235 lines
7.3 KiB
INI
235 lines
7.3 KiB
INI
[router]
|
|
# Configuration for routing activity.
|
|
|
|
|
|
# Network ID; this is 'lokinet' for mainnet, 'gamma' for testnet.
|
|
#netid=lokinet
|
|
|
|
# Minimum number of routers lokinet will attempt to maintain connections to.
|
|
#min-connections=4
|
|
|
|
# Maximum number (hard limit) of routers lokinet will be connected to at any time.
|
|
#max-connections=6
|
|
|
|
# Optional directory for containing lokinet runtime data. This includes generated
|
|
# private keys.
|
|
#data-dir=/var/lib/lokinet
|
|
|
|
# The number of threads available for performing cryptographic functions.
|
|
# The minimum is one thread, but network performance may increase with more.
|
|
# threads. Should not exceed the number of logical CPU cores.
|
|
# 0 means use the number of logical CPU cores detected at startup.
|
|
#worker-threads=0
|
|
|
|
|
|
[network]
|
|
# Network settings
|
|
# Snapp settings
|
|
|
|
|
|
# Public key of a router which will act as a pinned first-hop. This may be used to
|
|
# provide a trusted router (consider that you are not fully anonymous with your
|
|
# first hop).
|
|
#strict-connect=
|
|
|
|
# The private key to persist address with. If not specified the address will be
|
|
# ephemeral.
|
|
#keyfile=
|
|
|
|
# Set the endpoint authentication mechanism.
|
|
# none/whitelist/lmq
|
|
#auth=
|
|
|
|
# lmq endpoint to talk to for authenticating new sessions
|
|
# ipc:///var/lib/lokinet/auth.socket
|
|
# tcp://127.0.0.1:5555
|
|
#auth-lmq=
|
|
|
|
# lmq function to call for authenticating new sessions
|
|
# llarp.auth
|
|
#auth-lmq-method=llarp.auth
|
|
|
|
# manually add a remote endpoint by .loki address to the access whitelist
|
|
#auth-whitelist=
|
|
|
|
# Determines whether we will publish our snapp's introset to the DHT.
|
|
#reachable=1
|
|
|
|
# Number of hops in a path. Min 1, max 8.
|
|
#hops=4
|
|
|
|
# Number of paths to maintain at any given time.
|
|
#paths=6
|
|
|
|
# Whether or not we should act as an exit node. Beware that this increases demand
|
|
# on the server and may pose liability concerns. Enable at your own risk.
|
|
#exit=0
|
|
|
|
# When in exit mode announce we allow a private range in our introsetexmaple:
|
|
# owned-range=10.0.0.0/24
|
|
#owned-range=
|
|
|
|
# List of ip traffic whitelist, anything not specified will be dropped by us.examples:
|
|
# tcp for all tcp traffic regardless of port
|
|
# 0x69 for all packets using ip protocol 0x69udp/53 for udp port 53
|
|
# tcp/smtp for smtp port
|
|
#traffic-whitelist=
|
|
|
|
# Specify a `.loki` address and an optional ip range to use as an exit broker.
|
|
# Example:
|
|
# exit-node=whatever.loki # maps all exit traffic to whatever.loki
|
|
# exit-node=stuff.loki:100.0.0.0/24 # maps 100.0.0.0/24 to stuff.loki
|
|
#exit-node=
|
|
|
|
# Specify an optional authentication code required to use a non-public exit node.
|
|
# For example:
|
|
# exit-auth=myfavouriteexit.loki:abc
|
|
# uses the authentication code `abc` whenever myfavouriteexit.loki is accessed.
|
|
# Can be specified multiple time to store codes for different exit nodes.
|
|
#exit-auth=
|
|
|
|
# Interface name for lokinet traffic. If unset lokinet will look for a free name
|
|
# lokinetN, starting at 0 (e.g. lokinet0, lokinet1, ...).
|
|
#ifname=
|
|
|
|
# Local IP and range for lokinet traffic. For example, 172.16.0.1/16 to use
|
|
# 172.16.0.1 for this machine and 172.16.x.y for remote peers. If omitted then
|
|
# lokinet will attempt to find an unused private range.
|
|
#ifaddr=
|
|
|
|
# For all ipv6 exit traffic you will use this as the base address bitwised or'd with the v4 address in use.
|
|
# To disable ipv6 set this to an empty value.
|
|
# !!! WARNING !!! Disabling ipv6 tunneling when you have ipv6 routes WILL lead to de-anonymization as lokinet will no longer carry your ipv6 traffic.
