From e23608b1ba409902278f1bd0e5f4960f4efb56e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Fri, 6 Jan 2023 16:11:53 +0100 Subject: [PATCH 1/8] add explantion for method and add fallback ciphers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/tunneling/fastd.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docs/tunneling/fastd.md b/docs/tunneling/fastd.md index a774bc5..724451b 100644 --- a/docs/tunneling/fastd.md +++ b/docs/tunneling/fastd.md @@ -31,6 +31,8 @@ mode multitap; # The encryption method (don't change this unless you need to) method "salsa2012+umac"; +method "salsa2012+poly1305"; +method "salsa2012+gmac"; # Bind to and listen for incoming connections on this address and port bind [::]:; @@ -103,6 +105,17 @@ Now we need to fill in the peer details of the node you are connecting to: Fastd can provide a tunnel with `multitap` mode on layer 2 or a tunnel with `tun` mode on layer 3. Note that the fatsd has 20 bytes less overhead when using tun. +### Methods + +fastd supports various transmission encryptions. The encryption and authentication recommended by fastd is `salsa2012+umac`. If you specify multiple encryption methods, the first one specified is preferred. The others are used as fallbacks if the peer does not support the preferred one. +fastd has three groups of transmission ciphers: + - Encrypt and Authenticate + - Authenticate Only + - Transfer Only without Authentication + +It should be noted that poly1305 is very slow on embedded systems and AES is very slow without OpenSSL. +When fastd is used without encryption or authentication, the data is authenticated only by the sender IP address. This authentication can be disabled with `float yes;`. + ### MTU The default MTU of a fastd tunnel is 1500 bytes. However, this can be problematic if the Internet uplink also has an MTU of 1500 or less. In this case IP fragmentation can occur. This is usually something you want to avoid. @@ -139,3 +152,4 @@ To enable the systemd unit on startup run `systemctl enable fastd@crxn` - [fastd documentation](https://fastd.readthedocs.io/en/stable/) - [fastd mtu documentation](https://fastd.readthedocs.io/en/stable/manual/mtu.html) +- [Encryption & authentication methods in fastd](https://fastd.readthedocs.io/en/stable/manual/methods.html) From e1e738e8cb04ba0650de076d4455aeb0c024f40c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Fri, 6 Jan 2023 20:23:43 +0100 Subject: [PATCH 2/8] switch fallback to salsa20 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/tunneling/fastd.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/tunneling/fastd.md b/docs/tunneling/fastd.md index 724451b..baca8c7 100644 --- a/docs/tunneling/fastd.md +++ b/docs/tunneling/fastd.md @@ -32,7 +32,8 @@ mode multitap; # The encryption method (don't change this unless you need to) method "salsa2012+umac"; method "salsa2012+poly1305"; -method "salsa2012+gmac"; +method "salsa20+umac"; +method "salsa20+poly1305"; # Bind to and listen for incoming connections on this address and port bind [::]:; From 2ed02e7b02053a8f2fbb47c6dd2eec270eb9e8e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Sat, 7 Jan 2023 20:34:54 +0100 Subject: [PATCH 3/8] add docs for babeld maxlen filter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/routing/babeld/maxlen-filter.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 docs/routing/babeld/maxlen-filter.md diff --git a/docs/routing/babeld/maxlen-filter.md b/docs/routing/babeld/maxlen-filter.md new file mode 100644 index 0000000..e6cfeb6 --- /dev/null +++ b/docs/routing/babeld/maxlen-filter.md @@ -0,0 +1,6 @@ + +# Implement max-len filter + +To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length. The entitydb contains a bash script `build_maxlen_filter.sh` for this purpose. If you run this script with the argument `babeld`, you will get a babeld-compatible list. + +This list can now be inserted into the configuration file instead of `in ip fd00::/8 le 64 ge 44 allow`. It is recommended to automate this process. From 6df0222229b45299120cf957aeae9bc104ec9bf9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Sat, 7 Jan 2023 20:40:23 +0100 Subject: [PATCH 4/8] add missing link MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/routing/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/routing/index.md b/docs/routing/index.md index d305def..7764937 100644 --- a/docs/routing/index.md +++ b/docs/routing/index.md @@ -10,3 +10,4 @@ ## babeld - [Setting up Babeld](babeld/babeld) +- [max-len filter in babeld](babeld/maxlen-filter) From 2d51f7d46ba28fed2c87319f5ade451494c963f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Sat, 7 Jan 2023 20:53:19 +0100 Subject: [PATCH 5/8] add bird links MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/routing/bird/bird.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/routing/bird/bird.md b/docs/routing/bird/bird.md index 71d0b1b..c1816ed 100644 --- a/docs/routing/bird/bird.md +++ b/docs/routing/bird/bird.md @@ -300,7 +300,6 @@ Help can be obtained by typing the command and then a `?`. Babel uses port 6696/udp and the multicast address `ff02::1:6`. Accordingly, port 6696/udp must be enabled locally. -## Old bird configurations +## Further links -Old configuration can be found [here](old-configuration). -Very old configuration can be found [here](very-old-configuration). +- [bird documentation](https://bird.network.cz/?get_doc&f=bird.html&v=20) From 9027ad30902d82e4ef350bdd2dd192b06f3d2fbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Sun, 8 Jan 2023 00:36:31 +0100 Subject: [PATCH 6/8] add menu entry MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/routing/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/routing/index.md b/docs/routing/index.md index 8024fb6..3b32ac2 100644 --- a/docs/routing/index.md +++ b/docs/routing/index.md @@ -10,3 +10,4 @@ ## babeld - [Setting up Babeld](babeld/babeld) +- [babelweb2](babeld/babelweb2) From a91e2e13baaafd92b46120174804e7664d61f4b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Sun, 8 Jan 2023 13:52:02 +0100 Subject: [PATCH 7/8] add hint how to add args when using babeld with systemd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/routing/babeld/babeld.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/routing/babeld/babeld.md b/docs/routing/babeld/babeld.md index 01095d5..fc4a8a8 100644 --- a/docs/routing/babeld/babeld.md +++ b/docs/routing/babeld/babeld.md @@ -145,6 +145,11 @@ babeld offers a local configuration interface. This can be activated with the fl babeld -g 33123 ``` +If babeld is used with Systemd, you can change the arguments in the `/etc/default/babeld` file: +``` +DAEMON_ARGS="-S /var/lib/babeld/state -g 33123" +``` + The configuration interface can be used to find out various status information on the one hand and to configure babeld on the other. Furthermore, the configuration interface can be used by monitoring programs such as babelweb2. To connect to the configuration interface, you can use telnet: From 08de6a67bbdd60bbced1ddd99d3844343490a148 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20K=C3=BCthe?= Date: Sun, 8 Jan 2023 14:04:13 +0100 Subject: [PATCH 8/8] add link MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marek Küthe --- docs/routing/babeld/babeld.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/routing/babeld/babeld.md b/docs/routing/babeld/babeld.md index fc4a8a8..8f3dd3c 100644 --- a/docs/routing/babeld/babeld.md +++ b/docs/routing/babeld/babeld.md @@ -170,3 +170,4 @@ dump - [babeld FAQ](https://www.irif.fr/~jch/software/babel/faq.html) - [babeld mailling list](https://alioth-lists.debian.net/pipermail/babel-users/) - [babeld source code](https://github.com/jech/babeld) +- [Babel configuration by Réseau Libre](https://wiki.reseaulibre.ca/documentation/babel/)