Relay configuration

Every connection between relays is bidirectional and symmetric once established.

But how these connections are configured is not symmetric. There is a distinction between accepting a connection from a peer passively, and contacting a peer actively.

This is reflected in the configuration file, where the in_routes mapping specifies ways to accept incoming connections, while the out_routes mapping specifies specific outgoing connections.

/etc/earendil/config.yaml

identity: /etc/earendil/identity.asc
state_cache: /etc/earendil/state_cache.db

# listeners for incoming connections
in_routes:
    main_udp:
        protocol: obfsudp
        listen: 0.0.0.0:19999
        secret: correct horse battery staple
    main_http:
        protocol: http-longpoll
        listen: 0.0.0.0:19998
        path: /correct/horse/battery/staple
        tls:
            domain: laboo.example.com
            certificate: autoconf
            
# list of all outgoing connections
out_routes:
    alice:
        fingerprint: KCKUhWZfluAzMzwiw721CNrvyhc
        protocol: obfsudp
        connect: 100.1.2.3:18232
        cookie: d9aeca8eb2517c18ecf6f24769161be7049187a38c7c8a3391896d502b9bc462
    bob:
        fingerprint: eveIb0XRU8gULsiYxPBa1aUqjy0
        protocol: http-longpoll
        connect: https://nala-goosha.example.com/correct/horse/battery/staple
        tls-fingerprint-seed: helloworld

Currently, two relays cannot simultaneously specify the other in their out_routes. We may change this in the future.

Last updated 1 year ago

Relay configuration

Every connection between relays is bidirectional and symmetric once established.

But how these connections are configured is not symmetric. There is a distinction between accepting a connection from a peer passively, and contacting a peer actively.

This is reflected in the configuration file, where the in_routes mapping specifies ways to accept incoming connections, while the out_routes mapping specifies specific outgoing connections.

/etc/earendil/config.yaml

identity: /etc/earendil/identity.asc
state_cache: /etc/earendil/state_cache.db

# listeners for incoming connections
in_routes:
    main_udp:
        protocol: obfsudp
        listen: 0.0.0.0:19999
        secret: correct horse battery staple
    main_http:
        protocol: http-longpoll
        listen: 0.0.0.0:19998
        path: /correct/horse/battery/staple
        tls:
            domain: laboo.example.com
            certificate: autoconf
            
# list of all outgoing connections
out_routes:
    alice:
        fingerprint: KCKUhWZfluAzMzwiw721CNrvyhc
        protocol: obfsudp
        connect: 100.1.2.3:18232
        cookie: d9aeca8eb2517c18ecf6f24769161be7049187a38c7c8a3391896d502b9bc462
    bob:
        fingerprint: eveIb0XRU8gULsiYxPBa1aUqjy0
        protocol: http-longpoll
        connect: https://nala-goosha.example.com/correct/horse/battery/staple
        tls-fingerprint-seed: helloworld

Currently, two relays cannot simultaneously specify the other in their out_routes. We may change this in the future.

Last updated 1 year ago