Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- // Private key:
- // Your confidentiality and data integrity depend on this key, keep it secret!
- "privateKey": "f50751ecb1ffe7c39ff30603c6910c1c7bdc074587d7c9ee6e50ab4d4ffa54ea",
- // This key corresponds to the public key and ipv6 address:
- "publicKey": "us0ct2kpfw1mbt7dj9p3cu31sfznxy1u9f4bhj34z3cqsjfx7370.k",
- "ipv6": "fca6:eda5:60e8:9140:f9da:e97a:8251:9256",
- // Anyone connecting and offering these passwords on connection will be allowed.
- //
- // WARNING: If a "login" parameter is passed, someone sniffing on the wire can
- // sniff the packet and crack to find it. If the "login" is not passed
- // then the hash of the 'password' is effectively the login, therefore
- // that can be cracked.
- //
- "authorizedPasswords":
- [
- // A unique string which is known to the client and server.
- // Specify an optional user to identify the peer locally.
- // It is not used for authentication.
- {"password": "lgz5xqy8clf8hn36wsfblmph6248gl0", "user": "default-login"}
- // More passwords should look like this.
- // {"password": "4w8fy3vlu8fzc0ywwyw3h55py3m1k25", "user": "my-second-peer"},
- // {"password": "slhp54mu2mrfqj6zz0ndw3dxt7gn7y2", "user": "my-third-peer"},
- // {"password": "jc4vgmnb05dyhkf2661bvdlsw7z2qlx", "user": "my-fourth-peer"},
- // Below is an example of your connection credentials
- // that you can give to other people so they can connect
- // to you using your default password (from above).
- // The login field here yourself to your peer and the peerName field
- // is the name the peer which will be displayed in peerStats
- // Adding a unique password for each peer is advisable
- // so that leaks can be isolated.
- /*
- "your.external.ip.goes.here:17188": {
- "login": "default-login",
- "password":"lgz5xqy8clf8hn36wsfblmph6248gl0",
- "publicKey":"us0ct2kpfw1mbt7dj9p3cu31sfznxy1u9f4bhj34z3cqsjfx7370.k",
- "peerName":"your-name-goes-here"
- },
- */
- ],
- // Settings for administering and extracting information from your router.
- // This interface provides functions which can be called through a UDP socket.
- // See admin/Readme.md for more information about the API and try:
- // ./tools/cexec
- // For a list of functions which can be called.
- // For example: ./tools/cexec 'memory()'
- // will call a function which gets the core's current memory consumption.
- // ./tools/cjdnslog
- // is a tool which uses this admin interface to get logs from cjdns.
- "admin":
- {
- // Port to bind the admin RPC server to.
- "bind": "127.0.0.1:11234",
- // Password for admin RPC server.
- // This is a static password by default, so that tools like
- // ./tools/cexec can use the API without you creating a
- // config file at ~/.cjdnsadmin first. If you decide to
- // expose the admin API to the network, change the password!
- "password": "NONE"
- },
- // Interfaces to connect to the switch core.
- "interfaces":
- {
- // The interface which connects over UDP/IP based VPN tunnel.
- "UDPInterface":
- [
- {
- // Bind to this port.
- "bind": "0.0.0.0:17188",
- // Nodes to connect to (IPv4 only).
- "connectTo":
- {
- // Add connection credentials here to join the network
- // If you have several, don't forget the separating commas
- // They should look like:
- // "ipv4 address:port": {
- // "login": "(optional) name your peer has for you"
- // "password": "password to connect with",
- // "publicKey": "remote node key.k",
- // "peerName": "(optional) human-readable name for peer"
- // },
- // Ask somebody who is already connected.
