPN Remote Host: X.X.X.Y //that's the peers clearnet IP
	42	+Peer OpenVPN IP for you: fdAA::BBB/64
	43	+Peer OpenVPN IP: fdAA::CC
	44	+Peer OpenVPN Port: 1194
	45	+Peer OpenVPN encryption: aes256
	46	+Peer ASN: AS222222
	47	+Peer BGP Neighbour IPv4: Z.Z.Z.Z
	48	+Peer BGP Neighbour IPv6: fdAA::CC
	49	+
	50	+###Copy OpenVPN key to the ErPro
	51	+
	52	+copy vpn key to /config/auth/giveITaName
	53	+
	54	+ sudo su
	55	+ cd /config/auth
	56	+ cat > giveITaName
	57	+
	58	+now paste the key in the terminal window, hit return once and kill cat with CTRL+C
	59	+last thing to do is type exit
	60	+
	61	+###Create IPv4 OpenVPN Interface
	62	+
	63	+Set up Interface vtunX -- i used vtun0
	64	+
	65	+ configure
	66	+ set interfaces openvpn vtun0
	67	+ set interfaces openvpn vtun0 mode site-to-site
	68	+ set interfaces openvpn vtun0 local-port 1194
	69	+ set interfaces openvpn vtun0 remote-port 1194
	70	+ set interfaces openvpn vtun0 local-address 172.AA.AA.65
	71	+ set interfaces openvpn vtun0 remote-address 172.X.X.X
	72	+ set interfaces openvpn vtun0 remote-host X.X.X.Y
	73	+ set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName
	74	+ set interfaces openvpn vtun0 encryption aes256
	75	+
	76	+ set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression
	77	+
	78	+ commit
	79	+ save
	80	+ exit
	81	+
	82	+Now the ipv4 tunnel should be up&running
	83	+
	84	+Check it with:
	85	+
	86	+ show interfaces openvpn
	87	+ show interfaces openvpn detail
	88	+ show openvpn status site-to-site
	89	+
	90	+###Create IPv4 BGP Session
	91	+
	92	+####Open Firewall
	93	+
	94	+* You need to open the firewall to local for the tunnel Interface on port 179/tcp
	95	+
	96	+####Configure the BGP Neighbor
	97	+
	98	+* You must not use AS before the as numbers !!
	99	+
	100	+With this step you create the basic bgp session
	101	+
	102	+ configure
	103	+ set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222
	104	+ set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound
	105	+ set protocols bgp 111111 neighbor Z.Z.Z.Z update-source 172.AA.AA.65
	106	+ commit
	107	+ save
	108	+
	109	+When commit this configuration you should be able to see a BGP neighbor session start and come up.
	110	+You can check this with:
	111	+
	112	+ show ip bgp summary
	113	+
	114	+####Set route to blackhole
	115	+
	116	+so bgp can announce the route
	117	+
	118	+ set protocols static route 172.AA.AA.64/27 blackhole
	119	+ commit
	120	+ save
	121	+
	122	+####Announce prefix to BGP
	123	+
	124	+ set protocols bgp 111111 network 172.A.A.64/27
	125	+ commit
	126	+ save
	127	+ exit
	128	+
	129	+You should now be able to see networks being advertised via
	130	+
	131	+ show ip bgp neighbors Z.Z.Z.Z advertised-routes
	132	+
	133	+###Define Nameservers
	134	+
	135	+Now ping to 172.23.0.53 ... thats the nameserver we are using
	136	+If everything is allright it should work
	137	+
	138	+####NS & NAT Config
	139	+
	140	+Enter the configure mode
	141	+
	142	+ configure
	143	+ set service dns forwarding name-server 8.8.8.8
	144	+ set service dns forwarding name-server 8.8.4.4
	145	+ set service dns forwarding options rebind-domain-ok=/dn42/
	146	+ set service dns forwarding options server=/23.172.in-addr.arpa/172.23.0.53
	147	+ set service dns forwarding options server=/22.172.in-addr.arpa/172.23.0.53
	148	+ set service dns forwarding options server=/dn42/172.23.0.53
	149	+ set service nat rule 5013 outbound-interface vtun0
	150	+ set service nat rule 5013 type masquerade
	151	+ set service nat rule 5013 description "masquerade for dn42"
	152	+ commit
	153	+ save
	154	+ exit
	155	+
	156	+Now try to access any .dn42 tld

