-
Notifications
You must be signed in to change notification settings - Fork 21
Editing ClientConf
A edited this page Nov 12, 2024
·
7 revisions
The ClientConf contains information on what public keys to use, decoy sites are available (for Tapdance or Conjure decoy registrar), and what phantom subnets to use and their respective weights. There is a util in the gotapdance repository that will let you view/edit a ClientConf in gotapdance/tools/clientconf.
E.g. ./clientconf -f ../../assets/ClientConf.dev
will show:
Generation: 1120
Default Pubkey: 8c34e2362f33707ff4b001f31302b1968fe8d67fb8843ee11c60df61b9e17609
Conjure Pubkey: 8c34e2362f33707ff4b001f31302b1968fe8d67fb8843ee11c60df61b9e17609
Decoy List: 6 decoys
0:
tapdance1.freeaeskey.xyz (192.122.190.104 / [<nil>])
1:
tapdance2.freeaeskey.xyz (192.122.190.105 / [<nil>])
2:
tapdance3.freeaeskey.xyz (192.122.190.106 / [<nil>])
3:
decoy2.refraction.network (192.122.190.105 / [<nil>])
4:
decoy2.refraction.network (0.0.0.0 / [2001:48a8:687f:1::105])
5:
decoy1.refraction.network (192.122.190.126 / [<nil>])
Phantom Subnets List:
weight: 9, support random port: true, subnets:
0: 192.122.190.0/24
1: 2001:48a8:687f:2::/64
weight: 1, support random port: true, subnets:
2: 141.219.0.0/16
3: 35.8.0.0/16
DNS registrar:
method: UDP
target:
domain: r.refraction.network
pubkey:
utls:
stun:
- When adding new subnets to a new ClientConf, use the template
subnet-file-template
in the decoy-lists repository (https://github.com/refraction-networking/decoy-lists) as the argument to-subnet-file
- Ensure that the new ClientConf has a unique generation number (typically incremented from the past)
- Add the ClientConf to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists/tree/master/generations) and update the NOTES file with the relevant change log (e.g. "Added new subnet for ISP X")
- Add the
phantom_subnets.toml
to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists/tree/master/phantom_subnets.toml). Note that the format is based on, but slightly different from the-subnet-file
provided to theclientconf
tool originally: it contains the generation number in the hierarchy (e.g.Networks.1166
). The newphantom_subnets.toml
can be created using clientconf tool in gotapdance via-append-toml-path
- Add the ClientConf to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists) as current_decoys.blob
- Use the clientconf tool from gotapdance to print decoys to a file and add it to https://github.com/refraction-networking/decoy-lists) as current_decoys.txt
- On each station, update the
phantom_subnets.toml
file (pointed to by conjure.conf, typically in /var/lib/conjure). Restart each application to load the new configuration - Update the
ClientConf
andphantom_subnets.toml
files on each registration server (e.g. in /var/lib/conjure on reg1.refraction.network, reg2.refraction.network) - Update the
ClientConf
andphantom_subnets.toml
files on the registrations tracker server (under /var/lib/conjure/) - Update the
reg_config.toml
'sbidirectional_api_generation =
to the latest generation (e.g. the one you just added) on each registration server - Restart each registration server. This will start serving the new ClientConf to users
- Confirm the new ClientConf is being used in Kibana ("Conjure client tunnel count by generation")