Add peering reference (#523)

This commit is contained in:
Alexander Ivanov 2024-02-18 18:25:07 +08:00 committed by GitHub
parent bb74dd1126
commit 92365d477c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -13,12 +13,11 @@ file.
Example in `yggdrasil.conf`: Example in `yggdrasil.conf`:
``` ```
Peers: Peers: [
[
tcp://a.b.c.d:e tcp://a.b.c.d:e
tcp://d.c.b.a:e tls://d.c.b.a:e
tcp://[a:b:c::d]:e tcp://[a:b:c::d]:e
tcp://[d:c:b::a]:e tls://[d:c:b::a]:e
] ]
``` ```
@ -30,20 +29,30 @@ page to find public peers that are online.
Always try to pick peers that are as close to you geographically as possible, as Always try to pick peers that are as close to you geographically as possible, as
this will keep the latency of the network down. this will keep the latency of the network down.
If you are using a home connection then you should avoid peering with any nodes If you are using a home connection, then you should avoid peering with any nodes
that are far away, as you may end up carrying traffic for the rest of the that are far away, as you may end up carrying traffic for the rest of the
network. network.
For normal usage, you probably only need 2 or 3 peers. For normal usage, you probably only need 2 or 3 peers.
### TLS peers ### Peering reference
URI format: `[protocol]://[host]:[port]?[options]`
As of Yggdrasil v0.3.11, peering connections over TLS are now possible. This hides **Available protocols:**
the peering connection inside a regular TLS session, which can help in some cases - Cleartext TCP: `tcp://`
where firewalls or deep packet inspection may identify or block regular Yggdrasil - TLS: `tls://`
peering traffic. - TCP over SOCKS5: `socks://[proxyhost]:[proxyport]/[host]:[port]`
- UNIX sockets: `unix://`
- QUIC (v0.5.0+): `quic://`
- TLS over SOCKS5 (v0.5.2+): `sockstls://[proxyhost]:[proxyport]/[host]:[port]`
TLS public peers are identified by the prefix `tls://` instead of `tcp://`. Yggdrasil supports basic authentication for SOCKS5 using credentials in the URI like this:
Note that, due to the additional layer of encryption, performance via TLS peers `socks://[username]:[password]@[proxyhost]:[proxyport]/[host]:[port]`
may be slightly worse than via regular `tcp://` peers.
**Query options:**
- Public-key authentication: `?key=[publickey]` (can have multiple values)
- Custom SNI (for TLS/QUIC): `?sni=[domain]` (default is host if it's domain)
- Same-peer link priority: `?priority=[integer]` (default is 0, maximum 254 for lowest priority)
- Password authentication (v0.5.0+): `?password=[string]` (length up to 64 characters)
- Maximum back-off time (v0.5.5+): `?maxbackoff=[seconds]` (supports duration values like 5m, 1h etc)