DN42网络是什么?
去中心化网络42(decentralized network 42,简称为 dn42,下略),是一个去中心化、端到端加密的网络,它通过使用 VPN 和软件/硬件的边界网关协议进行构建,但是与其它传统 VPN 不同的是,DN42 本身不提供 VPN 出口服务,即不提供规避网络审查、流媒体解锁等类似服务。相反,DN42 的目的是模拟一个互联网。它使用了大量在目前互联网骨干上应用的技术(例如 BGP 和递归 DNS),可以很好地模拟一个真实的网络环境。
Via Lan Tian’s Blog
### Why DN42
#### 路由实验
Participating in dn42 is primarily useful for learning routing technologies such as BGP, using a reasonably large network (> 1500 AS, > 1700 prefixes).
Since dn42 is very similar to the Internet, it can be used as a hands-on testing ground for new ideas, or simply to learn real networking stuff that you probably can’t do on the Internet (BGP multihoming, transit). The biggest advantage when compared to the Internet: if you break something in the network, you won’t have any big network operator yelling angrily at you.
#### 连接黑客空间
dn42 is also a great way to connect hacker spaces in a secure way, so that they can provide services to each other.
Have you ever wanted to SSH on your Raspberry Pi hosted at your local hacker space and had trouble doing so because of NAT? If your hacker space was using dn42, it could have been much easier…
Via Home (dn42.dev)
### Register DN42
#### 要求
- 拥有一台Linux虚拟机,Windows的话使用WSL即可
- 熟悉Linux命令,有一定的寄网(计算机网络寄础)基础
官网教程:https://dn42.dev/howto/Getting-Started
首先到 git 上申请一个账号(https://git.dn42.dev/user/sign_up),激活完成后,到这个仓库(https://git.dn42.dev/dn42/registry)fork一份到你本地上。
接着 clone 一份到本地。
git clone https://git.dn42.dev/icecliffs/registry.git
- 然后在
data/mntner
下新建一个[大写昵称]-MNT
的文件,抓到tony师傅惹。
内容为
mntner
:即maintainer(维护者)
,说明这个账户的名称,与文件名相同。admin-c
:即admin contact(管理员联系信息)
,需要指向后续创建的 person 文件,一般为[昵称]-DN42
。tech-c
:即tech contact(技术员联系信息)
,需要指向后续创建的 person 文件,一般也为[昵称]-DN42
。mnt-by
:即maintain by(由谁维护)
,指向这个账户本身,一般为[昵称]-MNT
。source
:固定为DN42
。auth
:你的个人认证信息。一般接受两种类型:GPG 公钥和 SSH 公钥。
Via DN42 实验网络介绍及注册教程
mntner: ICECLIFFS-MNT admin-c: ICECLIFFS-DN42 tech-c: ICECLIFFS-DN42 mnt-by: ICECLIFFS-MNT source: DN42 auth: pgp-fingerprint 0BE2C259A99AE5B767BC1A2CA3550E3691FF9467 auth: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPOEzWsohqYxXP+cgl7OFUMPr28IPF/nTErMHtOXS6ZV remarks: rYu1nser (IceCliffs) Hi :), My blog: https://iloli.moe
- 在
data/person
下新建一个[大写昵称]-DN42
的文件
内容为
person
:你的昵称。e-mail
:你的邮箱。contact
:可选,你的其它联系方式,例如 IRC、Telegram 等。nic-hdl
:NIC handle
,指向文件本身,与文件名相同,[昵称]-DN42
。mnt-by
:maintain by(由谁维护)
,由谁维护,指向你之前的 mntner 文件,[昵称]-MNT
。source
:固定为DN42
。
person: rYu1nser contact: iloli.moe contact: Telegram: @icecliffs contact: GitHub: @icecliffs contact: Twitter: @icecliffs nic-hdl: ICECLIFFS-DN42 mnt-by: ICECLIFFS-MNT pgp-fingerprint: 0BE2C259A99AE5B767BC1A2CA3550E3691FF9467 source: DN42 remarks: rYu1nser (IceCliffs) Hi :), My blog: https://iloli.moe
- 接着要分配一个 ASN编号 ,这里随便挑一个你喜欢的(范围:4242420000 – 4242423999),例如我的是
AS4242422291
截至 2022/12/3 00:00:00 应该还有这么多编号
