If you need assistance on DN42 configuration, you may refer to DN42 Experimental Network: Intro and Registration and my previous articles on DN42.
"1xRTT" Peering¶
I live in China, and (many of) you may be on the opposite side of the planet. This means that due to timezone differences, one round of information exchange (you send an email, I respond while you sleep, you see my reply after wake up) may need 24 hours or even more.
Here I provide instructions to perform "1xRTT" peering, which means we can peer with only one email from you and one email from me. Even if you and me are in the same timezone, this will still simplify things.
- Choose a server from the list below. Usually this will be the one with lowest latency (ping) to your server.
- If you have multiple servers in DN42, I'm open to peering with all of them at once.
- Choose a type of VPN for tunneling.
- I usually prefer WireGuard and OpenVPN, but others such as GRE/IPSec, GRE/Plain and ZeroTier will also work.
- WARN: I DO NOT peer with servers in mainland China, to avoid possible legal issues.
- I'm also willing to try new types of VPNs - just ask!
- Configure BGP daemon and VPN software on your side. You may assume I will use the following configuration:
- My General Information:
- ASN: 4242422547
- Public IP: listed below
- DN42 IPv4 (IP used in tunnel on my end): listed below
- If you need an address block (such as /30) for IPv4 tunnel, it will come out of your address space.
- This is usually needed for hardware routers, such as Mikrotik.
- DN42 IPv6: fe80::2547 for peering over link-local addresses
- If you need an address block (such as /64) for IPv6 tunnel, it will come out of your address space.
- Multiprotocol BGP (MP-BGP):
- Although I support MP-BGP, I still configure two BGP sesssions (1 IPv4 & 1 IPv6) by default.
- If you also support MP-BGP and only need one session, just let me know.
- For creating a tunnel connection:
- WireGuard/OpenVPN port on my side: last 5 digits of your ASN
- e.g. 4242420001 means I will use port 20001
- OpenVPN static key: generated by you, send to me later
- GRE/IPSec public key: listed below
- OpenVPN/IPSec default configuration: show below
- If you can't use my default configuration, set something suitable for you and send it to me
- ZeroTier One: I will request to join your network
- You may try to invite my server to your network, if possible
- WireGuard/OpenVPN port on my side: last 5 digits of your ASN
- My General Information:
- Send the following information via email to b980120@hotmail.com:
- Your General Information:
- ASN
- Public IP
- I prefer IPv4 since IPv6 is tunnelled on some of my servers (HE.NET Tunnelbroker)
- DN42 IPv4 and IPv6 (IP used in tunnel on your end)
- Or address blocks, if you need them for the tunnel
- Including link-local address for IPv6 peering
- Which server you want to peer with
- For creating a tunnel connection:
- WireGuard/OpenVPN port on your side
- I will assume 22547 if you don't specify
- OpenVPN static key (generated by you)
- GRE/IPSec public key
- ZeroTier One: Your network ID (I will request to join your network)
- OpenVPN/IPSec custom configuration (if necessary)
- WireGuard/OpenVPN port on your side
- Your General Information:
- Wait till I set up the tunnel and peering, and respond to your email. Usually peering is successful by now.
- You may use my Looking Glass to debug our connection.
PS: It's not recommended to contact me over IRC. Although I leave my IRC client running, I only read messages once or twice per month, unless you ask me to do so in email. And IRC chat is unlikely to be instant due to timezone differences.
My Network¶
- ASN: 4242422547
- IPv4 Pool: 172.22.76.184/29 and 172.22.76.96/27
- IPv6 Pool: fdbc:f9dc:67ad::/48
- My Side's Default Port: last 5 digits of your ASN
- Looking glass: https://lg.lantian.pub
Servers¶
Server 1: Hong Kong, China, provider IDC.wiki (originally 50KVM)
