lovelynamess
commented
4 years ago This is my first time using it.Please help me,thank you
Open lovelynamess opened 4 years ago
lovelynamess
commented
4 years ago This is my first time using it.Please help me,thank you
progval
commented
4 years ago It means you made a mistake in your config file, at line 101. We can't help you unless we see it.
lovelynamess
commented
4 years ago It means you made a mistake in your config file, at line 101. We can't help you unless we see it.
em ,To be honest, I do n’t configure friends, I did n’t understand after reading readme // Nodes to connect to (IPv4 only). "connectTo": { // Add connection credentials here to join the network // If you have several, don't forget the separating commas // They should look like: // "ipv4 address:port": { // "login": "(optional) name your peer has for you" // "password": "password to connect with", // "publicKey": "remote node key.k", // "peerName": "(optional) human-readable name for peer" // }, // Ask somebody who is already connected. } }, { I ca n’t find any friends to connect me
progval
commented
4 years ago I don't see anything wrong in that part of the file, so the issue must be somewhere else.
lovelynamess
commented
4 years ago I don't see anything wrong in that part of the file, so the issue must be somewhere else.
emmmI'm a bit stupid. Can you teach me how to configure friends?
progval
commented
4 years ago There are two issues. First, the syntax error, then filling data in the config file. Let's fix the syntax error first, so you can at least start cjdns.
lovelynamess
commented
4 years ago There are two issues. First, the syntax error, then filling data in the config file. Let's fix the syntax error first, so you can at least start cjdns. I don't have a friend's name or condition. Could you help me? I started cjdns, it's almost a step away.
lovelynamess
commented
4 years ago { "169.255.57.31:64686":{ "contact":"tim@akinbo.org", "gpg":"D0921234EC5F006D", "password":"public", "peerName":"akinbo-lagos", "publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k", "user":"takinbo" } } This is the data of the friends I found. Fill them in cjdroute.conf?
lovelynamess
commented
4 years ago A few days ago I tried to fill this in the configuration file
lovelynamess
commented
4 years ago There are two issues. First, the syntax error, then filling data in the config file. Let's fix the syntax error first, so you can at least start cjdns.
lovelynamess
commented
4 years ago There are two issues. First, the syntax error, then filling data in the config file. Let's fix the syntax error first, so you can at least start cjdns.
Fill in ipv4 or ipv6? I am a newbie and don't quite understand.
lovelynamess
commented
4 years ago // Nodes to connect to (IPv4 only). "connectTo": { // Add connection credentials here to join the network // If you have several, don't forget the separating commas // They should look like: // "ipv4 address:port": { // "login": "(optional) name your peer has for you" // "password": "password to connect with", // "publicKey": "remote node key.k", // "peerName": "(optional) human-readable name for peer" // }, // Ask somebody who is already connected. } Shì bǎ xìnxī tiánxiě zài zhèlǐ ma 10/5000 Did you fill in the information here?
lovelynamess
commented
4 years ago sudo ./cjdroute < cjdroute.conf Invalid cjdroute.conf JsonBencMessageReader.c:75 Error parsing config (line 104 column 13): Expected char ["] but got [{]
// Nodes to connect to (IPv4 only). "connectTo": { "169.255.57.31:64686":{ "contact":"tim@akinbo.org", "gpg":"D0921234EC5F006D", "password":"public", "peerName":"akinbo-lagos", "publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k", "user":"takinbo"
}
},
( The last line is 103 lines)I still don't see anything wrong. could you paste the entire file (and make sure to redact the private key and passwords)
lovelynamess
commented
4 years ago I still don't see anything wrong. could you paste the entire file (and make sure to redact the private key and passwords)
{ // Private key: // Your confidentiality and data integrity depend on this key, keep it secret! "privateKey": "8a1682de2d5d6a3bb5aa20f1e642d5283d7301cd475cf1d67bf42c77e49cdac4",
// This key corresponds to the public key and ipv6 address:
"publicKey": "3yj71qu60f7dxwyu83bd2j97qyxkjzr4bd7z2r78r7f628j71040.k",
"ipv6": "fc4d:66f6:a3ac:8efc:648d:97bc:a151:cfce",
// Anyone connecting and offering these passwords on connection will be allowed.
//
// WARNING: If a "login" parameter is passed, someone sniffing on the wire can
// sniff the packet and crack to find it. If the "login" is not passed
// then the hash of the 'password' is effectively the login, therefore
// that can be cracked.
//
"authorizedPasswords": [
// Password is a unique string which is known to the client and server.
// User is an optional login name and will also be used to display the peer.
{ "password": "wx9xf277r5h8munl8p7gc7ux94kv76v", "user": "default-login" }
// More passwords should look like this.
// { "password": "bx0cu6bk3u9q9zm4ddrnbkx710b3kgl", "user": "my-second-peer" },
// { "password": "n3jl4h0xhwbtnb4qscnlrzxlw5sw0yf", "user": "my-third-peer" },
// { "password": "gkv9kz85w5kf3hl3bbt6mk40s1pk8h7", "user": "my-fourth-peer" },
// Below is an example of your connection credentials
// that you can give to other people so they can connect
// to you using your default password (from above).
// The login field here yourself to your peer and the peerName field
// is the name the peer which will be displayed in peerStats
// Adding a unique password for each peer is advisable
// so that leaks can be isolated.
/*
"your.external.ip.goes.here:36570": {
"login": "default-login",
"password": "wx9xf277r5h8munl8p7gc7ux94kv76v",
"publicKey": "3yj71qu60f7dxwyu83bd2j97qyxkjzr4bd7z2r78r7f628j71040.k",
"peerName": "your-name-goes-here"
},
*/
],
// Settings for administering and extracting information from your router.
// This interface provides functions which can be called through a UDP socket.
// See admin/Readme.md for more information about the API and try:
// ./tools/cexec
// For a list of functions which can be called.
// For example: ./tools/cexec 'memory()'
// will call a function which gets the core's current memory consumption.
// ./tools/cjdnslog
// is a tool which uses this admin interface to get logs from cjdns.
"admin": {
// Port to bind the admin RPC server to.
"bind": "127.0.0.1:11234",
// Password for admin RPC server.
// This is a static password by default, so that tools like
// ./tools/cexec can use the API without you creating a
// config file at ~/.cjdnsadmin first. If you decide to
// expose the admin API to the network, change the password!
"password": "NONE"
},
// Interfaces to connect to the switch core.
"interfaces": {
// The interface which connects over UDP/IP based VPN tunnel.
"UDPInterface": [
{
// Bind to this port.
"bind": "0.0.0.0:36570",
// Set the DSCP value for Qos. Default is 0.
// "dscp": 46,
// Automatically connect to other nodes on the same LAN
// This works by binding a second port and sending beacons
// containing the main data port.
// beacon is a number between 0 and 2:
// 0 -> do not beacon nor connect to other nodes who beacon
// 1 -> quiet mode, accept beacons from other nodes only
// 2 -> send and accept beacons
// beaconDevices is a list which can contain names of devices such
// as eth0, as well as broadcast addresses to send to, such as
// 192.168.101.255, or the pseudo-name "all".
// in order to auto-peer, all cjdns nodes must use the same
// beaconPort.