howto/Edgeos-Config-Example-number-2.md

...	...	@@ -0,0 +1,148 @@
	1	+#EdgeRouterPro-8 config example with v1.9.0
	2	+
	3	+After a lot of searching and trying I [Phil/ALS7] finnaly got a working config
	4	+Also thanx to drathir for his patience and support
	5	+
	6	+##Features
	7	+
	8	+* IPv4/IPv6 Tunnel via OpenVPN
	9	+* dn42 DNS
	10	+
	11	+##How-To
	12	+
	13	+--> still work in Progress
	14	+
	15	+* Basic EdgeOS knowledge is required
	16	+
	17	+1) you need to create all required fields in the registry --> look at [[Getting started]] page
	18	+
	19	+2) get a peer --> ask nice @ [[IRC]]
	20	+
	21	+3) You need following data from the peer
	22	+
	23	+--tunnel options, secret key --ASN from the peer --ip's
	24	+
	25	+...
	26	+
	27	+The data i used are the following:
	28	+
	29	+Own ASN: AS111111
	30	+Own IPv4: 172.AA.AA.64/27
	31	+Own IPv6: fdBB:BBBB:CCCC::/48
	32	+
	33	+Peer OpenVPN Remote Address: X.X.X.X
	34	+Peer OpenVPN Remote Host: X.X.X.Y
	35	+Peer OpenVPN IP for you: fdAA::BBB/64
	36	+Peer OpenVPN IP: fdAA::CC
	37	+Peer OpenVPN Port: 1194
	38	+Peer OpenVPN encryption: aes256
	39	+Peer ASN: AS222222
	40	+Peer BGP Neighbour IPv4: Z.Z.Z.Z
	41	+Peer BGP Neighbour IPv6: fdAA::CC
	42	+
	43	+###Copy OpenVPN key to the ErPro
	44	+
	45	+copy vpn key to /config/auth/giveITaName
	46	+
	47	+ sudo su
	48	+ cd /config
	49	+ mkdir auth
	50	+ cd auth
	51	+ cat > giveITaName
	52	+
	53	+now paste the key in the terminal window, hit return once and kill cat with CTRL+C
	54	+last thing to do is type exit
	55	+
	56	+###Create IPv4 OpenVPN Interface
	57	+
	58	+Set up Interface vtunX -- i used vtun0
	59	+
	60	+ configure
	61	+ set interface openssh vtun0
	62	+ set interfaces openvpn vtun0 mode site-to-site
	63	+ set interfaces openvpn vtun0 local-port 1194
	64	+ set interfaces openvpn vtun0 remote-port 1194
	65	+ set interfaces openvpn vtun0 local-address 172.AA.AA.64
	66	+ set interfaces openvpn vtun0 remote-address X.X.X.X
	67	+ set interfaces openvpn vtun0 remote-host X.X.X.Y
	68	+ set interfaces openvpn vtun0 shared-secret-key-file /config/auth/giveITaName
	69	+ set interfaces openvpn vtun0 encryption aes256
	70	+
	71	+ set interfaces openvpn vtun0 openvpn-option "--comp-lzo" //if your peer support compression
	72	+
	73	+ commit
	74	+ save
	75	+ exit
	76	+
	77	+Now the ipv4 tunnel should be up&running
	78	+
	79	+Check it with:
	80	+
	81	+ show interfaces openvpn
	82	+ show interfaces openvpn detail
	83	+ show openvpn status site-to-site
	84	+
	85	+###Create IPv4 BGP Session
	86	+
	87	+####Open Firewall
	88	+
	89	+* You need to open the firewall to local for the tunnel Interface on port 179/tcp
	90	+
	91	+####Configure the BGP Neighbor
	92	+
	93	+* You must not use AS before the as numbers !!
	94	+
	95	+With this step you create the basic bgp session
	96	+
	97	+ configure
	98	+ set protocols bgp 111111 neighbor Z.Z.Z.Z remote-as 222222
	99	+ set protocols bgp 111111 neighbor Z.Z.Z.Z soft-reconfiguration inbound
	100	+ set protocols bgp 111111 neighbor update-source 172.AA.AA.64
	101	+ commit
	102	+ save
	103	+
	104	+When commit this configuration you should be able to see a BGP neighbor session start and come up.
	105	+You can check this with:
	106	+
	107	+ show ip bgp summary
	108	+
	109	+####Set route to blackhole
	110	+
	111	+so bgp can announce the route
	112	+
	113	+ set protocols static route 172.AA.AA.64/27 blackhole
	114	+ commit
	115	+ save
	116	+
	117	+####Announce prefix to BGP
	118	+
	119	+ set protocols bgp 111111 network 172.A.A.64/27
	120	+ commit
	121	+ save
	122	+ exit
	123	+
	124	+You should now be able to see networks being advertised via
	125	+
	126	+ show ip bgp neighbors Z.Z.Z.Z advertised-routes
	127	+
	128	+###Define Nameservers
	129	+
	130	+Now ping to 172.23.0.53 ... thats the nameserver we are using
	131	+If everything is allright it should work
	132	+
	133	+####NS Config
	134	+
	135	+Enter the configure mode
	136	+
	137	+ configure
	138	+ set service dns forwarding name-server 8.8.8.8
	139	+ set service dns forwarding name-server 8.8.4.4
	140	+ set service dns forwarding options rebind-domain-ok=/dn42/
	141	+ set service dns forwarding options server=/23.172.in-addr.arpa/172.23.0.53
	142	+ set service dns forwarding options server=/22.172.in-addr.arpa/172.23.0.53
	143	+ set service dns forwarding options server=/dn42/172.23.0.53
	144	+ commit
	145	+ save
	146	+ exit
	147	+
	148	+Now try to access any .dn42 tld