Domain:
50kvm.lantian.pub
Public IPv4:
23.226.61.104
Public IPv6:
2001:470:19:10bd::1
DN42 IPv4:
172.22.76.186
DN42 IPv6:
fdbc:f9dc:67ad:1::1
Link-local IPv6:
fe80::2547
WireGuard Public Key:
xelzwt1j0aoKjsQnnq8jMjZNLbLucBPwPTvHgFH/czs=
IPSec Public Key:
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzy8ZqMazr2Ur6jiEoVdr 1d8WJaWTySaSwQqhkMnWKNv9Zuk4aITyBxHmtNfVexJGploAeby0zCqLS8CiNbor odPgOPjJdVzkgu6nS+mq1mrjMtrUYJE+GkoILpFoz3z5zS40q2eLh1TJUGQdhSai dTkLiAB6XbBXUBZUPDdBGeKQ72EYBck2oJKpe8B/gXXGwyZqlM7h3h4w8XkOYcrF CI6wbpusiPKaSOW1TkgHHBlIo0qje+Hbax+HcBlrRiftWl5cgVxyS5G7FvNgFVj5 H3Tlvhh+wnhdaYQcsaWvcUDHZhOGqeIO1OJMXZ1oi55Mhr7/gFEw1ELk9VWVM+Mj KmAY/7X7l2fupt7QqFHh453kT1P6v75GnLyGLcbgIkAFJyqWiGUT0/TcTEtXimDn +e4Tt5XBYr6YoKsF2YZtcQbQp0UyUGECvKbU1JAmpJoZl+6nUdv89RCOTxvyxpv9 0cSX2NLt05nA93BBKm5wwjClIrablF6nnvuWY3pQrneZFgz9iDaBRqQJWpcfw8Qa v1Oi/Uug7kl/v/OZEV7xMV71e5OnQlWjwp5dhmIgmkUMEsEviFoVwUPnDsgamzF4 p1iBnYAPBVbJm2pTv/AerKdCBOj6XwGu2N12bZNtSuDFbZR7tOTytB+/tcQBXaPu 2DslNqlf/ddRj0Avj5pV/5UCAwEAAQ== -----END PUBLIC KEY-----
Server 2:Los Angeles, United States, provider HostDare
Domain:
hostdare.lantian.pub
Public IPv4:
185.186.147.110
Public IPv6:
2607:fcd0:100:b100::198a:b7f6
DN42 IPv4:
172.22.76.185
DN42 IPv6:
fdbc:f9dc:67ad:3::1
Link-local IPv6:
fe80::2547
WireGuard Public Key:
zyATu8FW392WFFNAz7ZH6+4TUutEYEooPPirwcoIiXo=
IPSec Public Key:
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw5uRE2augI9l4pCKG6Kh qFTXGIcxtp367yLnKb5SPlYt3p2evpo58KNYMZtB50/iaUy/jkBDWEYPuwXMmKc1 hjWC3C1/ZS5KLlM8zY3S7LCc+GhJw5DuC7dQpeadLzpKpIOqzcIOUh0qe0mkOXCS f+ulgCYTH1nh5xENvfV0ulxv37SjdZFjORGwIYpARvdJ6DsyEbyNyDsm8Va8XLen DQrVZjQM0Dw8BcFqIysVpPsjGzddO58KUCln02Y+l9OUXuH46z5i4SdpqpAS60q3 hhJNzSSZCvfs38/fEelq3rAn+73lXBJKKtBgmYku+t2/stfQuV3Jem7EcM21nnWJ aKBem8+WRmWvYbr1eJZBYSbIQNaPgN8kcnapUq0VPS8jS2vmx63uATnetc0ZN5yG 1t8HMmkAN2QB9+Hl28iVvYCgwK3R0wRfZNlIMLechMjHlyi2Pp9+0hMB1yRH6+tq isYGJtm2ZqQ+1+Z17FLb1zNBoMniV+rdkMXxJT7sac5dFv3J4nbxdDYQzdK2gUq+ 6ZOtBjgJF66GogwaclL0XdU8PANwfzOSapsnjeo3O7EOteEc/1Tf2sFU0KzcxY2B 3rKqHX/sThD3xaBbF1sS/JvN9yTrPcCOIzAePlKA+3+n7JabtKRtVvJXUwmidwja OLIBFYyHNksKOBYLkeFhrAMCAwEAAQ== -----END PUBLIC KEY-----
Server 3: New York, United States, provider VirMach
Domain:
virmach-ny1g.lantian.pub
Public IPv4:
107.172.134.89
Public IPv6:
2001:470:1f07:54d::1
DN42 IPv4:
172.22.76.190
DN42 IPv6:
fdbc:f9dc:67ad:8::1
Link-local IPv6:
fe80::2547
WireGuard Public Key:
a+zL2tDWjwxBXd2bh OjR/BEmRe2tJF9DHFmZIE+Rk=
IPSec Public Key:
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvi/9B2Ms73OqyITx7fmF euImT7rHexwQ8Xz6Hdn8O6FfPK9XLBYRnxYxOT616PNfwHxZpddQgE9ilgmCmGH/ W/7+gF+Ub0WfPPsmCjQ0XoYB32bEv9FTuF0Z94A2HGB4DW7b4zRcwC63NgTWLZ1t S+josno+1Q4pwmffNipPm/Z3jH+DMoJep8ShqANG3JKnzAR40X1XHv9KpYIgyIgZ QGChXK55rY7zprQQ+Hab2sHZ1vAlsfQ0OitgIYqc770Tewfz9AWbOLqz6WIPifKg 9Mhzli1dsO5rBG3VG3KAuJOejiEZKrG1EteWW24Zv5iRCh2qTbiyZmHHlKpwukOw UwLyE3k8b8ZnAF0rpZ3Amq0W1zZXI6M9VXtcyHUPUCFICdTluE9UHHpFDCQvolqO UuEzqJ6FyAXMhH14JG19uM+uGcbLEtFOQR13iQK8LnVWVl3nF3AqHUthdXCmWqb/ IjfcThEFvno4qE95ByOzIW3/AR+IWSU1XDEQZieIztQqJvUADUl60j4lbM5+SbLw uBcAjWSK8wLeUqy8CLeIv41olKnpPXTNbouu+E/7qxOLEfjkx6QZ3DhN1UGtPFQS Xt1p+DuItBlcE2vJzADHTCb3LsdhMQ3q3reH9DVbDxyIxrKxpcVJHHI37rboBDl9 BWxEF0pSRIaVU2DExNVLz6ECAwEAAQ== -----END PUBLIC KEY-----
Server 4: Frankfurt, Germany, provider Virtono
- Domain:
virtono.lantian.pub
- Public IPv4:
45.138.97.165
- Public IPv6:
2001:ac8:20:3::433a:a05d
- DN42 IPv4:
172.22.76.187
- DN42 IPv6:
fdbc:f9dc:67ad:2::1
- Link-local IPv6:
fe80::2547
- WireGuard Public Key:
DkmSBCIgrxPPZmT07DraoCSD/jSByjPkYqHJWfVZ5hM=
- IPSec Public Key: None yet (will generate one if someone ever needs IPSec)
- Domain:
Server 5: Romania, provider HostSolutions
Domain:
hostsolutions.lantian.pub
Public IPv4:
45.14.150.211
Public IPv6:
2001:470:1f1b:bb::1
- This node has high latency (~50ms) to HE tunnel broker, so IPv4 is preferred, unless you only have IPv6.