"beacon": 2,
"beaconDevices": [ "all" ],
"beaconPort": 64512,
// Nodes to connect to (IPv4 only).
"connectTo": {
"169.255.57.31:64686":{
"contact":"tim@akinbo.org",
"gpg":"D0921234EC5F006D",
"password":"public",
"peerName":"akinbo-lagos",
"publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k",
"user":"takinbo"
}
},
{
// Bind to this port.
"bind": "[::]:36570",
// Set the DSCP value for Qos. Default is 0.
// "dscp": 46,
// Nodes to connect to (IPv6 only).
"connectTo": {
"169.255.57.31:64686":{
"contact":"tim@akinbo.org",
"gpg":"D0921234EC5F006D",
"password":"public",
"peerName":"akinbo-lagos",
"publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k",
"user":"takinbo"
}
}
],
// The interface which allows peering using layer-2 ethernet frames
"ETHInterface": [
// Alternatively bind to just one device and either beacon and/or
// connect to a specified MAC address
{
// Bind to this device (interface name, not MAC)
// "all" is a pseudo-name which will try to connect to all devices.
"bind": "all",
// Auto-connect to other cjdns nodes on the same network.
// Options:
//
// 0 -- Disabled.
//
// 1 -- Accept beacons, this will cause cjdns to accept incoming
// beacon messages and try connecting to the sender.
//
// 2 -- Accept and send beacons, this will cause cjdns to broadcast
// messages on the local network which contain a randomly
// generated per-session password, other nodes which have this
// set to 1 or 2 will hear the beacon messages and connect
// automatically.
//
"beacon": 2,
// Node(s) to connect to manually
// Note: does not work with "all" pseudo-device-name
"connectTo": {
// Credentials for connecting look similar to UDP credentials
// except they begin with the mac address, for example:
// "01:02:03:04:05:06":{"password":"a","publicKey":"b"}
}
}
]
},
// Configuration for the router.
"router": {
// supernodes, if none are specified they'll be taken from your peers
"supernodes": [
//"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
],
// The interface which is used for connecting to the cjdns network.
"interface": {
// The type of interface (only TUNInterface is supported for now)
"type": "TUNInterface"
// The type of tunfd (only "android" for now)
// If "android" here, the tunDevice should be used as the pipe path
// to transfer the tun file description.
// "tunfd" : "android"
// The name of a persistent TUN device to use.
// This for starting cjdroute as its own user.
// *MOST USERS DON'T NEED THIS*
//"tunDevice": "tun0"
},
// System for tunneling IPv4 and ICANN IPv6 through cjdns.
// This is using the cjdns switch layer as a VPN carrier.
"ipTunnel": {
// Nodes allowed to connect to us.
// When a node with the given public key connects, give them the
// ip4 and/or ip6 addresses listed.
"allowedConnections": [
// Give the client an address on 192.168.1.0/24, and an address
// it thinks has all of IPv6 behind it.
// ip4Prefix is the set of addresses which are routable from the tun
// for example, if you're advertizing a VPN into a company network
// which exists in 10.123.45.0/24 space, ip4Prefix should be 24
// default is 32 for ipv4 and 128 for ipv6
// so by default it will not install a route
// ip4Alloc is the block of addresses which are allocated to the
// for example if you want to issue 4 addresses to the client, those
// being 192.168.123.0 to 192.168.123.3, you would set this to 30
// default is 32 for ipv4 and 128 for ipv6 (1 address)
// {
// "publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k",
// "ip4Address": "192.168.1.24",
// "ip4Prefix": 0,
// "ip4Alloc": 32,
// "ip6Address": "2001:123:ab::10",
// "ip6Prefix": 0
// "ip6Alloc": 64,
// },
// It's ok to only specify one address and prefix/alloc are optional.
// {
// "publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k",
// "ip4Address": "192.168.1.25",
// "ip4Prefix": 0,
// }
],
"outgoingConnections": [
// Connect to one or more machines and ask them for IP addresses.
// "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
// "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
// "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
]
}
},
// Dropping permissions.
// In the event of a serious security exploit in cjdns, leak of confidential
// network traffic and/or keys is highly likely but the following rules are
// designed to prevent the attack from spreading to the system on which cjdns
// is running.
// Counter-intuitively, cjdns is *more* secure if it is started as root because
// non-root users do not have permission to use chroot or change usernames,
// limiting the effectiveness of the mitigations herein.
"security": [
// Change the user id to sandbox the cjdns process after it starts.
// If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses
// and ETHInterface will be unable to hot-add new interfaces
// Use { "setuser": 0 } to disable.
// Default: enabled with keepNetAdmin
{ "setuser": "nobody", "keepNetAdmin": 1 },
// Chroot changes the filesystem root directory which cjdns sees, blocking it
// from accessing files outside of the chroot sandbox, if the user does not
// have permission to use chroot(), this will fail quietly.
// Use { "chroot": 0 } to disable.
// Default: enabled (using "/var/run")
{ "chroot": "/var/run/" },
// Nofiles is a deprecated security feature which prevents cjdns from opening
// any files at all, using this will block setting of IP addresses and
// hot-adding ETHInterface devices but for users who do not need this, it
// provides a formidable sandbox.
// Default: disabled
{ "nofiles": 0 },
// Noforks will prevent cjdns from spawning any new processes or threads,
// this prevents many types of exploits from attacking the wider system.
// Default: enabled
{ "noforks": 1 },
// Seccomp is the most advanced sandboxing feature in cjdns, it uses
// SECCOMP_BPF to filter the system calls which cjdns is able to make on a
// linux system, strictly limiting it's access to the outside world
// This will fail quietly on any non-linux system
// Default: enabled
{ "seccomp": 1 },
// The client sets up the core using a sequence of RPC calls, the responses
// to these calls are verified but in the event that the client crashes
// setup of the core completes, it could leave the core in an insecure state
// This call constitutes the client telling the core that the security rules
// have been fully applied and the core may run. Without it, the core will
// exit within a few seconds with return code 232.
// Default: enabled
{ "setupComplete": 1 }
],
// Logging
"logging": {
// Uncomment to have cjdns log to stdout rather than making logs available
// via the admin socket.
// "logTo": "stdout"
},
// If set to non-zero, cjdns will not fork to the background.
// Recommended for use in conjunction with "logTo":"stdout".
"noBackground": 0,
// Pipe file will store in this path, recommended value: /tmp (for unix),
// \\.\pipe (for windows)
// /data/local/tmp (for rooted android)
// /data/data/AppName (for non-root android)
// This only needs to be specified if cjdroute's guess is incorrect
// "pipe": "/tmp"
// This is to make the configuration be parsed in strict mode, which allows
// it to be edited externally using cjdnsconf.
"version": 2} { // Private key: // Your confidentiality and data integrity depend on this key, keep it secret! "privateKey": "f3adb718c3b7815bf21359ae36e7b44c5153e64ab911219b20a09ea068af413f",
// This key corresponds to the public key and ipv6 address:
"publicKey": "2zw22wl6nhn8puwby42hky1wrsbbj1ylpu54nbpwwxzzps3n89r0.k",
"ipv6": "fcfe:97e6:3582:e6f2:a96e:bef9:55d5:fbac",
// Anyone connecting and offering these passwords on connection will be allowed.