howto/IPsec-with-PublicKeys.md

...	...	@@ -31,7 +31,7 @@ Keep in mind that certificates are just public keys wrapped with some extra meta
31	31	### Conversion tool
32	32	Different implementations use different formats to represent public keys, and it's necessary to be able to convert between them. Here is a script for that purpose:
33	33
34		-https://dn42.us/git/user/ryan/pubkey-converter/plain/pubkey-converter.pl
	34	+https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl
35	35
36	36	### How-To examples
37	37	\| Implementation \| Key format \|

howto/IPsecWithPublicKeys/CiscoIOSExample.md

...	...	@@ -39,7 +39,7 @@ _Note: You may already have completed this step, since it's required to enable S
39	39
40	40	2. Convert your peer's public key to the hexadecimal DER format using the [pubkey-converter][pubkey-converter] script, if necessary.
41	41
42		-[pubkey-converter]: https://dn42.us/git/user/ryan/pubkey-converter.git/plain/pubkey-converter.pl "Public key conversion script"
	42	+[pubkey-converter]: https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl "Public key conversion script"
43	43
44	44	## Configuration
45	45	### Configure the phase 1 IKE parameters

howto/IPsecWithPublicKeys/strongSwan5Example.md

...	...	@@ -30,7 +30,7 @@ For IPsec with Public Keys you'll need the package _strongswan-plugin-pubkey_ in
30	30
31	31	2. Convert your peer's public key to the PEM format using the [pubkey-converter][pubkey-converter] script, if necessary.
32	32
33		-[pubkey-converter]: https://dn42.us/git/user/ryan/pubkey-converter.git/plain/pubkey-converter.pl "Public key conversion script"
	33	+[pubkey-converter]: https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl "Public key conversion script"
34	34
35	35	## Configuration
36	36	### Configure the phase 1 IKE parameters