- //Amsterdam public node cjdroute.net
- "95.85.46.74:47670":{
- "password": "freedomforallmlzb0mnd9kyz1rnall",
- "publicKey": "guqq5h8p9w6mtxfuh1k9hl1yqljpqqnvj2umcd1cuvx64vbuqhu0.k"},
- // Ukrane public node
- "195.34.197.189:42998":{
- "password": "5cvyb5mvb1pktcqhqcwjq5ng82lhjdx",
- "publicKey":"sn6lbr223vznkv4hr1prgxzcs7gw8fmb222huprd8zyfv617du90.k"},
- "83.137.52.57:31337":
- {
- "password": "cjdnsDotixDotgs",
- "publicKey": "pvtgk72f25urxqywxdzfk12t2b4kuhtrc2f1mx58rtpx0wzbll90.k"
- },
- // Moscow public node 2
- "82.146.34.103:63336":
- { "password":"vmtgs8phs8w7t76q3zr8v7nxr4txwd1",
- "publicKey":"h8p5609d03yt1fzu3dlky3g1kt3bq8gffhnsbq2z1dg8j46rt4w0.k"},
- // Piter
- "176.123.128.176:25257":
- {
- "password": "6xnc7khz7zzvmmstv2d2gp6wn1n9uhc",
- "publicKey": "n93123n4tv3fgfmz7c7zm6qwn6sh5mw4cvx9uxm3vm756vvmsu30.k"
- },
- //Europe
- "51.254.68.187:31336":{
- "password": "public-54ee6081700f99ae9ea96e0ac4a7ef77",
- "publicKey": "uxhztss1zffdgyx69pxckz61thf8qhylqcvp2guful7qy7gwtdj0.k"
- },
- "93.170.96.119:19507":{
- "password": "public-e9154afd795f144fad4188d51e4aa290",
- "publicKey": "3us96st6mtncum7gqdc1byq2vvv71hz81287b6b1dkd389rjth00.k"
- },
- "212.83.157.66:10334":{
- "password":"Public",
- "publicKey":"ddhxthnv29ljx2n9618qs2udm2f8jnm85szbf5y79bh4gkfyt3y0.k",
- "contact":"elwisp@efnet or hypeirc",
- "location":"FR"
- },
- "51.254.25.16:1132":{
- "contact":"me@magik6k.net",
- "password":"thah9aePha1Vusha6ovhpublic",
- "peerName":"Magik6k-sbg1",
- "publicKey":"kw0vfw3tmb6u6p21z5jmmymdlumwknlg3x8muk5mcw66tdpqlw30.k"
- },
- "188.226.183.183:43328":{
- "password":"public_access",
- "publicKey":"1y1jmqrw4r31jlp6yqmq30067rcp0tsgsdm3cs4k8l33pyfhpwn0.k",
- "user":"weuxel",
- "contact": "hype@smash-net.org"
- },
- "92.241.12.189:22569":{
- "password": "6mDHySCSJYVgyJqphpgnokqKrCq045mF",
- "publicKey": "9qz459vnkb1v36ypq84m29g2q7dn8gndg9bh0w1499urnkx9nmt0.k",
- "hostname": "h.start-com.ru",
- "contact": "vvk@start-com.ru"
- },
- "185.90.62.45:18192":{
- "password": "public-acb42fc410d96c92f4219ffd23c1c6a8",
- "publicKey": "03ubz7nvss8134wrt5xxtpjf6kyvru72upbbh5gkdb3p07d0jlg0.k"
- },
- //North America
- "172.81.176.146:15399":{
- "password": "public-e36871c2857eae433528407bfb831806",
- "publicKey": "sjr7lm3n400cdn7jmf2289clwnx2jmz5dm22r3pnwr2937k58s00.k"
- },
- "149.56.19.79:55159":{
- "contact": "infrastructure@stashcrypto.com",
- "login": "default-login",
- "password": "dgv86ktpblc2h4y93fsqpshcg2lbp5d",
- "peerName": "git.stashcrypto.net",
- "publicKey": "zbfurpx9n6whzwu6vrlfgmw8g56rmchfmhxxtpg0hwhl84vqf1y0.k"
- },
- "158.69.119.35:9218":{
- "contact": "infrastructure@stashcrypto.com",
- "login": "default-login",
- "password": "w5huch4mn6tkgfp3j9sr8p8r13j3j33",
- "peerName": "seed.stashcrypto.net",
- "publicKey": "rzg61b3fsb675732g5rn8g1x61ypm1z7402n072qmrbbhgzm93f0.k"
- },
- "149.56.98.167:3703":{
- "contact": "code@ventricle.us",