//
// WARNING: If a "login" parameter is passed, someone sniffing on the wire can
// sniff the packet and crack to find it. If the "login" is not passed
// then the hash of the 'password' is effectively the login, therefore
// that can be cracked.
//
"authorizedPasswords": [
// Password is a unique string which is known to the client and server.
// User is an optional login name and will also be used to display the peer.
{ "password": "b65chgvy0k7vp65kv18ud8myv23c4cg", "user": "default-login" }
// More passwords should look like this.
// { "password": "6l6qrr95pn7k04mxtu16s89gv35wmv5", "user": "my-second-peer" },
// { "password": "m776rmuhfcth3v5sq8qzlyrmp1mrx4z", "user": "my-third-peer" },
// { "password": "gp8nrgw8kwb60dgx80vpg0msr0fqkf7", "user": "my-fourth-peer" },
// Below is an example of your connection credentials
// that you can give to other people so they can connect
// to you using your default password (from above).
// The login field here yourself to your peer and the peerName field
// is the name the peer which will be displayed in peerStats
// Adding a unique password for each peer is advisable
// so that leaks can be isolated.
/*
"your.external.ip.goes.here:10315": {
"login": "default-login",
"password": "b65chgvy0k7vp65kv18ud8myv23c4cg",
"publicKey": "2zw22wl6nhn8puwby42hky1wrsbbj1ylpu54nbpwwxzzps3n89r0.k",
"peerName": "your-name-goes-here"
},
*/
],
// Settings for administering and extracting information from your router.
// This interface provides functions which can be called through a UDP socket.
// See admin/Readme.md for more information about the API and try:
// ./tools/cexec
// For a list of functions which can be called.
// For example: ./tools/cexec 'memory()'
// will call a function which gets the core's current memory consumption.
// ./tools/cjdnslog
// is a tool which uses this admin interface to get logs from cjdns.
"admin": {
// Port to bind the admin RPC server to.
"bind": "127.0.0.1:11234",
// Password for admin RPC server.
// This is a static password by default, so that tools like
// ./tools/cexec can use the API without you creating a
// config file at ~/.cjdnsadmin first. If you decide to
// expose the admin API to the network, change the password!
"password": "NONE"
},
// Interfaces to connect to the switch core.
"interfaces": {
// The interface which connects over UDP/IP based VPN tunnel.
"UDPInterface": [
{
// Bind to this port.
"bind": "0.0.0.0:10315",
// Set the DSCP value for Qos. Default is 0.
// "dscp": 46,
// Automatically connect to other nodes on the same LAN
// This works by binding a second port and sending beacons
// containing the main data port.
// beacon is a number between 0 and 2:
// 0 -> do not beacon nor connect to other nodes who beacon
// 1 -> quiet mode, accept beacons from other nodes only
// 2 -> send and accept beacons
// beaconDevices is a list which can contain names of devices such
// as eth0, as well as broadcast addresses to send to, such as
// 192.168.101.255, or the pseudo-name "all".
// in order to auto-peer, all cjdns nodes must use the same
// beaconPort.
"beacon": 2,
"beaconDevices": [ "all" ],
"beaconPort": 64512,
// Nodes to connect to (IPv4 only).
"connectTo": {
"169.255.57.31:64686":{
"contact":"tim@akinbo.org",
"gpg":"D0921234EC5F006D",
"password":"public",
"peerName":"akinbo-lagos",
"publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k",
"user":"takinbo"
},
}
},
{
// Bind to this port.
"bind": "[::]:10315",
// Set the DSCP value for Qos. Default is 0.
// "dscp": 46,
// Nodes to connect to (IPv6 only).
"connectTo": {
"169.255.57.31:64686":{
"contact":"tim@akinbo.org",
"gpg":"D0921234EC5F006D",
"password":"public",
"peerName":"akinbo-lagos",
"publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k",
"user":"takinbo"
}
}
],
// The interface which allows peering using layer-2 ethernet frames
"ETHInterface": [
// Alternatively bind to just one device and either beacon and/or
// connect to a specified MAC address
{
// Bind to this device (interface name, not MAC)
// "all" is a pseudo-name which will try to connect to all devices.
"bind": "all",
// Auto-connect to other cjdns nodes on the same network.
// Options:
//
// 0 -- Disabled.
//
// 1 -- Accept beacons, this will cause cjdns to accept incoming
// beacon messages and try connecting to the sender.
//
// 2 -- Accept and send beacons, this will cause cjdns to broadcast
// messages on the local network which contain a randomly
// generated per-session password, other nodes which have this
// set to 1 or 2 will hear the beacon messages and connect
// automatically.
//
"beacon": 2,
// Node(s) to connect to manually
// Note: does not work with "all" pseudo-device-name
"connectTo": {
// Credentials for connecting look similar to UDP credentials
// except they begin with the mac address, for example:
// "01:02:03:04:05:06":{"password":"a","publicKey":"b"}
}
}
]
},
// Configuration for the router.
"router": {
// supernodes, if none are specified they'll be taken from your peers
"supernodes": [
//"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
],
// The interface which is used for connecting to the cjdns network.
"interface": {
// The type of interface (only TUNInterface is supported for now)
"type": "TUNInterface"
// The type of tunfd (only "android" for now)
// If "android" here, the tunDevice should be used as the pipe path
// to transfer the tun file description.
// "tunfd" : "android"
// The name of a persistent TUN device to use.
// This for starting cjdroute as its own user.
// *MOST USERS DON'T NEED THIS*
//"tunDevice": "tun0"
},
// System for tunneling IPv4 and ICANN IPv6 through cjdns.
// This is using the cjdns switch layer as a VPN carrier.
"ipTunnel": {
// Nodes allowed to connect to us.
// When a node with the given public key connects, give them the
// ip4 and/or ip6 addresses listed.
"allowedConnections": [
// Give the client an address on 192.168.1.0/24, and an address
// it thinks has all of IPv6 behind it.
// ip4Prefix is the set of addresses which are routable from the tun
// for example, if you're advertizing a VPN into a company network
// which exists in 10.123.45.0/24 space, ip4Prefix should be 24
// default is 32 for ipv4 and 128 for ipv6
// so by default it will not install a route
// ip4Alloc is the block of addresses which are allocated to the
// for example if you want to issue 4 addresses to the client, those
// being 192.168.123.0 to 192.168.123.3, you would set this to 30
// default is 32 for ipv4 and 128 for ipv6 (1 address)
// {
// "publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k",
// "ip4Address": "192.168.1.24",
// "ip4Prefix": 0,
// "ip4Alloc": 32,
// "ip6Address": "2001:123:ab::10",
// "ip6Prefix": 0
// "ip6Alloc": 64,
// },
// It's ok to only specify one address and prefix/alloc are optional.
// {
// "publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k",
// "ip4Address": "192.168.1.25",
// "ip4Prefix": 0,
// }
],
"outgoingConnections": [
// Connect to one or more machines and ask them for IP addresses.
// "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
// "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
// "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
]
}
},
// Dropping permissions.