howto/openvpn.md

...	...	@@ -26,7 +26,7 @@ comp-lzo
26	26	persist-key
27	27	persist-tun
28	28	cipher aes-256-cbc
29		-ifconfig-ipv6 <LOCAL_GATEWAY_IPV6> <LOCAL_GATEWAY_IPV6>
	29	+ifconfig-ipv6 <LOCAL_GATEWAY_IPV6> <REMOTE_GATEWAY_IPV6>
30	30	ifconfig <LOCAL_GATEWAY_IP> <REMOTE_GATEWAY_IP>
31	31	secret /etc/openvpn/<PEER_NAME>.key
32	32
...	...	@@ -60,7 +60,7 @@ cipher aes-256-cbc
60	60	resolv-retry infinite
61	61	float
62	62	port <LOCAL_PORT>
63		-ifconfig-ipv6 <LOCAL_GATEWAY_IPV6> <LOCAL_GATEWAY_IPV6>
	63	+ifconfig-ipv6 <LOCAL_GATEWAY_IPV6> <REMOTE_GATEWAY_IPV6>
64	64	ifconfig <LOCAL_GATEWAY_IP> <REMOTE_GATEWAY_IP>
65	65	secret /etc/openvpn/<PEER_NAME>.key
66	66	```
...	...	@@ -73,7 +73,6 @@ secret /etc/openvpn/<PEER_NAME>.key
73	73	* `<REMOTE_PORT>` is openvpn port, where your peer listen for traffic
74	74
75	75	```
76		-daemon
77	76	proto <PROTO>
78	77	mode p2p
79	78	remote <REMOTE_HOST>