- "gpg": "7FE895160E3314027CD3B5D37392CF088BB4345C",
- "location": "ovh beauharnois",
- "login": "public-peer",
- "password": "ppm6j89mgvss7uvtntcd9scy6166mwb",
- "peerName": "larynx.ventricle.us",
- "publicKey": "jg035j9hup776kwz1k4n0bwpggxp1qmts6t715x53g8vutxktzz0.k"
- },
- "192.169.7.142:14400":{
- "contact": "Igel@hyperboria.ca",
- "gpg": "A84DFFE62B451511",
- "password": "alfa-charlie-alfa-bravo",
- "peerName": "igel-losangeles",
- "publicKey": "mh9m0411cfcg7xhdc8n6ckls1tjgnvvbdfzdgqf5196tfkw96rr0.k"
- },
- "138.197.204.54:29963":{
- "contact": "kylerschin@gmail.com",
- "ipv6": "fc2b:2beb:99be:a006:cd56:7ae2:8093:8be0",
- "location": "digitalocean sfo2",
- "login": "default-login",
- "password": "7jzsdnl642vm17tn3pjmh9sxc2ms40w",
- "peerName": "kylers-awesome-website",
- "publicKey": "ppj4n90uw68nvtmz7hz4g1ksubsxylgbhqg9p9x6f37vp4s599c0.k"
- },
- "138.68.245.159:50505":{
- "contact": "chapman.shoop@riseup.net",
- "login": "public-peer",
- "password": "7ztkh2m3p97z0fcyn50wmtx863n6b3j",
- "peerName": "salesforce-tower",
- "publicKey": "6d2kt2hbcp7v0pw9q6f1u2s039kfnt4m4123rjxg26hsgrc12v80.k"
- },
- "192.34.85.155:2359":{
- "contact": "Igel@hyperboria.ca",
- "gpg": "A84DFFE62B451511",
- "password": "alfa-charlie-alfa-bravo",
- "peerName": "igel-boston",
- "publicKey": "rdxg1nzvmjdj4fyguqydmnl659p7m3x26r6un4ql966q4xt988j0.k"
- },
- "104.200.29.163:53053":{
- "contact": "ansuz@transitiontech.ca",
- "gpg": "024A7C03E67ED8CF",
- "password": "cLjDBorhsYJUmJrESGueHsRY4HXcFyj",
- "peerName": "transitiontech",
- "publicKey": "1941p5k8qqvj17vjrkb9z97wscvtgc1vp8pv1huk5120cu42ytt0.k"
- },
- "107.170.57.34:63472":{
- "contact": "code@ventricle.us",
- "gpg": "7FE895160E3314027CD3B5D37392CF088BB4345C",
- "location": "digitalocean nyc2",
- "login": "public-peer",
- "password": "ppm6j89mgvss7uvtntcd9scy6166mwb",
- "peerName": "cord.ventricle.us",
- "publicKey": "1xkf13m9r9h502yuffsq1cg13s5648bpxrtf2c3xcq1mlj893s90.k"
- },
- "192.241.171.154:62718":{
- "contact": "hype@smash-net.org",
- "password": "public_access",
- "publicKey": "q5nhj9kg6ddmk571jb259mct2ljd10z9xvyf05y3hu66wk4qnk20.k",
- "user": "weuxel"
- },
- "192.198.82.242:27823":{
- "contact": "Igel@hyperboria.ca",
- "gpg": "A84DFFE62B451511",
- "password": "alfa-charlie-alfa-bravo",
- "peerName": "igel-northcarolina",
- "publicKey": "1nctdb89gtfrlnu71zyq97n14frl1r4z0ylwzc8vn7kpvrzu4yl0.k"
- },
- "173.62.245.186:55249":{
- "contact": "natebrune@gmail.com",
- "country": "us",
- "gpg": "C95CE6BC6735BAD7",
- "ipv6": "fcda:9958:9093:49f2:2677:6df6:2a5a:b01d",
- "password": "Public",
- "peerName": "NAT",
- "publicKey": "vgxqyputh4ldhxktg9msmr61pw938l0ymhkmryljsyzvmr0dtwy0.k",
- "website": "https://github.com/NateBrune"
- },
- "198.58.100.240:22237":{
- "contact": "jhj@trnsz.com",
- "login": "default-login",
- "password": "pqr5brz16vzzu6vhjuj7tv3n078kr5f",
- "peerName": "trnsz",