// In the event of a serious security exploit in cjdns, leak of confidential
// network traffic and/or keys is highly likely but the following rules are
// designed to prevent the attack from spreading to the system on which cjdns
// is running.
// Counter-intuitively, cjdns is *more* secure if it is started as root because
// non-root users do not have permission to use chroot or change usernames,
// limiting the effectiveness of the mitigations herein.
"security": [
// Change the user id to sandbox the cjdns process after it starts.
// If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses
// and ETHInterface will be unable to hot-add new interfaces
// Use { "setuser": 0 } to disable.
// Default: enabled with keepNetAdmin
{ "setuser": "nobody", "keepNetAdmin": 1 },
// Chroot changes the filesystem root directory which cjdns sees, blocking it
// from accessing files outside of the chroot sandbox, if the user does not
// have permission to use chroot(), this will fail quietly.
// Use { "chroot": 0 } to disable.
// Default: enabled (using "/var/run")
{ "chroot": "/var/run/" },
// Nofiles is a deprecated security feature which prevents cjdns from opening
// any files at all, using this will block setting of IP addresses and
// hot-adding ETHInterface devices but for users who do not need this, it
// provides a formidable sandbox.
// Default: disabled
{ "nofiles": 0 },
// Noforks will prevent cjdns from spawning any new processes or threads,
// this prevents many types of exploits from attacking the wider system.
// Default: enabled
{ "noforks": 1 },
// Seccomp is the most advanced sandboxing feature in cjdns, it uses
// SECCOMP_BPF to filter the system calls which cjdns is able to make on a
// linux system, strictly limiting it's access to the outside world
// This will fail quietly on any non-linux system
// Default: enabled
{ "seccomp": 1 },
// The client sets up the core using a sequence of RPC calls, the responses
// to these calls are verified but in the event that the client crashes
// setup of the core completes, it could leave the core in an insecure state
// This call constitutes the client telling the core that the security rules
// have been fully applied and the core may run. Without it, the core will
// exit within a few seconds with return code 232.
// Default: enabled
{ "setupComplete": 1 }
],
// Logging
"logging": {
// Uncomment to have cjdns log to stdout rather than making logs available
// via the admin socket.
// "logTo": "stdout"
},
// If set to non-zero, cjdns will not fork to the background.
// Recommended for use in conjunction with "logTo":"stdout".
"noBackground": 0,
// Pipe file will store in this path, recommended value: /tmp (for unix),
// \\.\pipe (for windows)
// /data/local/tmp (for rooted android)
// /data/data/AppName (for non-root android)
// This only needs to be specified if cjdroute's guess is incorrect
// "pipe": "/tmp"
// This is to make the configuration be parsed in strict mode, which allows
// it to be edited externally using cjdnsconf.
"version": 2}
lovelynamess
commented
4 years ago This is the entire cjdroute.conf file, please help me check it
lovelynamess
commented
4 years ago In addition, my kali system runs on a virtual machine. Is it related to this?
progval
commented
4 years ago You posted your private key publicly... you should re-do the config process to get a new one now.
In the first block in UDPInterface, there is an extra comma, on line 96:
"user":"takinbo"
},
}Sorry, what should I do now? How to configure it? Could you please guide me?
lovelynamess
commented
4 years ago You posted your private key publicly... you should re-do the config process to get a new one now.
In the first block in UDPInterface, there is an extra comma, on line 96:
"user":"takinbo" }, }
I have a new cjdroute.conf, what should I do next?
lovelynamess
commented
4 years ago sudo ./cjdroute < cjdroute.conf 1578064838 INFO cjdroute2.c:690 Cjdns amd64 linux +seccomp 1578064838 INFO cjdroute2.c:694 Checking for running instance... 1578064838 DEBUG UDPAddrIface.c:318 Bound to address [0.0.0.0:54215] 1578064838 DEBUG AdminClient.c:333 Connecting to [127.0.0.1:11234] cjdroute2.c:514 Startup failed: cjdroute is already running. [0] 已放弃 This is the result of the new unchanged configuration file
progval
commented
4 years ago Stop the cjdns process that is already running
lovelynamess
commented
4 years ago emmm,next?
---Original--- From: "Valentin Lorentz"<notifications@github.com> Date: Fri, Jan 3, 2020 19:44 PM To: "hyperboria/bugs"<bugs@noreply.github.com>; Cc: "Jacker7777"<909134508@qq.com>;"Author"<author@noreply.github.com>; Subject: Re: [hyperboria/bugs] How to configure friends on cjdns? (#192)
I don't see anything wrong in that part of the file, so the issue must be somewhere else.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
progval
commented
4 years ago Now you should be able to run it
lovelynamess
commented
4 years ago Now you should be able to run it
sudo ./cjdroute < cjdroute.conf Invalid cjdroute.conf JsonBencMessageReader.c:75 Error parsing config (line 104 column 13): Expected char ["] but got [{]
It's too difficult, this problem has troubled me for a long time
lovelynamess
commented
4 years ago Now you should be able to run it
My english is also bad, i use google translate to communicate with you
progval
commented
4 years ago It means there is another mistake in your config file. Please post it your current config file, and make sure to redact your private key this time.
lovelynamess
commented
4 years ago Can you give me a configuration data? I was directly above.
---Original--- From: "Valentin Lorentz"<notifications@github.com> Date: Sat, Jan 4, 2020 13:16 PM To: "hyperboria/bugs"<bugs@noreply.github.com>; Cc: "Manual"<manual@noreply.github.com>;"Jacker7777"<909134508@qq.com>; Subject: Re: [hyperboria/bugs] How to configure friends on cjdns? (#192)
It means there is another mistake in your config file. Please post it your current config file, and make sure to redact your private key this time.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
lovelynamess
commented
4 years ago { // Private key: // Your confidentiality and data integrity depend on this key, keep it secret! "privateKey": "8a1682de2d5d6a3bb5aa20f1e642d5283d7301cd475cf1d67bf42c77e49cdac4",
// This key corresponds to the public key and ipv6 address:
"publicKey": "3yj71qu60f7dxwyu83bd2j97qyxkjzr4bd7z2r78r7f628j71040.k",
"ipv6": "fc4d:66f6:a3ac:8efc:648d:97bc:a151:cfce",
// Anyone connecting and offering these passwords on connection will be allowed.
//
// WARNING: If a "login" parameter is passed, someone sniffing on the wire can
// sniff the packet and crack to find it. If the "login" is not passed
// then the hash of the 'password' is effectively the login, therefore
// that can be cracked.
//
"authorizedPasswords": [
// Password is a unique string which is known to the client and server.
// User is an optional login name and will also be used to display the peer.
{ "password": "wx9xf277r5h8munl8p7gc7ux94kv76v", "user": "default-login" }
// More passwords should look like this.
// { "password": "bx0cu6bk3u9q9zm4ddrnbkx710b3kgl", "user": "my-second-peer" },
// { "password": "n3jl4h0xhwbtnb4qscnlrzxlw5sw0yf", "user": "my-third-peer" },
// { "password": "gkv9kz85w5kf3hl3bbt6mk40s1pk8h7", "user": "my-fourth-peer" },
// Below is an example of your connection credentials
// that you can give to other people so they can connect
// to you using your default password (from above).