internal/Internal-Services.md

...	...	@@ -68,12 +68,11 @@ You can also use http://whatismyip.dn42 from inside dn42 to get your IPv4 and IP
68	68	\|:------------------------------------------------- \|:-------------------------------------------------------- \|
69	69	\| http://mhm.dn42/search \| Hosted by toBee \|
70	70	\| http://yacy.dn42 \| YaCy search engine. Indexing local nets\|
71		-\| http://yacy.marlinc.dn42:8090/ \| Marlinc's YaCy node. \|
72		-\| https://surf.dn42/ \| siska's YaCy node. \|
	71	+\| http://yacy.marlinc.dn42:8090/ (OFFLINE 2016-11-26) \| Marlinc's YaCy node. \|
	72	+\| https://surf.dn42/ (OFFLINE 2016-11-26) \| siska's YaCy node. \|
73	73	\| http://yacy.hexa.dn42/ \| hexa-'s YaCy node. \|
74	74	\| \|[YaCy Network Configuration](http://yacy.dn42/yacy.network.dn42.unit)\|
75		-\| http://search.dn42 (172.23.184.1) \| a few chosen HTTP domains are crawled (taken from the wiki). The previous method, "crawl everything available from the wiki", generated too much data because of FTPs. \|
76		-\| https://surf.dn42 \| YaCy node \|
	75	+\| http://search.dn42 (172.23.184.1) (BROKEN 2016-11-26) \| a few chosen HTTP domains are crawled (taken from the wiki). The previous method, "crawl everything available from the wiki", generated too much data because of FTPs. \|
77	76
78	77	## Images and Media
79	78
...	...	@@ -90,12 +89,6 @@ You can also use http://whatismyip.dn42 from inside dn42 to get your IPv4 and IP
90	89	\| http://sprawl.smrsh.dn42:8000/ \| [smrsh radio](http://smrsh.net/radio) \|
91	90	\| http://stream.media.dn42/ \| icecast-relay, contact toBee for more streams \|
92	91
93		-## Voice and video calls
94		-
95		-\| Hostname / IP \| Remarks \|
96		-\|:------------------------------------------------- \|:-------------------------------------------------------- \|
97		-\| http://zaledia.dn42/ \| Zaledia VOIP service. Contact ranma on IRC OR [email protected] or [email protected] to get your account.
98		-
99	92	## File sharing
100	93
101	94	### Tahoe LAFS
...	...	@@ -122,7 +115,12 @@ https://rest.dn42/
122	115	```
123	116
124	117	### Direct Connect
125		-An [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Connect) Hub is being run at `hub.dcpp.dn42:2780`. Choose a [client](https://en.wikipedia.org/wiki/Comparison_of_ADC_software#Client_software) and connect to exchange files.
	118	+Some [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Connect) Hubs are being run at `hub.dcpp.dn42:2780`. Choose a [client](https://en.wikipedia.org/wiki/Comparison_of_ADC_software#Client_software) and connect to exchange files.
	119	+
	120	+\| Address \|
	121	+\|:-----------------------\|
	122	+\| hub.dcpp.dn42:2780 \|
	123	+\| dcpp.grmml.dn42:4111 \|
126	124
127	125	### FTP / HTTP
128	126
...	...	@@ -130,14 +128,15 @@ An [Advanced Direct Connect](https://en.wikipedia.org/wiki/Advanced_Direct_Conne
130	128
131	129	\| Hostname / IP \| Space \| Speed \| Remarks \|
132	130	\|:----------------------------------------------------------- \|:----- \|:----------- \|:---------------------------------------------- \|
133		-\| http://172.22.92.2 \| \| ~60kbps \| mostly up \|
	131	+\| http://172.22.92.2 \| \| ~60kbps \| mostly up \|
134	132	\| http://seafile.dn42 \| \| \| Opensource Dropbox, yay! \|
135	133	\| http://files.feuerrot.dn42 \| 6TB \| 1Gbit \| http, ftp, nfs, rsync \|
136	134	\| sftp://anonsftp:[email protected]:2212/ \| 12TB \| 1Gb/s \| incoming writable \|
137	135	\| http://files.martin89.dn42/ \| \| max 2Mbit/s \| download only \|
138		-\| http://filer.mhm.dn42 \| 4TB \| 1GBit \| 24/7/365 \| \|
139		-\| http://storage.hq.c3d2.de:8080/rpool \| \| 2.4Mbit/s \| download only webdav:k-ot\|
	136	+\| http://filer.mhm.dn42 \| 4TB \| 1GBit \| 24/7/365 \|
	137	+\| http://storage.hq.c3d2.de:8080/rpool \| \| 2.4Mbit/s \| download only webdav:k-ot \|
140	138	\| ftp://nas.jan.dn42/ \| 6TB \| 10 Mbit/s \| anonymous read/write \|
	139	+\| http://storage.hb.jplitza.de \| 6TB \| 10 Mbit/s \| http, rsync, download only \|
141	140
142	141	### Torrent Tracker
143	142
...	...	@@ -199,16 +198,16 @@ Also check [Repository Mirrors](/services/Repository-Mirrors)
199	198	\| ------------------------------------------------- \| ------------------------------------------------------------------------------ \|
200	199	\| http://teams.dn42[.us]/dn42 \| Mattermost (Slack clone) instance: get notifications for wiki/CA changes here \|
201	200	\| http://nowhere.ws/dn42 \| Some random stuff concerning dn42, packages for Debian, e.g. Quagga \|
	201	+\|https://bin.dn42 \| AES-encrypted pastebin-like service ([zerobin](https://github.com/sebsauvage/ZeroBin)) \|
202	202	\| http://pastebin.trunet.dn42 \| AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) \|
203		-\| https://paste.weiti.dn42 \| AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) \|
204		-\| ~~https://paste.synhacx.dn42~~(OFFLINE 2016-08-24)\| AES-encrypted pastebin-like ([zerobin](https://github.com/sebsauvage/ZeroBin)) \|
205		-\| ~~http://zerobin.e-utp.dn42~~(OFFLINE 2016-08-24) \| AES-encrypted pastebin-like, second one ([zerobin](https://github.com/sebsauvage/ZeroBin)) \|
206		-\| ~~https://flo.dn42/paste/~~(OFFLINE 2016-08-24) \| AES-256-encrypted pastebin-like, with HTTPS ([zerobin]) \|
207		-\| ~~https://szf.dn42/paste/~~(OFFLINE 2016-08-24) \| AES-encrypted pastebin-like, another one \|
	203	+\| https://paste.weiti.dn42 \| AES-encrypted pastebin-like ([privatebin]\|
	204	+(https://github.com/sebsauvage/ZeroBin)) \|
	205	+\| ~~http://zerobin.e-utp.dn42 \| AES-encrypted pastebin-like, second one ([zerobin](https://github.com/sebsauvage/ZeroBin)) \| ]
	206	+\| ~~https://szf.dn42/paste/~~(TLSNOTHAPPY 2016-11-26) \| AES-encrypted pastebin-like, another one \|
	207	+\| https://pad.dn42 \| [Etherpad](http://etherpad.org) service for collaborative work \|
208	208	\| http://ip.synhacx.dn42 \| Basic "whatismyip" service ([description](http://synhacx.dn42/showmyip)) \|
209	209	\| http://nixnodes.dn42/ip \| Simple 'myip' service \|
210	210	\| https://szf.dn42/ip (text) https://szf.dn42/ifconfig (html) \| Another simple 'myip' service \|
211		-\| https://weiti.dn42/cgi-bin/my-ip \| Another 'myip' service \|
212	211	\| https://git.dn42[.us] \| Git Repository Hosting (Signup: email ssh pubkey to [email protected]) \|
213	212	\| https://git.dn42[.us]/pubkeys/[username] \| Get ssh public keys from Git Users of git.dn42. \|
214	213	\| http://ngit.dn42 \| \|

