diff --git a/README.md b/README.md index 3bca5dc..6025444 100644 --- a/README.md +++ b/README.md @@ -13,12 +13,11 @@ file. Example in `yggdrasil.conf`: ``` -Peers: -[ +Peers: [ tcp://a.b.c.d:e - tcp://d.c.b.a:e + tls://d.c.b.a:e tcp://[a:b:c::d]:e - tcp://[d:c:b::a]:e + tls://[d:c:b::a]:e ] ``` @@ -30,20 +29,28 @@ page to find public peers that are online. Always try to pick peers that are as close to you geographically as possible, as this will keep the latency of the network down. -If you are using a home connection then you should avoid peering with any nodes +If you are using a home connection, then you should avoid peering with any nodes that are far away, as you may end up carrying traffic for the rest of the network. For normal usage, you probably only need 2 or 3 peers. -### TLS peers +### Peering reference +URI format: `[protocol]://[host]:[port]?[options]` -As of Yggdrasil v0.3.11, peering connections over TLS are now possible. This hides -the peering connection inside a regular TLS session, which can help in some cases -where firewalls or deep packet inspection may identify or block regular Yggdrasil -peering traffic. +**Available protocols:** +- Cleartext TCP: `tcp://` +- TLS: `tls://` +- TCP over SOCKS5: `socks://` +- UNIX sockets: `unix://` +- QUIC (v0.5.0+): `quic://` +- TLS over SOCKS5 (v0.5.2+): `sockstls://` -TLS public peers are identified by the prefix `tls://` instead of `tcp://`. +Yggdrasil supports basic authentication for SOCKS5 using credentials in the URI like this: `socks://user:password@host` -Note that, due to the additional layer of encryption, performance via TLS peers -may be slightly worse than via regular `tcp://` peers. +**Query options:** +- Public-key authentication: `?key=[publickey]` (can have multiple values) +- Custom SNI (for TLS/QUIC): `?sni=[domain]` (default is host if it's domain) +- Same-peer link priority: `?priority=[integer]` (default is 0, maximum 254 for lowest priority) +- Password authentication (v0.5.0+): `?password=[string]` (length up to 64 characters) +- Maximum back-off time (v0.5.5+): `?maxbackoff=[seconds]` (supports duration values like 5m, 1h etc)