// The login field here yourself to your peer and the peerName field
// is the name the peer which will be displayed in peerStats
// Adding a unique password for each peer is advisable
// so that leaks can be isolated.
/*
"your.external.ip.goes.here:36570": {
"login": "default-login",
"password": "wx9xf277r5h8munl8p7gc7ux94kv76v",
"publicKey": "3yj71qu60f7dxwyu83bd2j97qyxkjzr4bd7z2r78r7f628j71040.k",
"peerName": "your-name-goes-here"
},
*/
],
// Settings for administering and extracting information from your router.
// This interface provides functions which can be called through a UDP socket.
// See admin/Readme.md for more information about the API and try:
// ./tools/cexec
// For a list of functions which can be called.
// For example: ./tools/cexec 'memory()'
// will call a function which gets the core's current memory consumption.
// ./tools/cjdnslog
// is a tool which uses this admin interface to get logs from cjdns.
"admin": {
// Port to bind the admin RPC server to.
"bind": "127.0.0.1:11234",
// Password for admin RPC server.
// This is a static password by default, so that tools like
// ./tools/cexec can use the API without you creating a
// config file at ~/.cjdnsadmin first. If you decide to
// expose the admin API to the network, change the password!
"password": "NONE"
},
// Interfaces to connect to the switch core.
"interfaces": {
// The interface which connects over UDP/IP based VPN tunnel.
"UDPInterface": [
{
// Bind to this port.
"bind": "0.0.0.0:36570",
// Set the DSCP value for Qos. Default is 0.
// "dscp": 46,
// Automatically connect to other nodes on the same LAN
// This works by binding a second port and sending beacons
// containing the main data port.
// beacon is a number between 0 and 2:
// 0 -> do not beacon nor connect to other nodes who beacon
// 1 -> quiet mode, accept beacons from other nodes only
// 2 -> send and accept beacons
// beaconDevices is a list which can contain names of devices such
// as eth0, as well as broadcast addresses to send to, such as
// 192.168.101.255, or the pseudo-name "all".
// in order to auto-peer, all cjdns nodes must use the same
// beaconPort.
"beacon": 2,
"beaconDevices": [ "all" ],
"beaconPort": 64512,
// Nodes to connect to (IPv4 only).
"connectTo": {
"169.255.57.31:64686":{
"contact":"tim@akinbo.org",
"gpg":"D0921234EC5F006D",
"password":"public",
"peerName":"akinbo-lagos",
"publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k",
"user":"takinbo"
// },
// Ask somebody who is already connected.
}
},
"
"bind": "[::]:36570",
"connectTo": {
}
}
],
// The interface which allows peering using layer-2 ethernet frames
"ETHInterface": [
// Alternatively bind to just one device and either beacon and/or
// connect to a specified MAC address
{
// Bind to this device (interface name, not MAC)
// "all" is a pseudo-name which will try to connect to all devices.
"bind": "all",
// Auto-connect to other cjdns nodes on the same network.
// Options:
//
// 0 -- Disabled.
//
// 1 -- Accept beacons, this will cause cjdns to accept incoming
// beacon messages and try connecting to the sender.
//
// 2 -- Accept and send beacons, this will cause cjdns to broadcast
// messages on the local network which contain a randomly
// generated per-session password, other nodes which have this
// set to 1 or 2 will hear the beacon messages and connect
// automatically.
//
"beacon": 2,
// Node(s) to connect to manually
// Note: does not work with "all" pseudo-device-name
"connectTo": {
// Credentials for connecting look similar to UDP credentials
// except they begin with the mac address, for example:
// "01:02:03:04:05:06":{"password":"a","publicKey":"b"}
}
}
]
},
// Configuration for the router.
"router": {
// supernodes, if none are specified they'll be taken from your peers
"supernodes": [
//"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
],
// The interface which is used for connecting to the cjdns network.
"interface": {
// The type of interface (only TUNInterface is supported for now)
"type": "TUNInterface"
// The type of tunfd (only "android" for now)
// If "android" here, the tunDevice should be used as the pipe path
// to transfer the tun file description.
// "tunfd" : "android"
// The name of a persistent TUN device to use.
// This for starting cjdroute as its own user.
// *MOST USERS DON'T NEED THIS*
//"tunDevice": "tun0"
},
// System for tunneling IPv4 and ICANN IPv6 through cjdns.
// This is using the cjdns switch layer as a VPN carrier.
"ipTunnel": {
// Nodes allowed to connect to us.
// When a node with the given public key connects, give them the
// ip4 and/or ip6 addresses listed.
"allowedConnections": [
// Give the client an address on 192.168.1.0/24, and an address
// it thinks has all of IPv6 behind it.
// ip4Prefix is the set of addresses which are routable from the tun
// for example, if you're advertizing a VPN into a company network
// which exists in 10.123.45.0/24 space, ip4Prefix should be 24
// default is 32 for ipv4 and 128 for ipv6
// so by default it will not install a route
// ip4Alloc is the block of addresses which are allocated to the
// for example if you want to issue 4 addresses to the client, those
// being 192.168.123.0 to 192.168.123.3, you would set this to 30
// default is 32 for ipv4 and 128 for ipv6 (1 address)
// {
// "publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k",
// "ip4Address": "192.168.1.24",
// "ip4Prefix": 0,
// "ip4Alloc": 32,
// "ip6Address": "2001:123:ab::10",
// "ip6Prefix": 0
// "ip6Alloc": 64,
// },
// It's ok to only specify one address and prefix/alloc are optional.
// {
// "publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k",
// "ip4Address": "192.168.1.25",
// "ip4Prefix": 0,
// }
],
"outgoingConnections": [
// Connect to one or more machines and ask them for IP addresses.
// "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
// "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
// "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
]
}
},
// Dropping permissions.
// In the event of a serious security exploit in cjdns, leak of confidential
// network traffic and/or keys is highly likely but the following rules are
// designed to prevent the attack from spreading to the system on which cjdns
// is running.
// Counter-intuitively, cjdns is *more* secure if it is started as root because
// non-root users do not have permission to use chroot or change usernames,
// limiting the effectiveness of the mitigations herein.
"security": [
// Change the user id to sandbox the cjdns process after it starts.
// If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses
// and ETHInterface will be unable to hot-add new interfaces
// Use { "setuser": 0 } to disable.
// Default: enabled with keepNetAdmin
{ "setuser": "nobody", "keepNetAdmin": 1 },
// Chroot changes the filesystem root directory which cjdns sees, blocking it
// from accessing files outside of the chroot sandbox, if the user does not
// have permission to use chroot(), this will fail quietly.
// Use { "chroot": 0 } to disable.
// Default: enabled (using "/var/run")
{ "chroot": "/var/run/" },
// Nofiles is a deprecated security feature which prevents cjdns from opening
// any files at all, using this will block setting of IP addresses and
// hot-adding ETHInterface devices but for users who do not need this, it
// provides a formidable sandbox.
// Default: disabled
{ "nofiles": 0 },
// Noforks will prevent cjdns from spawning any new processes or threads,
// this prevents many types of exploits from attacking the wider system.
