How to install and configure cjdns on Debian-ish system

From PeerFreedom Wiki
Jump to navigation Jump to search

Instalation

Run method

Choose one of run methods:

  1. cjdns can run as separate user, from systemd (recommended in any modern distro)
  2. cjdns can run as separate user, from crontab (recommended without systemd, in legacy situations)
  3. cjdns can run as root, from systemd (much simpler but slightly less secure version of method 1)
  4. cjdns can run as root, from crontab (simpler but slightly less secure version of method 2)

Install firewall first!

How to configure a firewall on Debian-ish system

Method 1 (Systemd + separate user)

Run following commands:

apt install nodejs build-essential git
cd /opt
git clone https://github.com/cjdelisle/cjdns.git
cd cjdns
./do
ln -s /opt/cjdns/cjdroute /usr/bin
setcap "cap_net_admin+eip cap_net_raw+eip" /usr/bin/cjdroute
cp contrib/systemd/*.service /etc/systemd/system/
useradd -m -r -d /var/cjdns cjdns
mkdir /etc/cjdns
chown cjdns:cjdns /etc/cjdns
chmod 700 /etc/cjdns
sudo su - cjdns
(umask 077 && ./cjdroute --genconf > /etc/cjdns/cjdroute.conf)
exit

Create file /etc/systemd/system/cjdns-sandbox-blackhole.service with content:

[Unit]
Description=cjdns in sandbox - routing setting
Wants=network.target
After=network-pre.target
Before=network.target network.service cjdns-sandbox.service

[Service]
Type=oneshot
ExecStart=/sbin/ip -6 route add blackhole fc00::/8 metric 500

[Install]
WantedBy=multi-user.target

/etc/systemd/system/cjdns-sandbox-resume.service:

[Unit]
Description=Restart cjdns-sandbox on resume from sleep
After=sleep.target

[Service]
Type=oneshot
ExecStart=/bin/systemctl restart cjdns-sandbox

[Install]
WantedBy=sleep.target

/etc/systemd/system/cjdns-sandbox.service:

[Unit]
Description=cjdns in sandbox: routing engine designed for security, scalability, speed and ease of use
Wants=cjdns-sandbox-blackhole.service network.target
After=cjdns-sandbox-blackhole.service network-pre.target
Before=network.target network.service

[Service]
ProtectHome=true
ProtectSystem=true
SyslogIdentifier=cjdroute
ExecStartPre=/bin/sh -ec "if ! test -s /etc/cjdns/cjdroute.conf; \
                then umask 077; \
                /usr/bin/cjdroute --genconf > /etc/cjdns/cjdroute.conf; \
                echo 'WARNING: A new /etc/cjdns/cjdroute.conf file has been generated.'; \
            fi"
ExecStart=/bin/sh -c "exec /usr/bin/cjdroute --nobg < /etc/cjdns/cjdroute.conf"
Restart=always
User=cjdns

[Install]
WantedBy=multi-user.target
Also=cjdns-sandbox-blackhole.service cjdns-sandbox-resume.service

After that run:

systemctl daemon-reload
systemctl enable --now cjdns-sandbox

Method 2 (crontab + separate user)

Run following commands:

apt install nodejs build-essential git
cd /opt
git clone https://github.com/cjdelisle/cjdns.git
cd cjdns
./do
ln -s /opt/cjdns/cjdroute /usr/bin
setcap "cap_net_admin+eip cap_net_raw+eip" /usr/bin/cjdroute
useradd -m -r -d /var/cjdns cjdns
mkdir /etc/cjdns
chown cjdns:cjdns /etc/cjdns
chmod 700 /etc/cjdns
sudo su - cjdns
(umask 077 && ./cjdroute --genconf > /etc/cjdns/cjdroute.conf)
crontab -e

In cjdns user crontab put:

@reboot /usr/bin/cjdroute --nobg < /etc/cjdns/cjdroute.conf &> /dev/null

Then exit cjdns shell by exit command.

And as root run crontab -e, and in root crontab put:

@reboot /sbin/ip -6 route add blackhole fc00::/8 metric 500 &> /dev/null

Restart system.

Method 3 (systemd as root)

Run following commands:

apt install nodejs build-essential git
cd /opt
git clone https://github.com/cjdelisle/cjdns.git
cd cjdns
./do
ln -s /opt/cjdns/cjdroute /usr/bin
(umask 077 && ./cjdroute --genconf > /etc/cjdroute.conf)
cp contrib/systemd/*.service /etc/systemd/system/
systemctl enable cjdns
systemctl start cjdns

Method 4 (crontab as root)

Run following commands:

apt install nodejs build-essential git
cd /opt
git clone https://github.com/cjdelisle/cjdns.git
cd cjdns
./do
ln -s /opt/cjdns/cjdroute /usr/bin
(umask 077 && ./cjdroute --genconf > /etc/cjdroute.conf)
crontab -e

In root crontab put:

@reboot /sbin/ip -6 route add blackhole fc00::/8 metric 500 &> /dev/null
@reboot /usr/bin/cjdroute --nobg < /etc/cjdroute.conf &> /dev/null

Open ports

Find which ports are used for UDP connection and LAN beacon port in /etc/cjdroute.conf

In example 19191 port for UDP connection in:

   "interfaces": {
        // The interface which connects over UDP/IP based VPN tunnel.
        "UDPInterface": [
            {
                // Bind to this port.
                "bind": "0.0.0.0:19191",
                // Set the DSCP value for Qos. Default is 0.
                // "dscp": 46,

and 64512 for beacon port:

                // 192.168.101.255, or the pseudo-name "all".
                // in order to auto-peer, all cjdns nodes must use the same
                // beaconPort.
                "beacon": 2,
                "beaconDevices": [ "all" ],
                "beaconPort": 64512,

And open that UDP ports in your firewall.

Add peers

In /etc/cjdroute.conf find:

                    // Add connection credentials here to join the network
                    // If you have several, don't forget the separating commas
                    // They should look like:
                    // "ipv4 address:port": {
                    //     "login": "(optional) name your peer has for you"
                    //     "password": "password to connect with",
                    //     "publicKey": "remote node key.k",
                    //     "peerName": "(optional) human-readable name for peer"
                    // },
                    // Ask somebody who is already connected.

And after it put:

//public
      "51.75.35.194:1132": {
        "contact": "me@magik6k.net",
        "password": "thah9aePha1Vusha6ovhpublic",
        "peerName": "Magik6k-waw-public",
        "publicKey": "kw0vfw3tmb6u6p21z5jmmymdlumwknlg3x8muk5mcw66tdpqlw30.k"
      },
  "51.75.127.200:21": {
    "contact": "jorropo.pgm(a7)gmail.com",
    "login": "public",
    "password": "Was that simple ?",
    "peerName": "0.h.jorropo.ovh",
    "publicKey": "5n3cu1p6gk65u6cphrnwv2r0n036dzm52zgrfm74vhfgslqbb4h0.k"
  }

If you want to add more peers put a comma after last } bracket. Also check that after last new peer there isn't a comma.

Restart cjdns.