internal/services/Tor.md

...	...	@@ -6,7 +6,8 @@ Tor bridges allow for the Tor client to connect to a specific IP address and val
6	6
7	7	\| Name \| Bandwidth \| Contact \| Protocol \| Fingerprint \| Info \|
8	8	\|-----------------------\|-----------\|------------------\|----------\|------------------------------------------\|------------------------------------\|
9		-\| photon.flat.dn42:8443 \| 500kB/s \| [email protected] \| obfs4 \| 79B30C78C9DA0F812589D336B399307435DC452A \| Limited to 100GB transfer per week \|
	9	+\| photon.flat.dn42:8443 \| 500kB/s \| [email protected] \| obfs4 \| 83B02FB88253A7FD313B7912B12B05AF2A42D3B9 \| Limited to 100GB transfer per week \|
	10	+\| gouda.flat.dn42:8443 \| 500kB/s \| [email protected] \| obfs4 \| DF8CA08A9BED62B319D1E52610510959374444A2 \| \|
10	11
11	12	# Anycast Tor
12	13

services/Certificate-Authority.md

...	...	@@ -121,7 +121,19 @@ Install `ca-certificates-dn42` from [AUR](https://aur.archlinux.org/packages/ca-
121	121
122	122	### Debian/Ubuntu
123	123
124		-There is no packet at the moment, but you can install it manually:
	124	+#### Unofficial Debian Package
	125	+
	126	+```bash
	127	+wget https://ca.dn42.us/ca-dn42_20161122.0_all.deb
	128	+# If you're on a dn42-only network:
	129	+# wget --no-check-certificate https://ca.dn42/ca-dn42_20161122.0_all.deb
	130	+sudo dpkg -i ca-dn42_20161122.0_all.deb
	131	+sudo dpkg-reconfigure ca-certificates
	132	+```
	133	+
	134	+You will be asked which certificates you would like to enabled. By default, the dn42 root certifcate (dn42/root-ca.crt) is not enable, be sure to enable it. This package is waiting for inclusion in Debian (Debian bug [#845351](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845351)).
	135	+
	136	+#### Manual Installation
125	137
126	138	```bash
127	139	$ mkdir /usr/share/ca-certificates/extra