// Default: enabled
{ "noforks": 1 },
// Seccomp is the most advanced sandboxing feature in cjdns, it uses
// SECCOMP_BPF to filter the system calls which cjdns is able to make on a
// linux system, strictly limiting it's access to the outside world
// This will fail quietly on any non-linux system
// Default: enabled
{ "seccomp": 1 },
// The client sets up the core using a sequence of RPC calls, the responses
// to these calls are verified but in the event that the client crashes
// setup of the core completes, it could leave the core in an insecure state
// This call constitutes the client telling the core that the security rules
// have been fully applied and the core may run. Without it, the core will
// exit within a few seconds with return code 232.
// Default: enabled
{ "setupComplete": 1 }
],
// Logging
"logging": {
// Uncomment to have cjdns log to stdout rather than making logs available
// via the admin socket.
// "logTo": "stdout"
},
// If set to non-zero, cjdns will not fork to the background.
// Recommended for use in conjunction with "logTo":"stdout".
"noBackground": 0,
// Pipe file will store in this path, recommended value: /tmp (for unix),
// \\.\pipe (for windows)
// /data/local/tmp (for rooted android)
// /data/data/AppName (for non-root android)
// This only needs to be specified if cjdroute's guess is incorrect
// "pipe": "/tmp"
// This is to make the configuration be parsed in strict mode, which allows
// it to be edited externally using cjdnsconf.
"version": 2} { // Private key: // Your confidentiality and data integrity depend on this key, keep it secret! "privateKey": "f3adb718c3b7815bf21359ae36e7b44c5153e64ab911219b20a09ea068af413f",
// This key corresponds to the public key and ipv6 address:
"publicKey": "2zw22wl6nhn8puwby42hky1wrsbbj1ylpu54nbpwwxzzps3n89r0.k",
"ipv6": "fcfe:97e6:3582:e6f2:a96e:bef9:55d5:fbac",
// Anyone connecting and offering these passwords on connection will be allowed.
//
// WARNING: If a "login" parameter is passed, someone sniffing on the wire can
// sniff the packet and crack to find it. If the "login" is not passed
// then the hash of the 'password' is effectively the login, therefore
// that can be cracked.
//
"authorizedPasswords": [
// Password is a unique string which is known to the client and server.
// User is an optional login name and will also be used to display the peer.
{ "password": "b65chgvy0k7vp65kv18ud8myv23c4cg", "user": "default-login" }
// More passwords should look like this.
// { "password": "6l6qrr95pn7k04mxtu16s89gv35wmv5", "user": "my-second-peer" },
// { "password": "m776rmuhfcth3v5sq8qzlyrmp1mrx4z", "user": "my-third-peer" },
// { "password": "gp8nrgw8kwb60dgx80vpg0msr0fqkf7", "user": "my-fourth-peer" },
// Below is an example of your connection credentials
// that you can give to other people so they can connect
// to you using your default password (from above).
// The login field here yourself to your peer and the peerName field
// is the name the peer which will be displayed in peerStats
// Adding a unique password for each peer is advisable
// so that leaks can be isolated.
/*
"your.external.ip.goes.here:10315": {
"login": "default-login",
"password": "b65chgvy0k7vp65kv18ud8myv23c4cg",
"publicKey": "2zw22wl6nhn8puwby42hky1wrsbbj1ylpu54nbpwwxzzps3n89r0.k",
"peerName": "your-name-goes-here"
},
*/
],
// Settings for administering and extracting information from your router.
// This interface provides functions which can be called through a UDP socket.
// See admin/Readme.md for more information about the API and try:
// ./tools/cexec
// For a list of functions which can be called.
// For example: ./tools/cexec 'memory()'
// will call a function which gets the core's current memory consumption.
// ./tools/cjdnslog
// is a tool which uses this admin interface to get logs from cjdns.
"admin": {
// Port to bind the admin RPC server to.
"bind": "127.0.0.1:11234",
// Password for admin RPC server.
// This is a static password by default, so that tools like
// ./tools/cexec can use the API without you creating a
// config file at ~/.cjdnsadmin first. If you decide to
// expose the admin API to the network, change the password!
"password": "NONE"
},
// Interfaces to connect to the switch core.
"interfaces": {
// The interface which connects over UDP/IP based VPN tunnel.
"UDPInterface": [
{
// Bind to this port.
"bind": "0.0.0.0:10315",
// Set the DSCP value for Qos. Default is 0.
// "dscp": 46,
// Automatically connect to other nodes on the same LAN
// This works by binding a second port and sending beacons
// containing the main data port.
// beacon is a number between 0 and 2:
// 0 -> do not beacon nor connect to other nodes who beacon
// 1 -> quiet mode, accept beacons from other nodes only
// 2 -> send and accept beacons
// beaconDevices is a list which can contain names of devices such
// as eth0, as well as broadcast addresses to send to, such as
// 192.168.101.255, or the pseudo-name "all".
// in order to auto-peer, all cjdns nodes must use the same
// beaconPort.
"beacon": 2,
"beaconDevices": [ "all" ],
"beaconPort": 64512,
// Nodes to connect to (IPv4 only).
"connectTo": {
"169.255.57.31:64686":{
"contact":"tim@akinbo.org",
"gpg":"D0921234EC5F006D",
"password":"public",
"peerName":"akinbo-lagos",
"publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k",
"user":"takinbo"
// },
// Ask somebody who is already connected.
}
},
{
// Bind to this port.
"bind": "[::]:10315",
// Set the DSCP value for Qos. Default is 0.
// "dscp": 46,
// Nodes to connect to (IPv6 only).
"connectTo": {
// Add connection credentials here to join the network
// Ask somebody who is already connected.
}
}
],
// The interface which allows peering using layer-2 ethernet frames
"ETHInterface": [
// Alternatively bind to just one device and either beacon and/or
// connect to a specified MAC address
{
// Bind to this device (interface name, not MAC)
// "all" is a pseudo-name which will try to connect to all devices.
"bind": "all",
// Auto-connect to other cjdns nodes on the same network.
// Options:
//
// 0 -- Disabled.
//
// 1 -- Accept beacons, this will cause cjdns to accept incoming
// beacon messages and try connecting to the sender.
//
// 2 -- Accept and send beacons, this will cause cjdns to broadcast
// messages on the local network which contain a randomly
// generated per-session password, other nodes which have this
// set to 1 or 2 will hear the beacon messages and connect
// automatically.
//
"beacon": 2,
// Node(s) to connect to manually
// Note: does not work with "all" pseudo-device-name
"connectTo": {
// Credentials for connecting look similar to UDP credentials
// except they begin with the mac address, for example:
// "01:02:03:04:05:06":{"password":"a","publicKey":"b"}
}
}
]
},
// Configuration for the router.
"router": {
// supernodes, if none are specified they'll be taken from your peers
"supernodes": [
//"6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
],
// The interface which is used for connecting to the cjdns network.
"interface": {
// The type of interface (only TUNInterface is supported for now)
"type": "TUNInterface"
// The type of tunfd (only "android" for now)
// If "android" here, the tunDevice should be used as the pipe path
// to transfer the tun file description.
// "tunfd" : "android"
// The name of a persistent TUN device to use.
// This for starting cjdroute as its own user.
