diff --git a/docs/routing/babeld/babeld.md b/docs/routing/babeld/babeld.md index 963776d..a485c21 100644 --- a/docs/routing/babeld/babeld.md +++ b/docs/routing/babeld/babeld.md @@ -145,6 +145,11 @@ babeld offers a local configuration interface. This can be activated with the fl babeld -g 33123 ``` +If babeld is used with Systemd, you can change the arguments in the `/etc/default/babeld` file: +``` +DAEMON_ARGS="-S /var/lib/babeld/state -g 33123" +``` + The configuration interface can be used to find out various status information on the one hand and to configure babeld on the other. Furthermore, the configuration interface can be used by monitoring programs such as babelweb2. To connect to the configuration interface, you can use telnet: @@ -186,3 +191,4 @@ The routes learned from the babel neighbors are displayed here. Here `` is - [babeld FAQ](https://www.irif.fr/~jch/software/babel/faq.html) - [babeld mailling list](https://alioth-lists.debian.net/pipermail/babel-users/) - [babeld source code](https://github.com/jech/babeld) +- [Babel configuration by RĂ©seau Libre](https://wiki.reseaulibre.ca/documentation/babel/) diff --git a/docs/routing/babeld/maxlen-filter.md b/docs/routing/babeld/maxlen-filter.md new file mode 100644 index 0000000..e6cfeb6 --- /dev/null +++ b/docs/routing/babeld/maxlen-filter.md @@ -0,0 +1,6 @@ + +# Implement max-len filter + +To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length. The entitydb contains a bash script `build_maxlen_filter.sh` for this purpose. If you run this script with the argument `babeld`, you will get a babeld-compatible list. + +This list can now be inserted into the configuration file instead of `in ip fd00::/8 le 64 ge 44 allow`. It is recommended to automate this process. diff --git a/docs/routing/bird/bird.md b/docs/routing/bird/bird.md index 71d0b1b..c1816ed 100644 --- a/docs/routing/bird/bird.md +++ b/docs/routing/bird/bird.md @@ -300,7 +300,6 @@ Help can be obtained by typing the command and then a `?`. Babel uses port 6696/udp and the multicast address `ff02::1:6`. Accordingly, port 6696/udp must be enabled locally. -## Old bird configurations +## Further links -Old configuration can be found [here](old-configuration). -Very old configuration can be found [here](very-old-configuration). +- [bird documentation](https://bird.network.cz/?get_doc&f=bird.html&v=20) diff --git a/docs/routing/index.md b/docs/routing/index.md index 8024fb6..3d2b86c 100644 --- a/docs/routing/index.md +++ b/docs/routing/index.md @@ -10,3 +10,5 @@ ## babeld - [Setting up Babeld](babeld/babeld) +- [max-len filter in babeld](babeld/maxlen-filter) +- [babelweb2](babeld/babelweb2) diff --git a/docs/tunneling/fastd.md b/docs/tunneling/fastd.md index a774bc5..baca8c7 100644 --- a/docs/tunneling/fastd.md +++ b/docs/tunneling/fastd.md @@ -31,6 +31,9 @@ mode multitap; # The encryption method (don't change this unless you need to) method "salsa2012+umac"; +method "salsa2012+poly1305"; +method "salsa20+umac"; +method "salsa20+poly1305"; # Bind to and listen for incoming connections on this address and port bind [::]:; @@ -103,6 +106,17 @@ Now we need to fill in the peer details of the node you are connecting to: Fastd can provide a tunnel with `multitap` mode on layer 2 or a tunnel with `tun` mode on layer 3. Note that the fatsd has 20 bytes less overhead when using tun. +### Methods + +fastd supports various transmission encryptions. The encryption and authentication recommended by fastd is `salsa2012+umac`. If you specify multiple encryption methods, the first one specified is preferred. The others are used as fallbacks if the peer does not support the preferred one. +fastd has three groups of transmission ciphers: + - Encrypt and Authenticate + - Authenticate Only + - Transfer Only without Authentication + +It should be noted that poly1305 is very slow on embedded systems and AES is very slow without OpenSSL. +When fastd is used without encryption or authentication, the data is authenticated only by the sender IP address. This authentication can be disabled with `float yes;`. + ### MTU The default MTU of a fastd tunnel is 1500 bytes. However, this can be problematic if the Internet uplink also has an MTU of 1500 or less. In this case IP fragmentation can occur. This is usually something you want to avoid. @@ -139,3 +153,4 @@ To enable the systemd unit on startup run `systemctl enable fastd@crxn` - [fastd documentation](https://fastd.readthedocs.io/en/stable/) - [fastd mtu documentation](https://fastd.readthedocs.io/en/stable/manual/mtu.html) +- [Encryption & authentication methods in fastd](https://fastd.readthedocs.io/en/stable/manual/methods.html)