-
Notifications
You must be signed in to change notification settings - Fork 11
/
sixxsd.conf
150 lines (129 loc) · 5.23 KB
/
sixxsd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# sixxsd configuration - Jeroen Massar <[email protected]>
#
## THIS CODE IS HISTORIC AND INTENDED FOR REFERENCE ONLY ####################
#
# sixxsd is provided for HISTORIC purposes, to show an insight into
# how SixXS handled provisioning massive amounts of tunnels on
# many PoPs around the world.
#
# SixXS shut down as IPv6 and deploying it is happening for 20+ years...
# Thus, please, finally, get *native* IPv6!!!!!
#
# If you need a tunneling solution fit for 2017 and beyond: use Wireguard!
# Do not send plaintext traffic over the Internet as is the case with
# proto-41, heartbeat and AYIYA tunnels.
#
# Please also note that because of the cleartext various attacks are actually
# possible that can affect operation of such tunnels. MD5 used by heartbeat
# is easily fakeable, AYIYA uses good old SHA1 as a hash signature.
#
# As such, we repeat again: sixxsd is intended for historic insight,
# do not operate anymore on the public Internet.
#############################################################################
#
# sixxsd was custom made for SixXS to handle massive provisioning of IPv6 tunnels.
# As such it is optimized for handling a /40 of tunnels/subnets, it cannot be
# used for smaller prefixes, as it was not designed for that purpose.
#
# Note: that 'pop saveconfig' saves the configuration file
# and then it loses all comments... these comments are thus
# here purely for clarification and historic purposes.
#
# Noting that 'help' on the CLI will show information about commands.
# PoP Configuration
pop
set
# Details about all the PoPs in the mesh.
#
# This so that PoPs now eachother, which
# was primarily planned as a feature for
# cross-mesh communications and/or moving
# tunnels between PoPs, but that was never
# implemented in the end, enotime...
details 1 chtst01 192.0.2.42 2001:db8::42
details 2 chtst02 192.0.2.66 2001:db8::66
# This PoP has id 1 and thus the above
# defined global IP address details
id 1
end
# The prefix (always a full /48) that is used
# for tunnels of size /64.
#
# Half of this space is used for /64's that are
# routed behind the tunnel endpoint.
#
# This might be a prefix out of a subnetprefix.
tunnelprefix add 2001:db8:2ff::/48
# Prefixes where subnets come from, always a /40 each.
# Each individual subnet is always a /48.
subnetprefix add 2001:db8:3000::/40
subnetprefix add 2001:db8:4000::/40
# Command Line Interface (CLI) Access Control List
# Note: typically just loopback, and then allow access with a SSH tunnel
# otherwise, route the prefix over that SSH tunnel so that communications
# are encrypted
cliacl
reset
# Loopback access
add ::1
add 127.0.0.1
# Management host
add 2001:db8::179
add 192.168.0.179
end
end
# Tunnel Configuration
#
# tunnel set config <tid> <tunnel-id> <ipv4_them|heartbeat|ayiya> <up|disabled> <mtu> [<heartbeat_password>]
tunnel
set
# A proto-41 static tunnel to IPv4 172.16.1.1
# IPv6: <tunnelprefix>:0::1/64 (us) <tunnelprefix>:0::2/64 (them)
# IPv6: 2001:db8:2ff:0::1/64 (us) 2001:db8:2ff:0::2/64 (them), MTU 1480
config 0 T4141 172.16.1.1 up 1480
# An AYIYA tunnel, first packet sets the remote IPv4 address/port
# MTU 1428
# IPv6: <tunnelprefix>:1::1/64 (us) <tunnelprefix>:1::2/64 (them)
# IPv6: 2001:db8:2ff:1::1/64 (us) 2001:db8:2ff:1::2/64 (them)
config 1 T5072 ayiya up 1428 f3d47c2de40fb698e1ab15d757a09bfc
# A Heartbeat tunnel, first packet sets the remote IPv4 address/port
# MTU 1280
# IPv6: <tunnelprefix>:2::1/64 (us) <tunnelprefix>:2::2/64 (them)
# IPv6: 2001:db8:2ff::2:1/64 (us) 2001:db8:2ff:2::2/64 (them)
config 2 T3740 heartbeat up 1280 91915d757a09bfc94d5028832d85cc0d
# AYIYA, MTU 1280
# IPv6: <tunnelprefix>:2ae::1/64 (us) <tunnelprefix>:2ae::2/64 (them)
# IPv6: 2001:db8:2ff::2ae:1/64 (us) 2001:db8:2ff::2ae:2/64 (them)
config 2ae T18572 ayiya up 1280 8fd1ca39af3d47c2de40fb698e1abc9a
# AYIYA, MTU 1428
# IPv6: <tunnelprefix>:42c::1/64 (us) <tunnelprefix>:42c::2/64 (them)
# IPv6: 2001:db8:2ff:42c::1/64 (us) 2001:db8:2ff:42c::2/64 (them)
config 42c T84822 ayiya up 1280 eb293433ad7898bd67952f941f6fbea1
# A disabled tunnel
# IPv6: <tunnelprefix>:666::1/64 (us) <tunnelprefix>:666::2/64 (them)
# IPv6: 2001:db8:2ff:666::1/64 (us) 2001:db8:2ff:666::2/64 (them)
config 666 T84822 198.18.1.1 disabled 1280
end
end
# Subnet (Route) configuration
#
# subnet set config <prefix/prefixlen> <tunnel-id> {method:static}
# prefixlen should always be /48, larger prefixes should be broken up into disjunct /48s
# Subnet is always routed when the tunnel is active/up
subnet
set
# Route 2001:db8:3001::/48 to <tunnelprefix>:2ae::2, thus 2001:db8:2ff:2ae::2
config 2001:db8:3001::/48 2ae static
# Route 2001:db8:3001::/48 to <tunnelprefix>:2ae::2, thus 2001:db8:2ff:42::2
config 2001:db8:3002::/48 42c static
# Route 2001:db8:3003::/48 to <tunnelprefix>:0::2, thus 2001:db8:2ff::2
config 2001:db8:3003::/48 0 static
# Route 2001:db8:3004::/48 to <tunnelprefix>:1::2, thus 2001:db8:2ff:1::2
config 2001:db8:3004::/48 1 static
# Route 2001:db8:3055::/48 to <tunnelprefix>:2::2, thus 2001:db8:2ff:2::2
config 2001:db8:3055::/48 2 static
end
end
# Instruct the pop to normalize and save it's view of the config
pop saveconfig
# EOF