|
|
#ip6-range=fd00::
|
|
|
|
# Map a remote `.loki` address to always use a fixed local IP. For example:
|
|
# mapaddr=whatever.loki:172.16.0.10
|
|
# maps `whatever.loki` to `172.16.0.10` instead of using the next available IP.
|
|
# The given IP address must be inside the range configured by ifaddr=
|
|
#mapaddr=
|
|
|
|
# Adds a lokinet relay `.snode` address to the list of relays to avoid when
|
|
# building paths. Can be specified multiple times.
|
|
#blacklist-snode=
|
|
|
|
# Specify SRV Records for services hosted on the SNApp
|
|
# for more info see https://docs.loki.network/Lokinet/Guides/HostingSNApps/
|
|
# srv=_service._protocol priority weight port target.loki
|
|
#srv=
|
|
|
|
# time in seconds how long to wait for a path to align to pivot routers
|
|
# if not provided a sensible default will be used
|
|
#path-alignment-timeout=
|
|
|
|
# persist mapped ephemeral addresses to a file
|
|
# on restart the mappings will be loaded so that ip addresses will not be mapped to a different address
|
|
#persist-addrmap-file=/var/lib/lokinet/addrmap.dat
|
|
|
|
|
|
[paths]
|
|
# path selection algorithm options
|
|
|
|
|
|
# Netmask for router path selection; each router must be from a distinct IP subnet of the given size.
|
|
# E.g. 16 ensures that all routers are using distinct /16 IP addresses.
|
|
#unique-range-size=32
|
|
|
|
|
|
[dns]
|
|
# DNS configuration
|
|
|
|
|
|
# Upstream resolver(s) to use as fallback for non-loki addresses.
|
|
# Multiple values accepted.
|
|
upstream=10.64.0.1
|
|
|
|
# Address to bind to for handling DNS requests.
|
|
bind=127.3.2.1:53
|
|
# Add a hosts file to the dns resolver
|
|
# For use with client side dns filtering
|
|
#add-hosts=
|
|
|
|
# Can be uncommented and set to 1 to disable resolvconf configuration of lokinet DNS.
|
|
# (This is not used directly by lokinet itself, but by the lokinet init scripts
|
|
# on systems which use resolveconf)
|
|
#no-resolvconf=
|
|
|
|
|
|
[bind]
|
|
# This section specifies network interface names and/or IPs as keys, and
|
|
# ports as values to control the address(es) on which Lokinet listens for
|
|
# incoming data.
|
|
#
|
|
# Examples:
|
|
#
|
|
# eth0=1090
|
|
# 0.0.0.0=1090
|
|
# 1.2.3.4=1090
|
|
#
|
|
# The first bind to port 1090 on the network interface 'eth0'; the second binds
|
|
# to port 1090 on all local network interfaces; and the third example binds to
|
|
# port 1090 on the given IP address.
|
|
#
|
|
# If a private range IP address (or an interface with a private IP) is given, or
|
|
# if the 0.0.0.0 all-address IP is given then you must also specify the
|
|
# public-ip= and public-port= settings in the [router] section with a public
|
|
# address at which this router can be reached.
|
|
# Typically this section can be left blank: if no inbound bind addresses are
|
|
# configured then lokinet will search for a local network interface with a public
|
|
# IP address and use that (with port 1090).
|
|
|
|
|
|
# Specify a source port for **outgoing** Lokinet traffic, for example if you want to
|
|
# set up custom firewall rules based on the originating port. Typically this should
|
|
# be left unset to automatically choose random source ports.
|
|
#*=0
|
|
|
|
|
|
[api]
|
|
# JSON API settings
|
|
|
|
|
|
# Determines whether or not the LMQ JSON API is enabled. Defaults
|
|
#enabled=1
|
|
|
|
# IP address and port to bind to.
|
|
# Recommend localhost-only for security purposes.
|
|
#bind=tcp://127.0.0.1:1190
|
|
|
|
|
|
[bootstrap]
|
|
# Configure nodes that will bootstrap us onto the network
|
|
|
|
|
|
# Whether or not to run as a seed node. We will not have any bootstrap routers configured.
|
|
#seed-node=0
|
|
|
|
# Specify a bootstrap file containing a signed RouterContact of a service node
|
|
# which can act as a bootstrap. Can be specified multiple times.
|
|
#add-node=
|
|
|
|
|
|
[logging]
|
|
# logging settings
|
|
|
|
|
|
# Log type (format). Valid options are:
|
|
# file - plaintext formatting
|
|
# json - json-formatted log statements
|
|
# syslog - logs directed to syslog
|
|
#type=file
|
|
|
|
# Minimum log level to print. Logging below this level will be ignored.
|
|
# Valid log levels, in ascending order, are:
|
|
# trace
|
|
# debug
|
|
# info
|
|
# warn
|
|
# error
|
|
#level=warn
|
|
|
|
# When using type=file this is the output filename. If given the value 'stdout' or
|
|
# left empty then logging is printed as standard output rather than written to a
|
|
# file.
|
|
#file=
|