// *MOST USERS DON'T NEED THIS*
//"tunDevice": "tun0"
},
// System for tunneling IPv4 and ICANN IPv6 through cjdns.
// This is using the cjdns switch layer as a VPN carrier.
"ipTunnel": {
// Nodes allowed to connect to us.
// When a node with the given public key connects, give them the
// ip4 and/or ip6 addresses listed.
"allowedConnections": [
// Give the client an address on 192.168.1.0/24, and an address
// it thinks has all of IPv6 behind it.
// ip4Prefix is the set of addresses which are routable from the tun
// for example, if you're advertizing a VPN into a company network
// which exists in 10.123.45.0/24 space, ip4Prefix should be 24
// default is 32 for ipv4 and 128 for ipv6
// so by default it will not install a route
// ip4Alloc is the block of addresses which are allocated to the
// for example if you want to issue 4 addresses to the client, those
// being 192.168.123.0 to 192.168.123.3, you would set this to 30
// default is 32 for ipv4 and 128 for ipv6 (1 address)
// {
// "publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k",
// "ip4Address": "192.168.1.24",
// "ip4Prefix": 0,
// "ip4Alloc": 32,
// "ip6Address": "2001:123:ab::10",
// "ip6Prefix": 0
// "ip6Alloc": 64,
// },
// It's ok to only specify one address and prefix/alloc are optional.
// {
// "publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k",
// "ip4Address": "192.168.1.25",
// "ip4Prefix": 0,
// }
],
"outgoingConnections": [
// Connect to one or more machines and ask them for IP addresses.
// "6743gf5tw80ExampleExampleExampleExamplevlyb23zfnuzv0.k",
// "pw9tfmr8pcrExampleExampleExampleExample8rhg1pgwpwf80.k",
// "g91lxyxhq0kExampleExampleExampleExample6t0mknuhw75l0.k"
]
}
},
// Dropping permissions.
// In the event of a serious security exploit in cjdns, leak of confidential
// network traffic and/or keys is highly likely but the following rules are
// designed to prevent the attack from spreading to the system on which cjdns
// is running.
// Counter-intuitively, cjdns is *more* secure if it is started as root because
// non-root users do not have permission to use chroot or change usernames,
// limiting the effectiveness of the mitigations herein.
"security": [
// Change the user id to sandbox the cjdns process after it starts.
// If keepNetAdmin is set to 0, IPTunnel will be unable to set IP addresses
// and ETHInterface will be unable to hot-add new interfaces
// Use { "setuser": 0 } to disable.
// Default: enabled with keepNetAdmin
{ "setuser": "nobody", "keepNetAdmin": 1 },
// Chroot changes the filesystem root directory which cjdns sees, blocking it
// from accessing files outside of the chroot sandbox, if the user does not
// have permission to use chroot(), this will fail quietly.
// Use { "chroot": 0 } to disable.
// Default: enabled (using "/var/run")
{ "chroot": "/var/run/" },
// Nofiles is a deprecated security feature which prevents cjdns from opening
// any files at all, using this will block setting of IP addresses and
// hot-adding ETHInterface devices but for users who do not need this, it
// provides a formidable sandbox.
// Default: disabled
{ "nofiles": 0 },
// Noforks will prevent cjdns from spawning any new processes or threads,
// this prevents many types of exploits from attacking the wider system.
// Default: enabled
{ "noforks": 1 },
// Seccomp is the most advanced sandboxing feature in cjdns, it uses
// SECCOMP_BPF to filter the system calls which cjdns is able to make on a
// linux system, strictly limiting it's access to the outside world
// This will fail quietly on any non-linux system
// Default: enabled
{ "seccomp": 1 },
// The client sets up the core using a sequence of RPC calls, the responses
// to these calls are verified but in the event that the client crashes
// setup of the core completes, it could leave the core in an insecure state
// This call constitutes the client telling the core that the security rules
// have been fully applied and the core may run. Without it, the core will
// exit within a few seconds with return code 232.
// Default: enabled
{ "setupComplete": 1 }
],
// Logging
"logging": {
// Uncomment to have cjdns log to stdout rather than making logs available
// via the admin socket.
// "logTo": "stdout"
},
// If set to non-zero, cjdns will not fork to the background.
// Recommended for use in conjunction with "logTo":"stdout".
"noBackground": 0,
// Pipe file will store in this path, recommended value: /tmp (for unix),
// \\.\pipe (for windows)
// /data/local/tmp (for rooted android)
// /data/data/AppName (for non-root android)
// This only needs to be specified if cjdroute's guess is incorrect
// "pipe": "/tmp"
// This is to make the configuration be parsed in strict mode, which allows
// it to be edited externally using cjdnsconf.
"version": 2}
lovelynamess
commented
4 years ago Could you give me a configuration file? I really don't understand.
progval
commented
4 years ago You forgot to redact the private key once again... So you have to generate a config file again, and make sure you don't post your private key again.
This time, the issue was this line:
// },You must remove the // part.
progval
commented
4 years ago Could you give me a configuration file? I really don't understand.
Instructions are in the configuration file that is generated. I cannot do any better than that.
lovelynamess
commented
4 years ago Could you give me a configuration file? I really don't understand.
Instructions are in the configuration file that is generated. I cannot do any better than that. ok I first delete // part of
lovelynamess
commented
4 years ago You forgot to redact the private key once again... So you have to generate a config file again, and make sure you don't post your private key again.
This time, the issue was this line:
// },You must remove the
//part.
{
"publicKey": "3yj71qu60f7dxwyu83bd2j97qyxkjzr4bd7z2r78r7f628j71040.k",
"ipv6": "fc4d:66f6:a3ac:8efc:648d:97bc:a151:cfce",
"authorizedPasswords": [
{ "password": "wx9xf277r5h8munl8p7gc7ux94kv76v", "user": "default-login" }
"your.external.ip.goes.here:36570": {
"login": "default-login",
"password": "wx9xf277r5h8munl8p7gc7ux94kv76v",
"publicKey": "3yj71qu60f7dxwyu83bd2j97qyxkjzr4bd7z2r78r7f628j71040.k",
"peerName": "your-name-goes-here"
},
],
"admin": {
"bind": "127.0.0.1:11234",
"password": "NONE"
},
"interfaces": {
"UDPInterface": [
{
"bind": "0.0.0.0:36570",
"beacon": 2,
"beaconDevices": [ "all" ],
"beaconPort": 64512,
"connectTo": {
}
},
{
"bind": "[::]:36570",
"connectTo": {
}
],
"ETHInterface": [
{
"bind": "all",
"beacon": 2,
"connectTo": {
}
}
]
},
"router": {
"supernodes": [
],
"interface": {
"type": "TUNInterface"
},
"ipTunnel": {
"allowedConnections": [
],
"outgoingConnections": [
]
}
},
"security": [
{ "setuser": "nobody", "keepNetAdmin": 1 },
{ "chroot": "/var/run/" },
{ "nofiles": 0 },
{ "noforks": 1 },
{ "seccomp": 1 },
{ "setupComplete": 1 }
],
"logging": {
},
"noBackground": 0,
"version": 2} {
"publicKey": "2zw22wl6nhn8puwby42hky1wrsbbj1ylpu54nbpwwxzzps3n89r0.k",
"ipv6": "fcfe:97e6:3582:e6f2:a96e:bef9:55d5:fbac",
"authorizedPasswords": [
{ "password": "b65chgvy0k7vp65kv18ud8myv23c4cg", "user": "default-login" }
"your.external.ip.goes.here:10315": {
"login": "default-login",
"password": "b65chgvy0k7vp65kv18ud8myv23c4cg",
"publicKey": "2zw22wl6nhn8puwby42hky1wrsbbj1ylpu54nbpwwxzzps3n89r0.k",
"peerName": "your-name-goes-here"
},
*/
],
"admin": {
"bind": "127.0.0.1:11234",
"password": "NONE"
},
"interfaces": {
"UDPInterface": [
{
"bind": "0.0.0.0:10315",
"beacon": 2,
"beaconDevices": [ "all" ],
"beaconPort": 64512,
"connectTo": {
}
},
{
"bind": "[::]:10315",
"connectTo": {
}
}
],
"ETHInterface": [
{
"bind": "all",
"beacon": 2,
"connectTo": {
}
}
]
},
"router": {
"supernodes": [
],
"interface": {
"type": "TUNInterface"
},
"ipTunnel": {
"allowedConnections": [
],
"outgoingConnections": [
]
}
},
"security": [
{ "setuser": "nobody", "keepNetAdmin": 1 },
{ "chroot": "/var/run/" },
{ "nofiles": 0 },
{ "noforks": 1 },
{ "seccomp": 1 },
{ "setupComplete": 1 }
],
"logging": {
},
"noBackground": 0,
"version": 2} Now I hide the private key and delete some of the //
progval
commented
4 years ago But it's too late now, the private key is already leaked, so your connection would no longer be secure. You need to generate a new one.
