Lan Tian @ Blog

DN42

Chinese information comes after English. If you are on PC, use the navigation on the left to jump around.

中文信息在英文信息之后。如果你使用电脑浏览,可以使用左侧导航栏跳转。

English: “1xRTT” Peering

I live in China, and (many of) you may be on the opposite side of the planet. This means that due to timezone differences, one round of information exchange (you send an email, I respond while you sleep, you see my reply after wake up) may need 24 hours or even more.

Here I provide instructions to perform “1xRTT” peering, which means we can peer with only one email from you and one email from me. Even if you and me are in the same timezone, this will still simplify things.

  1. Choose a server from the list below. Usually this will be the one with lowest latency (ping) to your server.
    • If you have multiple servers in DN42, I’m open to peering with all of them at once.
  2. Choose a type of VPN for tunneling.
    • I usually prefer WireGuard and OpenVPN, but others such as GRE/IPSec, GRE/Plain and ZeroTier will also work.
    • I’m also willing to try new types of VPNs - just ask!
  3. Configure BGP daemon and VPN software on your side. You may assume I will use the following configuration:
    • My General Information:
      • ASN: 4242422547
      • Public IP: listed below
      • DN42 IPv4 (IP used in tunnel on my end): listed below
        • If you need an address block (such as /30) for IPv4 tunnel, it will come out of your address space.
        • This is usually needed for hardware routers, such as Mikrotik.
      • DN42 IPv6: fe80::2547 for peering over link-local addresses
        • If you need an address block (such as /64) for IPv6 tunnel, it will come out of your address space.
    • For creating a tunnel connection:
      • WireGuard/OpenVPN port on my side: last 5 digits of your ASN
        • e.g. 4242420001 means I will use port 20001
      • OpenVPN static key: generated by you, send to me later
      • GRE/IPSec public key: listed below
      • OpenVPN/IPSec default configuration: show below
        • If you can’t use my default configuration, set something suitable for you and send it to me
      • ZeroTier One: I will request to join your network
        • You may try to invite my server to your network, if possible
  4. Send the following information via email to b980120@hotmail.com:
    • Your General Information:
      • ASN
      • Public IP
        • I prefer IPv4 since IPv6 is tunnelled on some of my servers (HE.NET Tunnelbroker)
      • DN42 IPv4 and IPv6 (IP used in tunnel on your end)
        • Or address blocks, if you need them for the tunnel
        • Including link-local address for IPv6 peering
    • For creating a tunnel connection:
      • WireGuard/OpenVPN port on your side
        • I will assume 22547 if you don’t specify
      • OpenVPN static key (generated by you)
      • GRE/IPSec public key
      • ZeroTier One: Your network ID (I will request to join your network)
      • OpenVPN/IPSec custom configuration (if necessary)
  5. Wait till I set up the tunnel and peering, and respond to your email. Usually peering is successful by now.

PS: It’s not recommended to contact me over IRC. Although I leave my IRC client running, I only read messages once or twice per month, unless you ask me to do so. And IRC chat is unlikely to be instant due to timezones.

(Please skip the next section, it’s the same thing as above but in Chinese)

中文:“1xRTT” 对接(Peering)

我住在中国,而你有可能在地球的另一侧。此时我们的一轮邮件(你发一封,我在你睡着时回复,你醒来后查看)需要 24 小时甚至更多。

以下是进行 “1xRTT” 对接(Peering)的说明,意味着我们可以只用两封邮件建立 Peering,一封来自你,一封来自我。即使没有时区差异,“1xRTT” Peering 仍然能减少很多麻烦。