aut-num: AS4242422291 as-name: ICECLIFFS-AS descr: I love this huge spider web, https://o;p;o/,pe. remarks: Twitter: @icecliiffs, Telegram: @icecliffs admin-c: ICECLIFFS-DN42 tech-c: ICECLIFFS-DN42 mnt-by: ICECLIFFS-MNT source: DN42
剩下的步骤我懒得写了,建议看lantian师傅的,我是照着他那个来做的()
指路🔜:DN42 实验网络介绍及注册教程(2022-06 更新) | Lan Tian @ Blog
我的IPv6:fd6d:acf4:0742::_48
我的IPv4:172.23.244.0/26
关于IP段,在这里可以找到dn42未分配的IP段,https://explorer.burble.com/free#/
我的PR,可以说是惨不忍睹惹 :D:https://git.dn42.dev/dn42/registry/pulls/2342
之后慢慢等,等他把你合并。
[NOTE] ## Scan Started at 2022-12-03 18:51:34 CHECK data/mntner/ICECLIFFS-MNT PASS MNTNERS: ICECLIFFS-MNT [NOTE] ## Scan Completed at 2022-12-03 18:51:38 [NOTE] ## Scan Started at 2022-12-03 18:51:38 [INFO] fd24:e2b2:ea31::/48 CHECK data/inet6num/fd24:e2b2:ea31::_48 PASS MNTNERS: ICECLIFFS-MNT CHECK data/route/172.23.244.0_26 PASS MNTNERS: ICECLIFFS-MNT CHECK data/inetnum/172.23.244.0_26 PASS MNTNERS: ICECLIFFS-MNT CHECK data/person/ICECLIFFS-DN42 PASS MNTNERS: ICECLIFFS-MNT CHECK data/mntner/ICECLIFFS-MNT PASS MNTNERS: ICECLIFFS-MNT CHECK data/route6/fd24:e2b2:ea31::_48 PASS MNTNERS: ICECLIFFS-MNT CHECK data/aut-num/AS4242422291 PASS MNTNERS: ICECLIFFS-MNT [NOTE] ## Scan Completed at 2022-12-03 18:51:40
[INFO] [[['@as-min', 'AS0000000001'], ['@as-max', 'AS4294967294'], ['as-block', 'AS1-AS4294967294'], ['mnt-by', 'DN42-MNT'], ['policy', 'closed']], [['@as-min', 'AS4242420000'], ['@as-max', 'AS4242423999'], ['as-block', 'A S4242420000-AS4242423999'], ['mnt-by', 'DN42-MNT'], ['policy', 'open']]] [NOTE] Policy is open for parent object POLICY ICECLIFFS-MNT aut-num AS4242422291 PASS [INFO] Checking inetnum type [INFO] ['fd24e2b2ea3100000000000000000000', 'fd24e2b2ea31ffffffffffffffffffff', '048'] [NOTE] Policy is open for parent object POLICY ICECLIFFS-MNT inet6num fd24:e2b2:ea31::/48 PASS [INFO] Checking inetnum type [INFO] ['00000000000000000000ffffac17f400', '00000000000000000000ffffac17f43f', '122'] [NOTE] Policy is open for parent object POLICY ICECLIFFS-MNT inetnum 172.23.244.0/26 PASS [NOTE] ICECLIFFS-MNT does not currently exist POLICY ICECLIFFS-MNT mntner ICECLIFFS-MNT PASS [NOTE] ICECLIFFS-DN42 does not currently exist POLICY ICECLIFFS-MNT person ICECLIFFS-DN42 PASS [INFO] Checking route type [INFO] ['00000000000000000000ffffac17f400', '00000000000000000000ffffac17f43f', '122'] [NOTE] Policy is open for parent object POLICY ICECLIFFS-MNT route 172.23.244.0/26 PASS [INFO] Checking route type [INFO] ['fd24e2b2ea3100000000000000000000', 'fd24e2b2ea31ffffffffffffffffffff', '048'] [NOTE] Policy is open for parent object POLICY ICECLIFFS-MNT route6 fd24:e2b2:ea31::/48 PASS
### 建立Peer
由于DN42是模拟一整个互联网,因此没有任何官方服务器供我们接入,我们需要自己接入一台服务器到DN42里边。
配置之前现在 sysctl.conf
里边加几条配置,https://dn42.dev/howto/networksettings
一定要关闭
rp_filter
并开启转发功能The first rule of dn42: Always disable
rp_filter
.The third rule of dn42: Allow ip forwarding!