DN42 IPv4:
172.22.76.188
DN42 IPv6:
fdbc:f9dc:67ad:9::1
Link-local IPv6:
fe80::2547
WireGuard Public Key:
2IZ5IbVgEm8kIKyCtqj1hfkRb+OP51tOBrwSk=
khchIPSec Public Key:
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs1pxDctgxMG6oxVOPgO7 LXDTBf8V4H2CJAGUBkJaFo5hi6seWDjmyhbtPU6Sop0Bpq/cKoHkWgN5RLpdeeHm y1Hh+75jacjvyZG+KcReRerAzGjwizgeq7te9HySo1vncYnPnU4piJgMl/A2g52/ irv/FHP46RPGjky3joUW5Bt35qSQuvBJJB2G2LW2spgUxcBBtviLbHVfFY/Suj8R qYaIP/DV56hggkFEmrxVC5rOc4CIWijYIS5pYxyCk1yZqsH6uCpFLXyOUMt/k8ut 5fb/KLdt1HcGTUqfBsJNZzhSEq058YalvWdhz+QFQMELcQe0CB8nRbNH5c4qZAyQ nxiV07Aexa+LYFWIPfbDJZqTwqOTmeRzSXkQt5FTVHuiWihJs7nhGDYtMRWLKGAO xnBkz+O0bwl1HKJ2ddi4h2UAz2pJTruqp8B72Z3VtISdxi7qkUcItsEHZAvY0Hc0 uFhDg1ZEgm4ER75b4/GIogZiba7euXWn/jYbDpXy6EkfrVgA7oqMFdY+4/zWQ9wV BwuMCa5KPW3LydVQARPFDs1K59qGrs6JLnv0juM9rtW14YYHF0/wj6syjE5QDcY+ 4bjsVSByB2ZhMUMLdKusS/oA6CDyF3doGvlzbo70BgKYifagBbw+l3wD0CUzH3Zn bl9kuJhvIz++kAAj7VCLYUECAwEAAQ== -----END PUBLIC KEY-----
My Config Templates (Default Parameters)¶
If you plan to copy my templates, remember to swap information of both sides, such as IPs.
OpenVPN:
proto udp
mode p2p
remote [YOUR_IP]
rport 22547
local [MY_IP]
lport [LAST_5_DIGITS_OF_YOUR_ASN]
dev-type tun
resolv-retry infinite
dev dn42-[PEER_NAME]
comp-lzo
persist-key
persist-tun
tun-ipv6
cipher aes-256-cbc
ifconfig [MY_DN42_IP] [YOUR_DN42_IP]
ifconfig-ipv6 fe80::2547 [YOUR_LINK_LOCAL_IP]
# Remove stable-privacy IPv6 address
script-security 2
up "/bin/sh -c '/sbin/sysctl -w net.ipv6.conf.$dev.autoconf=0 && /sbin/sysctl -w net.ipv6.conf.$dev.accept_ra=0 && /sbin/sysctl -w net.ipv6.conf.$dev.addr_gen_mode=1'"
<secret>[STATIC_KEY]</secret>
ipsec.conf:
conn dn42-[PEER_NAME]
keyexchange=ikev1
ike=aes128-sha384-ecp384!
esp=aes128gcm16-ecp384!
ikelifetime=28800s
authby=pubkey
dpdaction=restart
lifetime=3600s
type=transport
auto=start
keyingtries=%forever
left=[MY_IP]
right=[YOUR_IP]
leftrsasigkey=/etc/ipsec.d/public/mykey.pem
rightrsasigkey=/etc/ipsec.d/public/[YOUR_KEY].pem