  1. 从下面的列表中选择一个服务器。一般你应该选择到你那边延迟(Ping)最低的服务器。
    • 如果你有多台服务器加入 DN42,并且愿意的话,我可以同时建立多个 Peering。
  2. 选择一种 VPN 建立隧道。
    • 我偏好使用 WireGuard 和 OpenVPN,但 GRE/IPSec,明文 GRE 和 ZeroTier One 也可以。
    • 我也愿意尝试其它种类的 VPN,只要你询问就可以了。
  3. 在你那边配置好 VPN 隧道和 BGP 客户端。你可以假设我会使用以下的配置:
    • 基础信息:
      • ASN:4242422547
      • 公网 IP:见以下列表
      • DN42 IPv4(隧道我这端的地址):见以下列表
        • 如果你需要为隧道设置一个地址块(例如 /30),这个地址块将来自你的地址池(由你分配给我)。
        • 以上设置常见于 Mikrotik 等硬件路由器。
      • DN42 IPv6: fe80::2547,用于本地链路(Link-local)连接
        • 如果你需要为隧道设置一个地址块(例如 /64),这个地址块将来自你的地址池(由你分配给我)。
    • 建立 VPN 隧道:
      • WireGuard/OpenVPN 我这端的端口号:你的 ASN 的后五位
        • 例如 4242420001 意味着我会使用 20001 端口
      • OpenVPN 预共享密钥:你来生成,之后发送给我
      • GRE/IPSec 公钥:见以下列表
      • OpenVPN/IPSec 默认设置:见下
        • 如果你无法使用我的默认参数,请设置好你可以接受的参数,然后发送给我。
      • ZeroTier One:我会申请加入你的网络
        • 如果可以的话,你可以尝试发送加入网络的邀请。
  4. 将以下信息发邮件给 b980120@hotmail.com:
    • 基础信息:
      • ASN
      • 公网 IP
        • 我偏好 IPv4 地址,因为在我的一些服务器上,IPv6 是由隧道提供的(即 HE.NET Tunnelbroker)
      • DN42 IPv4 and IPv6(隧道你那端的地址)
        • 或者地址块,如果你需要的话
        • 对于 IPv6 Peering,需要包括本地链路(Link-local)地址
    • 建立 VPN 隧道:
      • WireGuard/OpenVPN 你那段的端口号
        • 如果你不写明,我会假设你使用 22547 端口
      • OpenVPN 预共享密钥:由你生成
      • GRE/IPSec 公钥
      • ZeroTier One:你的网络 ID(我会申请加入)
      • OpenVPN/IPSec 设置参数(如果你无法使用我的默认参数)
  5. 等我设置好 VPN 隧道和 Peering,然后回复邮件。一般这时 Peering 就已经成功了。

注:我不建议通过 IRC 联系我。虽然我开着 IRC 客户端,但我每月只会去看一两次信息,除非你主动要求。

My Network / 基本信息

  • ASN: 4242422547
  • IPv4 Pool / 地址池:172.22.76.184/29 and 172.22.76.96/28
  • IPv6 Pool / 地址池:fdbc:f9dc:67ad::/48
  • My Side’s Default Port: last 5 digits of your ASN
  • 我这边的默认端口号:你的 ASN 的后五位
  • Looking glass / 服务状态:https://lg.lantian.pub / https://lg-alt.lantian.pub

Servers / 服务器列表

Server 1: Hong Kong, China, provider GigsGigsCloud

服务器 1:中国香港,GigsGigsCloud 服务商

English中文Value / 数值
Public IPv4公网 IPv4103.42.215.193
Public IPv6公网 IPv62001:470:19:10bb::1
DN42 IPv4172.22.76.186
DN42 IPv6fdbc:f9dc:67ad::8b:c606:ba01
Link-local IPv6本地链路 IPv6fe80::2547
WireGuard Public KeyWireGuard 公钥xelzwt1j0aoKjsQnnq8jMjZNLbLucBPwPTvHgFH/czs=

IPSec Public Key / IPSec 公钥:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzy8ZqMazr2Ur6jiEoVdr
1d8WJaWTySaSwQqhkMnWKNv9Zuk4aITyBxHmtNfVexJGploAeby0zCqLS8CiNbor
odPgOPjJdVzkgu6nS+mq1mrjMtrUYJE+GkoILpFoz3z5zS40q2eLh1TJUGQdhSai
dTkLiAB6XbBXUBZUPDdBGeKQ72EYBck2oJKpe8B/gXXGwyZqlM7h3h4w8XkOYcrF
CI6wbpusiPKaSOW1TkgHHBlIo0qje+Hbax+HcBlrRiftWl5cgVxyS5G7FvNgFVj5
H3Tlvhh+wnhdaYQcsaWvcUDHZhOGqeIO1OJMXZ1oi55Mhr7/gFEw1ELk9VWVM+Mj
KmAY/7X7l2fupt7QqFHh453kT1P6v75GnLyGLcbgIkAFJyqWiGUT0/TcTEtXimDn
+e4Tt5XBYr6YoKsF2YZtcQbQp0UyUGECvKbU1JAmpJoZl+6nUdv89RCOTxvyxpv9
0cSX2NLt05nA93BBKm5wwjClIrablF6nnvuWY3pQrneZFgz9iDaBRqQJWpcfw8Qa
v1Oi/Uug7kl/v/OZEV7xMV71e5OnQlWjwp5dhmIgmkUMEsEviFoVwUPnDsgamzF4
p1iBnYAPBVbJm2pTv/AerKdCBOj6XwGu2N12bZNtSuDFbZR7tOTytB+/tcQBXaPu
2DslNqlf/ddRj0Avj5pV/5UCAwEAAQ==
-----END PUBLIC KEY-----