lovelynamess
commented
4 years ago But it's too late now, the private key is already leaked, so your connection would no longer be secure. You need to generate a new one.
(./do)Could this command generate new ones?
progval
commented
4 years ago No. ./do recompile cjdns. To generate new keys, use ./makekeys | head -n 1 and then replace them in the file wherever needed.
Or use ./cjdroute --genconf again, to generate a new config file with new keys at the right place.
lovelynamess
commented
4 years ago No.
./dorecompile cjdns. To generate new keys, use./makekeys | head -n 1and then replace them in the file wherever needed.Or use
./cjdroute --genconfagain, to generate a new config file with new keys at the right place.
{
"publicKey": "1qlnld17kfxhtlkzpyjgvxswbx242kpmsg03171sbqvly59d55j0.k",
"ipv6": "fcab:0376:e099:e6f4:307c:85a9:71d6:ce00",
"authorizedPasswords": [
{ "password": "3hw3fq83npfjqupp55nyn278b7tbsb2", "user": "default-login" }
"your.external.ip.goes.here:26848": {
"login": "default-login",
"password": "3hw3fq83npfjqupp55nyn278b7tbsb2",
"publicKey": "1qlnld17kfxhtlkzpyjgvxswbx242kpmsg03171sbqvly59d55j0.k",
"peerName": "your-name-goes-here"
},
*/
],
"admin": {
"bind": "127.0.0.1:11234",
"password": "NONE"
},
"interfaces": {
"UDPInterface": [
{
"bind": "0.0.0.0:26848",
"beacon": 2,
"beaconDevices": [ "all" ],
"beaconPort": 64512,
"connectTo": {
}
},
{
"bind": "[::]:26848",
"connectTo": {
}
}
],
"ETHInterface": [
{
"bind": "all",
"beacon": 2,
"connectTo": {
}
}
]
},
"router": {
"supernodes": [
],
"interface": {
"type": "TUNInterface"
},
"ipTunnel": {
"allowedConnections": [
],
"outgoingConnections": [
]
}
},
"security": [
{ "setuser": "nobody", "keepNetAdmin": 1 },
{ "chroot": "/var/run/" },
{ "nofiles": 0 },
{ "noforks": 1 },
{ "seccomp": 1 },
{ "setupComplete": 1 }
],
"logging": {
},
"noBackground": 0,
"version": 2} This is the new configuration data and I hide the private key
progval
commented
4 years ago Good. Now you can add your peer configuration.
lovelynamess
commented
4 years ago Good. Now you can add your peer configuration.
sudo ./cjdroute < cjdroute.conf Warning: expected a comment starting with "//" or "/*", instead found "/v" Failed to parse configuration. JsonBencMessageReader.c:300 Error parsing config (line 15 column 11): While looking for something to parse: expected one of - 0 1 2 3 4 5 6 7 8 9 [ { ", found [y]
lovelynamess
commented
4 years ago Good. Now you can add your peer configuration.
'm confused
lovelynamess
commented
4 years ago Good. Now you can add your peer configuration.
It's too difficult
progval
commented
4 years ago Good. Now you can add your peer configuration.
sudo ./cjdroute < cjdroute.conf Warning: expected a comment starting with "//" or "/*", instead found "/v" Failed to parse configuration. JsonBencMessageReader.c:300 Error parsing config (line 15 column 11): While looking for something to parse: expected one of - 0 1 2 3 4 5 6 7 8 9 [ { ", found [y]
Once again, I can't help you if I don't see the config file.
Good. Now you can add your peer configuration.
'm confused
I mean this:
"169.255.57.31:64686":{
"contact":"tim@akinbo.org",
"gpg":"D0921234EC5F006D",
"password":"public",
"peerName":"akinbo-lagos",
"publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k",
"user":"takinbo"
}Mean to turn this data into cjdroute. Conf?
My configuration file was sent to you earlier (deleted part of //), do you paste this you sent in? I'm a little embarrassed
---Original--- From: "Valentin Lorentz"<notifications@github.com> Date: Sun, Jan 5, 2020 03:35 AM To: "hyperboria/bugs"<bugs@noreply.github.com>; Cc: "Manual"<manual@noreply.github.com>;"Jacker7777"<909134508@qq.com>; Subject: Re: [hyperboria/bugs] How to configure friends on cjdns? (#192)
Good. Now you can add your peer configuration.
sudo ./cjdroute < cjdroute.conf Warning: expected a comment starting with "//" or "/*", instead found "/v" Failed to parse configuration. JsonBencMessageReader.c:300 Error parsing config (line 15 column 11): While looking for something to parse: expected one of - 0 1 2 3 4 5 6 7 8 9 [ { ", found [y]
Once again, I can't help you if I don't see the config file.
On 04/01/2020 15:44, Jacker7777 wrote:
Good. Now you can add your peer configuration.
'm confused
I mean this:
"169.255.57.31:64686":{ "contact":"tim@akinbo.org", "gpg":"D0921234EC5F006D", "password":"public", "peerName":"akinbo-lagos", "publicKey":"cztrrwlf24zq3fs2jkgm8dcv6lxlhhun6xumrndv5f3fkrdkpz10.k", "user":"takinbo" }
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Hello,i want to enter hyperboria and I'm stuck at the step of configuring friends.If you can help me appreciate it.T his is my kali cjdns Unterminated list Failed to parse configuration. JsonBencMessageReader.c:159 Error parsing config (line 101 column 16): Unterminated string Please help me.