- "publicKey": "ubbtkp0txwjh44v8kkznvhjqqwr1hd2jzv5ms9zlkfk25svxvtg0.k"
- },
- //Global IPv6 Peers
- "[2604:a880:0:1010::f:4001]:63472":{
- "contact": "code@ventricle.us",
- "gpg": "7FE895160E3314027CD3B5D37392CF088BB4345C",
- "location": "digitalocean nyc2",
- "login": "public-peer",
- "password": "ppm6j89mgvss7uvtntcd9scy6166mwb",
- "peerName": "cord.ventricle.us",
- "publicKey": "1xkf13m9r9h502yuffsq1cg13s5648bpxrtf2c3xcq1mlj893s90.k"
- },
- "[2604:a880:2:d0:0:0:35ee:d001]:29963":{
- "contact": "kylerschin@gmail.com",
- "ipv6": "fc2b:2beb:99be:a006:cd56:7ae2:8093:8be0",
- "location": "digitalocean sfo2",
- "login": "default-login",
- "password": "7jzsdnl642vm17tn3pjmh9sxc2ms40w",
- "peerName": "kylers-awesome-website",
- "publicKey": "ppj4n90uw68nvtmz7hz4g1ksubsxylgbhqg9p9x6f37vp4s599c0.k"
- },
- "[2602:ff65:0:1::fc00]:2359":{
- "contact": "Igel@hyperboria.ca",
- "gpg": "A84DFFE62B451511",
- "password": "alfa-charlie-alfa-bravo",
- "peerName": "igel-boston",
- "publicKey": "rdxg1nzvmjdj4fyguqydmnl659p7m3x26r6un4ql966q4xt988j0.k"
- },
- "[2a00:e10:1000:10:4386:102:61:80]:20431":{
- "password": "public",
- "publicKey": "p16btvp45j021u8yy0x25zznyhdpq5wx0djulplxf2xp2vgxjq90.k"
- "hostname": "network.luggs.co",
- "contact": "im@luggs.co"
- },
- "fc3f:bc82:a104:8933:ba0f:2d2c:de82:966:64137":{
- "login": "default-login",
- "password":"34pq18yfsc40yy360hz191u807gk6fk",
- "publicKey":"tfxxckg18zfxrb3xs3p4f7d9xgxscg13v2zwtjh6ndn704n816l0.k"
- },
- "fc0b:74f6:2b77:e24f:c360:cd63:542:adfd:38760":{
- "login": "default-login",
- "password":"3t0vmv241g4v6wlt01gjk5fc621z702",
- "publicKey":"67nhsv30npgd2ux36mg7qyby0zg5kdv6wz7bgxbl0vlb3tkh5mh0.k"
- },
- "[2607:5300:61:44f::]:55159":{
- "contact": "infrastructure@stashcrypto.com",
- "login": "default-login",
- "password": "dgv86ktpblc2h4y93fsqpshcg2lbp5d",
- "peerName": "git.stashcrypto.net",
- "publicKey": "zbfurpx9n6whzwu6vrlfgmw8g56rmchfmhxxtpg0hwhl84vqf1y0.k"
- },
- "[2001:470:1f15:156::31]:64512":{
- "contact": "post@0x21.biz",
- "gpg": "F32A45637FA25E31",
- "login": "public",
- "password": "OGMlsucXQ4G2VkFUGLgpaUcG7XJcF6PMoX",
- "peerName": "ancha.lurk.space",
- "publicKey": "c5bu0npp8by4jym96mh0vyy81sn9lhbc01f445nvz64dvdjt98j0.k"
- },
- "[2001:67c:2990:f00::9ef0:3eaf]:31545":{
- "contact": "hostmaster@cwningen.cymru",
- "gpg": "2FCD 352C E105 73B5 E7536B98 36C9 9B69 B60E 86E6",
- "gpg-public-key": "https://cwningen.cymru/gpg.pub",
- "login": "public-peer",
- "password": "hsfmhcphy3dpfy6f15hgyz30206dmry",
- "peerName": "pen.cwningen.cymru",
- "publicKey": "hp3mrxspcg2p2nzt9885gmb9wcgm4t1huc2dydk6hqh63u44nrg0.k"
- },
- "[2001:67c:2990:a00::2eeb:e1b0]:31545":{
- "contact": "hostmaster@cwningen.cymru",
- "gpg": "3403E29147E665531103E4AE364C86CBCB4A4395",
- "login": "public-peer",
- "password": "p0w2yzku3lj126fs2z1wrlt1w684dzw",
- "peerName": "llygaid.cwningen.cymru",