Server 2:Los Angeles, United States, provider HostDare

服务器 2: 美国洛杉矶,HostDare 服务商

English中文Value / 数值
Public IPv4公网 IPv4185.186.147.110
Public IPv6公网 IPv62001:470:d:46e::1
DN42 IPv4172.22.76.185
DN42 IPv6fdbc:f9dc:67ad::dd:c85a:8a93
Link-local IPv6本地链路 IPv6fe80::2547
WireGuard Public KeyWireGuard 公钥zyATu8FW392WFFNAz7ZH6+4TUutEYEooPPirwcoIiXo=

IPSec Public Key / IPSec 公钥:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw5uRE2augI9l4pCKG6Kh
qFTXGIcxtp367yLnKb5SPlYt3p2evpo58KNYMZtB50/iaUy/jkBDWEYPuwXMmKc1
hjWC3C1/ZS5KLlM8zY3S7LCc+GhJw5DuC7dQpeadLzpKpIOqzcIOUh0qe0mkOXCS
f+ulgCYTH1nh5xENvfV0ulxv37SjdZFjORGwIYpARvdJ6DsyEbyNyDsm8Va8XLen
DQrVZjQM0Dw8BcFqIysVpPsjGzddO58KUCln02Y+l9OUXuH46z5i4SdpqpAS60q3
hhJNzSSZCvfs38/fEelq3rAn+73lXBJKKtBgmYku+t2/stfQuV3Jem7EcM21nnWJ
aKBem8+WRmWvYbr1eJZBYSbIQNaPgN8kcnapUq0VPS8jS2vmx63uATnetc0ZN5yG
1t8HMmkAN2QB9+Hl28iVvYCgwK3R0wRfZNlIMLechMjHlyi2Pp9+0hMB1yRH6+tq
isYGJtm2ZqQ+1+Z17FLb1zNBoMniV+rdkMXxJT7sac5dFv3J4nbxdDYQzdK2gUq+
6ZOtBjgJF66GogwaclL0XdU8PANwfzOSapsnjeo3O7EOteEc/1Tf2sFU0KzcxY2B
3rKqHX/sThD3xaBbF1sS/JvN9yTrPcCOIzAePlKA+3+n7JabtKRtVvJXUwmidwja
OLIBFYyHNksKOBYLkeFhrAMCAwEAAQ==
-----END PUBLIC KEY-----

Server 3: New York, United States, provider VirMach

服务器 3: 美国纽约,VirMach 服务商

English中文Value / 数值
Public IPv4公网 IPv4107.172.134.89
Public IPv6公网 IPv6/
DN42 IPv4172.22.76.190
DN42 IPv6fdbc:f9dc:67ad::cc:433e:da3b
Link-local IPv6本地链路 IPv6fe80::2547
WireGuard Public KeyWireGuard 公钥a+zL2tDWjwxBXd2bho2OjR/BEmRe2tJF9DHFmZIE+Rk=

IPSec Public Key: None yet (will generate one if someone ever needs IPSec)

IPSec 公钥:暂无(等有人需要 IPSec 再生成)

Default Parameters / 默认参数

OpenVPN:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
proto         udp
mode p2p
remote [YOUR_IP]
rport 22547
local [MY_IP]
lport [LAST_5_DIGITS_OF_YOUR_ASN]
dev-type tun
resolv-retry infinite
dev dn42-billchen
comp-lzo
persist-key
persist-tun
tun-ipv6
cipher aes-256-cbc
ifconfig [MY_DN42_IP] [YOUR_DN42_IP]
ifconfig-ipv6 fe80::2547 [YOUR_LINK_LOCAL_IP]
<secret>[YOUR_STATIC_KEY]</secret>

ipsec.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
conn dn42-yourname
keyexchange=ikev1
ike=aes128-sha384-ecp384!
esp=aes128gcm16-ecp384!
ikelifetime=28800s
authby=pubkey
dpdaction=restart
lifetime=3600s
type=transport
auto=start
keyingtries=%forever
left=[MY_IP]
right=[YOUR_IP]
leftrsasigkey=/etc/ipsec.d/public/mykey.pem
rightrsasigkey=/etc/ipsec.d/public/[YOUR_KEY].pem