services/DNS.md

...	...	@@ -1,5 +1,5 @@
1		-# DNS
2		-The new anycast resolver for `.dn42` runs on `172.23.0.53` and `TBD`. Please see [[Hierarchical DNS]] for more information.
	1	+# DNS (DEPRECATED)
	2	+The new anycast resolver for `.dn42` runs on `172.23.0.53` and `fd42:d42:d42:53::1`. Please see [[Hierarchical DNS]] for more information.
3	3
4	4	The information below is outdated.
5	5	***

services/Distributed-Wiki.md

...	...	@@ -19,7 +19,7 @@ The local webserver is monitored with a simple [[shell script\|Distributed-Wiki#e
19	19
20	20	## Network
21	21
22		- - Install wiki anycast IP address `172.23.0.80/32` on the system
	22	+ - Install wiki anycast IP addresses `172.23.0.80/32` and `fd42:d42:d42:80::1/64` on the system
23	23	- Assign a unicast IP address to be used by Nginx
24	24	- Establish connectivity to the dn42 network
25	25
...	...	@@ -47,7 +47,6 @@ GIT=/usr/bin/git
47	47
48	48	cd "${WIKI_PATH}"
49	49	${GIT} push
50		-sleep 1
51	50	${GIT} pull
52	51
53	52	exit 0
...	...	@@ -75,11 +74,11 @@ RACK_ENV=production gollum --css <path>/custom.css --gollum-path <path> --host 1
75	74
76	75	Set `<path>` to the location where wiki Git repo was cloned.
77	76
78		-## Nginx proxy
	77	+## Nginx reverse proxy
79	78
80	79	#### SSL
81	80
82		- - Setup your MNTNR according to [Automatic CA](https://internal.dn42/services/Automatic-CA)
	81	+ - Setup your maintainer object according to [Automatic CA](https://internal.dn42/services/Automatic-CA)
83	82	- Generate a [CSR](/services/Certificate-Authority) and send DNS Key Pin to [[email protected]](mailto:[email protected]):
84	83
85	84	```
...	...	@@ -149,8 +148,8 @@ server {
149	148
150	149	listen 172.23.0.80:80 default;
151	150	listen [fd42:d42:d42:80::1]:80 default;
152		- listen 80;
153		- listen [::]:80;
	151	+ listen <unicast ipv4> 80;
	152	+ listen [<unicast ipv6>]:80;
154	153
155	154	add_header X-SiteID '<aut-num>-<cc>';
156	155
...	...	@@ -167,8 +166,8 @@ server {
167	166
168	167	listen 172.23.0.80:443 ssl default;
169	168	listen [fd42:d42:d42:80::1]:443 ssl default;
170		- listen 443 ssl;
171		- listen [::]:443 ssl;
	169	+ listen <unicast ipv4> 443 ssl;
	170	+ listen [<unicast ipv6>]:443 ssl;
172	171
173	172	ssl on;
174	173	ssl_certificate <path>/ssl.crt;
...	...	@@ -214,7 +213,7 @@ group gollum-watchdog {
214	213
215	214	## (example ipv6) peer with one of our iBGP speakers:
216	215	neighbor fd42:4992:6a6d::1 {
217		- router-id 172.22.0.80;
	216	+ router-id 172.23.0.80;
218	217	local-address fd42:4992:6a6d::2;
219	218	local-as 123456;
220	219	peer-as 123456;

services/Exchanges.md

...	...	@@ -6,4 +6,8 @@ The following exchanges are available:
6	6	* Amsterdam (OpenVPN) - NL Zuid (marlinc) - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
7	7	* Los Angeles (OpenVPN) - tombii - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
8	8	* New York (OpenVPN) - tombii - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
9		-* Falkenstein/Hetzner (OpenVPN) - GRMML (Nurtic-Vibe) - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
...	...	\ No newline at end of file
	0	+* Falkenstein/Hetzner (OpenVPN) - GRMML (Nurtic-Vibe) - [https://nl-zuid.dn42/](https://nl-zuid.dn42/)
	1	+
	2	+The NL-Zuid website is also available from the public internet: https://nl-zuid.nl
	3	+
	4	+Its generally recommended to only announce prefixes from your own network and that of your transit customers.
...	...	\ No newline at end of file

