Skip to content

Editing ClientConf

A edited this page Nov 12, 2024 · 7 revisions

Overview

The ClientConf contains information on what public keys to use, decoy sites are available (for Tapdance or Conjure decoy registrar), and what phantom subnets to use and their respective weights. There is a util in the gotapdance repository that will let you view/edit a ClientConf in gotapdance/tools/clientconf.

E.g. ./clientconf -f ../../assets/ClientConf.dev will show:

Generation: 1120
Default Pubkey: 8c34e2362f33707ff4b001f31302b1968fe8d67fb8843ee11c60df61b9e17609
Conjure Pubkey: 8c34e2362f33707ff4b001f31302b1968fe8d67fb8843ee11c60df61b9e17609
Decoy List: 6 decoys
0:
  tapdance1.freeaeskey.xyz (192.122.190.104 / [<nil>])
1:
  tapdance2.freeaeskey.xyz (192.122.190.105 / [<nil>])
2:
  tapdance3.freeaeskey.xyz (192.122.190.106 / [<nil>])
3:
  decoy2.refraction.network (192.122.190.105 / [<nil>])
4:
  decoy2.refraction.network (0.0.0.0 / [2001:48a8:687f:1::105])
5:
  decoy1.refraction.network (192.122.190.126 / [<nil>])

Phantom Subnets List:

weight: 9, support random port: true, subnets:
 0: 192.122.190.0/24
 1: 2001:48a8:687f:2::/64

weight: 1, support random port: true, subnets:
 2: 141.219.0.0/16
 3: 35.8.0.0/16
DNS registrar:
  method: UDP
  target: 
  domain: r.refraction.network
  pubkey: 
  utls:   
  stun:   

Updating the ClientConf

  1. When adding new subnets to a new ClientConf, use the template subnet-file-template in the decoy-lists repository (https://github.com/refraction-networking/decoy-lists) as the argument to -subnet-file
  2. Ensure that the new ClientConf has a unique generation number (typically incremented from the past)
  3. Add the ClientConf to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists/tree/master/generations) and update the NOTES file with the relevant change log (e.g. "Added new subnet for ISP X")
  4. Add the phantom_subnets.toml to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists/tree/master/phantom_subnets.toml). Note that the format is based on, but slightly different from the -subnet-file provided to the clientconf tool originally: it contains the generation number in the hierarchy (e.g. Networks.1166). The new phantom_subnets.toml can be created using clientconf tool in gotapdance via -append-toml-path
  5. Add the ClientConf to the decoy-lists repository (https://github.com/refraction-networking/decoy-lists) as current_decoys.blob
  6. Use the clientconf tool from gotapdance to print decoys to a file and add it to https://github.com/refraction-networking/decoy-lists) as current_decoys.txt
  7. On each station, update the phantom_subnets.toml file (pointed to by conjure.conf, typically in /var/lib/conjure). Restart each application to load the new configuration
  8. Update the ClientConf and phantom_subnets.toml files on each registration server (e.g. in /var/lib/conjure on reg1.refraction.network, reg2.refraction.network)
  9. Update the ClientConf and phantom_subnets.toml files on the registrations tracker server (under /var/lib/conjure/)
  10. Update the reg_config.toml's bidirectional_api_generation = to the latest generation (e.g. the one you just added) on each registration server
  11. Restart each registration server. This will start serving the new ClientConf to users
  12. Confirm the new ClientConf is being used in Kibana ("Conjure client tunnel count by generation")