commit
bea4761f9c
|
@ -0,0 +1,6 @@
|
|||
|
||||
# Implement max-len filter
|
||||
|
||||
To implement a max-length filter, we need a rule/policy/filter file that contains the corresponding prefixes with their maximum length. The entitydb contains a bash script `build_maxlen_filter.sh` for this purpose. If you run this script with the argument `babeld`, you will get a babeld-compatible list.
|
||||
|
||||
This list can now be inserted into the configuration file instead of `in ip fd00::/8 le 64 ge 44 allow`. It is recommended to automate this process.
|
|
@ -300,7 +300,6 @@ Help can be obtained by typing the command and then a `?`.
|
|||
|
||||
Babel uses port 6696/udp and the multicast address `ff02::1:6`. Accordingly, port 6696/udp must be enabled locally.
|
||||
|
||||
## Old bird configurations
|
||||
## Further links
|
||||
|
||||
Old configuration can be found [here](old-configuration).
|
||||
Very old configuration can be found [here](very-old-configuration).
|
||||
- [bird documentation](https://bird.network.cz/?get_doc&f=bird.html&v=20)
|
||||
|
|
|
@ -10,4 +10,5 @@
|
|||
|
||||
## babeld
|
||||
- [Setting up Babeld](babeld/babeld)
|
||||
- [max-len filter in babeld](babeld/maxlen-filter)
|
||||
- [babelweb2](babeld/babelweb2)
|
||||
|
|
|
@ -31,6 +31,9 @@ mode multitap;
|
|||
|
||||
# The encryption method (don't change this unless you need to)
|
||||
method "salsa2012+umac";
|
||||
method "salsa2012+poly1305";
|
||||
method "salsa20+umac";
|
||||
method "salsa20+poly1305";
|
||||
|
||||
# Bind to and listen for incoming connections on this address and port
|
||||
bind [::]:<port>;
|
||||
|
@ -103,6 +106,17 @@ Now we need to fill in the peer details of the node you are connecting to:
|
|||
|
||||
Fastd can provide a tunnel with `multitap` mode on layer 2 or a tunnel with `tun` mode on layer 3. Note that the fatsd has 20 bytes less overhead when using tun.
|
||||
|
||||
### Methods
|
||||
|
||||
fastd supports various transmission encryptions. The encryption and authentication recommended by fastd is `salsa2012+umac`. If you specify multiple encryption methods, the first one specified is preferred. The others are used as fallbacks if the peer does not support the preferred one.
|
||||
fastd has three groups of transmission ciphers:
|
||||
- Encrypt and Authenticate
|
||||
- Authenticate Only
|
||||
- Transfer Only without Authentication
|
||||
|
||||
It should be noted that poly1305 is very slow on embedded systems and AES is very slow without OpenSSL.
|
||||
When fastd is used without encryption or authentication, the data is authenticated only by the sender IP address. This authentication can be disabled with `float yes;`.
|
||||
|
||||
### MTU
|
||||
|
||||
The default MTU of a fastd tunnel is 1500 bytes. However, this can be problematic if the Internet uplink also has an MTU of 1500 or less. In this case IP fragmentation can occur. This is usually something you want to avoid.
|
||||
|
@ -139,3 +153,4 @@ To enable the systemd unit on startup run `systemctl enable fastd@crxn`
|
|||
|
||||
- [fastd documentation](https://fastd.readthedocs.io/en/stable/)
|
||||
- [fastd mtu documentation](https://fastd.readthedocs.io/en/stable/manual/mtu.html)
|
||||
- [Encryption & authentication methods in fastd](https://fastd.readthedocs.io/en/stable/manual/methods.html)
|
||||
|
|
Loading…
Reference in New Issue