services/Looking-Glasses.md

...	...	@@ -30,6 +30,6 @@ Please sort by AS number.
30	30	\| 4242422342 \| dn42: http://lg.gbe.dn42 <br> Semi-interactive (no traceroute, no ping) \| UP \|
31	31	\| 4242422700 \| dn42: http://lg.gotroot.dn42 \| UP \|
32	32	\| 4242423827 \| ext: https://sky.nullroute.eu.org/dn42/lg/ <br> dn42: http://lg.nullroute.dn42 \| UP \|
33		-\| 4242423905 \| ext: https://vpn01.weiti.org/ulg/ <br> dn42: https://lg.weiti.dn42/ \| UP \|
	33	+\| 4242423905 \| ext: https://dn42-svc.weiti.org/ulg/ <br> dn42: https://lg.weiti.dn42/ \| UP \|
34	34	\| 4242423905 \| ext: http://zeus.nowhere.ws/dn42/routes.cgi <br> dn42: http://zeus.nihilus.dn42/dn42/routes.cgi <br> Non-interactive (route listing only). \| DOWN \|
35	35	\| 4242423955 \| dn42: http://lg.flo.dn42 \| DOWN \|
...	...	\ No newline at end of file

services/Repository-Mirrors.md

...	...	@@ -4,24 +4,22 @@ There are some mirrors available in DN42. All mirrors are subdomains of "mirror.
4	4
5	5	## Debian
6	6
7		-http://debian.mirror.dn42
	7	+http://debian.mirrors.dn42
8	8
9	9	Hosted by:
10		-* Basil
11	10	* Trunet
12	11
13	12
14	13	## Ubuntu
15		-http://ubuntu.mirror.dn42
	14	+http://ubuntu.mirrors.dn42
16	15
17		-http://archive.ubuntu.mirror.dn42
	16	+http://archive.ubuntu.mirrors.dn42
18	17
19	18	Hosted by:
20	19	* Trunet
21		-* Basil
22	20
23	21	## CentOS
24		-http://centos.mirror.dn42
	22	+http://centos.mirrors.dn42
25	23
26	24	Hosted by:
27	25	* Trunet
...	...	\ No newline at end of file

services/Whois.md

...	...	@@ -141,6 +141,7 @@ Monotone is an distributed revision control system. Monotone tracks revisions to
141	141	\| Person \| Address \| Status \|
142	142	\|----------\|----------------------------------------\|--------\|
143	143	\| crest \| mtn.crest.dn42 \| UP \|
	144	+\| siska \| mtn.nixnodes.net (mtn.nixnodes.dn42) \| UP \|
144	145	\| dracoling \| dn42.smrsh.net (net.smrsh.dn42) \| UP \|
145	146	\| xuu \| mtn.xuu.dn42 (172.22.141.181) \| UP \|
146	147	\| zorun \| mtn.polyno.me / mtn.polynome.dn42 (172.23.184.71)\| UP \|
...	...	@@ -149,6 +150,7 @@ Monotone is an distributed revision control system. Monotone tracks revisions to
149	150	\| hexa- \| mtn.hexa.dn42 (172.23.42.130) \| UP \|
150	151	\| tombii \| mtn.tombii.dn42 (172.22.102.133) \| UP \|
151	152	\| Mic92 \| mtn.evenet.dn42 (172.23.75.6/fd42:4992:6a6d::6) \| UP \|
	153	+\| weiti \| mtn.weiti.dn42 (172.20.175.251/fdf7:17d5:de49::251) \| UP \|
152	154
153	155
154	156	## Monotone branches