记得一定要关掉防火墙,否则会出现一些不可抗力的事
net.ipv4.ip_forward=1 net.ipv6.conf.default.forwarding=1 net.ipv6.conf.all.forwarding=1 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.rp_filter=0
生效:sysctl -p
#### 寻找Peer节点
或者到其他人的博客/网站上看看有没有。
例如我的:
Name : ICECLIFFS-NET ASN : AS424242291 IPv4 : 172.23.244.0/26 IPv6 : fd24:e2b2:ea31::/48 ----------------------------------------- Nodes: > Japan, Asia: 172.244.0.1
#### 建立隧道
这里建议参考官方教程:https://dn42.dev/howto/wireguard
首先生成公私钥
wg genkey | tee privatekey | wg pubkey > publickey
如果出现命令未找到,这是因为你没安装 Wireguard
apt-get update apt-get install wireguard-tools wireguard-dkms
然后在 /etc/wireguard/
下改改配置
# tunnel.conf [Interface] PrivateKey = <自己的私钥> ListenPort = <本地UDP端口,ASN后5位> Table = Off PostUp = /bin/ip addr add <自己的DN42 IPv4地址> peer <对面的DN42 IPv4地址> dev %i [Peer] PublicKey = <对面的公钥> # at least one peer needs to provide this one Endpoint = <对面的IP和端口> # in theory this could be restricted to dn42 networks, # however it is easier to do this with iptables/bgp filters/routing table # instead just like for openvpn-based peerings AllowedIPs = 0.0.0.0/0,::/0
改后好直接 wg-quick up [配置文件]
即可,然后敲一下 wg
看看能不能成功连上,如果成功连上会显示 Transfer 字样
如果
#### 建立BGP会话
这里建议照着官网来做
安装
wget -O - http://bird.network.cz/debian/apt.key | apt-key add -
apt-get install lsb-release
echo "deb http://bird.network.cz/debian/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/bird.list
apt-get update
apt-get install bird2
建议直接套模板 https://wiki.dn42.us/howto/Bird2
Replace
<OWNAS>
with your autonomous system number, e.g.4242421234
Replace
<OWNIP>
with the ip that your router is going to have, this is usually the first non-zero ip in your subnet. (E.g. x.x.x.65 in an x.x.x.64/28 network)Similarly, replace
<OWNIPv6>
with the first non-zero ip in your ipv6 subnet.Then replace
<OWNNET>
with the IPv4 subnet that was assigned to you.The same goes for
<OWNNETv6>
, but it takes an IPv6 subnet (Who’d have thought).Keep in mind that you’ll have to enter both networks in the OWNNET{,v6} and OWNNETSET{,v6}, the two variables are required due to set parsing difficulties with variables.
然后按照上述替换一下(/etc/bird.conf
)
################################################ # Variable header # ################################################ define OWNAS = 4242422291; define OWNIP = 172.23.244.1; define OWNIPv6 = fd24:e2b2:ea31::6;; define OWNNET = 172.23.244.0/26; define OWNNETv6 = fd24:e2b2:ea31::/48; define OWNNETSET = [172.23.244.0/26+]; define OWNNETSETv6 = [fd24:e2b2:ea31::/48+]; ################################################ # Header end # ################################################
接着配置一下 ROA (Route Origin Authorization)
,这个一定要配好,可以写个 crontab
让他定时下载文件
The example config above relies on ROA configuration files in /etc/bird/roa_dn42{,_v6}.conf
. These should be automatically downloaded and updated every so often to prevent BGP highjacking, see the bird1 page for more details and links to the ROA files. Note: edit the links to replace roa_bird1 to say roa_bird2 if using the cron jobs listed on that page.
详见:https://wiki.dn42.us/howto/Bird#route-origin-authorization0
#### 设置Peers
Please note: This section assumes that you’ve already got a tunnel to your peering partner setup.
在这里新建个文件夹
# mkdir -p /etc/bird/peers
详见:https://wiki.dn42.us/howto/Bird2
全部配置好后启动Bird bird -c /etc/bird.conf
查看连接状态:birdc show protocol
### 图形化
https://dn42.jh0project.com/map
### 参考
https://miaotony.xyz/2021/03/25/Server_DN42
https://lantian.pub/article/modify-website/dn42-experimental-network-2020.lantian/
https://dn42.dev/howto/Registry-Authentication