- "publicKey": "8268mn1bvz66nbb74tqw7ynjkcjrtruv8pgjf9kr34zv5d60p3r0.k"
- },
- "[2001:67c:2990:b00::5d5d:812b]:31545":{
- "contact": "hostmaster@cwningen.cymru",
- "gpg": "3403E29147E665531103E4AE364C86CBCB4A4395",
- "login": "public-peer",
- "password": "p0zk85ff2lk3zbvgypzr1tvbu1gnlkc",
- "peerName": "penfar.cwningen.cymru",
- "publicKey": "7ktfb2n336bguhfx81ts15qgjb8mjj4rz3vrnvj2dw89wsmmtpg0.k"
- },
- }
- },
- {
- // Bind to this port.
- "bind": "[::]:17188",
- // Nodes to connect to (IPv6 only).
- "connectTo":
- {
- // Add connection credentials here to join the network
- // Ask somebody who is already connected.
- }
- }
- ]
- ,
- "ETHInterface":
- [
- // Alternatively bind to just one device and either beacon and/or
- // connect to a specified MAC address
- {
- // Bind to this device (interface name, not MAC)
- // "all" is a pseudo-name which will try to connect to all devices.
- "bind": "all",
- // Auto-connect to other cjdns nodes on the same network.
- // Options:
- //
- // 0 -- Disabled.
- //
- // 1 -- Accept beacons, this will cause cjdns to accept incoming
- // beacon messages and try connecting to the sender.
- //
- // 2 -- Accept and send beacons, this will cause cjdns to broadcast
- // messages on the local network which contain a randomly
- // generated per-session password, other nodes which have this
- // set to 1 or 2 will hear the beacon messages and connect
- // automatically.
- //
- "beacon": 2,
- // Node(s) to connect to manually
- // Note: does not work with "all" pseudo-device-name
- "connectTo":
- {
- // Credentials for connecting look similar to UDP credentials
- // except they begin with the mac address, for example:
- // "01:02:03:04:05:06":{"password":"a","publicKey":"b"}
- }
- }
- ]
- },
- // Configuration for the router.
- "router":
- {
- // supernodes, if none are specified they'll be taken from your peers
- "supernodes": [
- //"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
- ]
- // The interface which is used for connecting to the cjdns network.
- "interface":
- {
- // The type of interface (only TUNInterface is supported for now)
- "type": "TUNInterface"
- // The type of tunfd (only "android" for now)
- // If "android" here, the tunDevice should be used as the pipe path
- // to transfer the tun file description.
- // "tunfd" : "android"
- // The name of a persistent TUN device to use.
- // This for starting cjdroute as its own user.
- // *MOST USERS DON'T NEED THIS*
- //"tunDevice": "tun0"
- },
- // System for tunneling IPv4 and ICANN IPv6 through cjdns.
- // This is using the cjdns switch layer as a VPN carrier.
- "ipTunnel":
- {
- // Nodes allowed to connect to us.
- // When a node with the given public key connects, give them the
- // ip4 and/or ip6 addresses listed.
- "allowedConnections":
- [
- // Give the client an address on 192.168.1.0/24, and an address
- // it thinks has all of IPv6 behind it.
- // ip4Prefix is the set of addresses which are routable from the tun
- // for example, if you're advertizing a VPN into a company network
- // which exists in 10.123.45.0/24 space, ip4Prefix should be 24
- // default is 32 for ipv4 and 128 for ipv6
- // so by default it will not install a route
- // ip4Alloc is the block of addresses which are allocated to the
- // for example if you want to issue 4 addresses to the client, those
- // being 192.168.123.0 to 192.168.123.3, you would set this to 30
- // default is 32 for ipv4 and 128 for ipv6 (1 address)
- // {
- // "publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k",
- // "ip4Address": "192.168.1.24",
- // "ip4Prefix": 0,
- // "ip4Alloc": 32,
- // "ip6Address": "2001:123:ab::10",
- // "ip6Prefix": 0
- // "ip6Alloc": 64,
- // },
- // It's ok to only specify one address and prefix/alloc are optional.
- // {
- // "publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k",
- // "ip4Address": "192.168.1.25",
- // "ip4Prefix": 0,
- // }
- ],
- "outgoingConnections":
- [
- // Connect to one or more machines and ask them for IP addresses.
- // "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
- // "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
- // "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
- ]
- }
- },
- // Dropping permissions.
- // In the event of a serious security exploit in cjdns, leak of confidential
- // network traffic and/or keys is highly likely but the following rules are
- // designed to prevent the attack from spreading to the system on which cjdns
- // is running.
- // Counter-intuitively, cjdns is *more* secure if it is started as root because
- // non-root users do not have permission to use chroot or change usernames,
- // limiting the effectiveness of the mitigations herein.
- "security":
- [
- // Change the user id to sandbox the cjdns process after it starts.
- // If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses
- // and ETHInterface will be unable to hot-add new interfaces
- // Use { "setuser": 0 } to disable.
- // Default: enabled with keepNetAdmin
- { "setuser": "nobody", "keepNetAdmin": 1 },
- // Chroot changes the filesystem root directory which cjdns sees, blocking it
- // from accessing files outside of the chroot sandbox, if the user does not
- // have permission to use chroot(), this will fail quietly.
- // Use { "chroot": 0 } to disable.
- // Default: enabled (using "/var/run")
- { "chroot": "/var/run/" },
- // Nofiles is a deprecated security feature which prevents cjdns from opening
- // any files at all, using this will block setting of IP addresses and
- // hot-adding ETHInterface devices but for users who do not need this, it
- // provides a formidable sandbox.
- // Default: disabled
- { "nofiles": 0 },
- // Noforks will prevent cjdns from spawning any new processes or threads,
- // this prevents many types of exploits from attacking the wider system.
- // Default: enabled
- { "noforks": 1 },
- // Seccomp is the most advanced sandboxing feature in cjdns, it uses
- // SECCOMP_BPF to filter the system calls which cjdns is able to make on a
- // linux system, strictly limiting it's access to the outside world
- // This will fail quietly on any non-linux system
- // Default: enabled
- { "seccomp": 1 },
- // The client sets up the core using a sequence of RPC calls, the responses
- // to these calls are verified but in the event that the client crashes
- // setup of the core completes, it could leave the core in an insecure state
- // This call constitutes the client telling the core that the security rules
- // have been fully applied and the core may run. Without it, the core will
- // exit within a few seconds with return code 232.
- // Default: enabled
- { "setupComplete": 1 }
- ],
- // Logging
- "logging":
- {
- // Uncomment to have cjdns log to stdout rather than making logs available
- // via the admin socket.
- // "logTo":"stdout"
- },
- // If set to non-zero, cjdns will not fork to the background.
- // Recommended for use in conjunction with "logTo":"stdout".
- "noBackground":0
- // Pipe file will store in this path, recommended value: /tmp (for unix),
- // \\.\pipe (for windows)
- // /data/local/tmp (for rooted android)
- // /data/data/AppName (for non-root android)
- // This only needs to be specified if cjdroute's guess is incorrect
- // "pipe":"/tmp"
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement