RiVPN-manual

Settings for RiVPN to access the Internet from a remote server via the RiV-mesh/Yggdrasil network.

The first thing to do is to install RiVPN on your PC and on the remote server. We will skip that in this tutorial.

Configuration of a Windows PC

:black_square_button: 1. Go to: C:\ProgramData\RiV-mesh.

Open file mesh.conf with any text editor and copy the public key of our PC to the clipboard.

# Your public key. Your peers may ask you for this to put
  # into their AllowedPublicKeys configuration.
  PublicKey: your public key here

:black_square_button: 2. On the remote server, go to /etc/mesh.conf.

Open the file and copy the PublicKey of the server, it is located in the same block as the first step

:black_square_button: 3. Back to the Windows PC

In the config file mesh.conf, scroll to the very bottom to the block FeaturesConfig.

Here starts the fun part :)

Copy this block and paste it into your config, edit it under your PublicKey `` values

FeaturesConfig:
  {
    TunnelRouting:
    {
      # Enable or disable tunnel routing.
      Enable: true

      # IPv6 subnets belonging to remote nodes, mapped to the node's public
      # key, e.g. { "aaaa:bbbb:cccc::/e": "boxpubkey", ... }
      IPv6RemoteSubnets: {}

      # IPv4 subnets belonging to remote nodes, mapped to the node's public
      # key, e.g. { "a.b.c.d/e": "boxpubkey", ... }
      IPv4RemoteSubnets:
      {
      # Example: "0.0.0.0/0": 0000205555011e30fc72d3d6220e316cf2fce7ddadd63935ab58511f383c1bb4
        "0.0.0.0/0": the PublicKey of your remote server, which we already copied in step 2. 
      }
    }
  }

Save the config via a text editor and in the task manager stop the ``Mesh'' service with the description of the RiV-mesh Service

:black_square_button: 4. Edit the registry

Open the registry editor by pressing Win + R and type regedit there, then press enter and enter the registry editor

In the registry editor, go to Computer/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters in which we are interested in the option IPEnableRouter.

Set the value of this parameter to 0 and press OK to apply the changes

This completes configuring RiVPN client mode under Windows OS.

Remote server configuration

:black_square_button: 1. Configure the FeaturesConfig block

Before configuring it, you need to know the IPv4 address given by RiVPN on a Windows PC. To do this, go to cmd and enter there the command ipconfig, search for the RiVPN interface and copy the IPv4 address, which starts with 10.x.x.x in my example is 10.145.145.145

If you see an IPv4 address that has a 0 at the end, such as 10.145.145.0, 10.145.145.10 you will need to change your public and private key on the PC, this can be done through the yggdrasil IP address miner - https://notabug.org/acetone/SimpleYggGen-CPP This is a bug in RiVPN at the time of writing this tutorial, it will be fixed later.

In this block on the server side you need to insert this piece of configuration:

FeaturesConfig:
  {
    TunnelRouting:
    {
      # Enable or disable tunnel routing.
      Enable: true

      # IPv6 subnets belonging to remote nodes, mapped to the node's public
      # key, e.g. { "aaaa:bbbb:cccc::/e": "boxpubkey", ... }
      IPv6RemoteSubnets: {}

      # IPv4 subnets belonging to remote nodes, mapped to the node's public
      # key, e.g. { "a.b.c.d/e": "boxpubkey", ... }
      IPv4RemoteSubnets: {
      "10.145.145.145/32": PublicKey of your Windows PC
    }
    }
  }

Save the file and stop the service with the command service mesh stop.

:black_square_button: 2. Setting up iptables

In order to connect to the internet through a remote server we need to configure NAT. For this purpose we run following commands:

$ ufw route allow in on tun0 out on eth0
$ iptables -A FORWARD -o ens3 -i tun0 -s 10.145.145.145/32 -m conntrack --ctstate NEW -j ACCEPT
$ iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$ iptables -t nat -F POSTROUTING
$ iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
$ netfilter-persistent save

:black_square_button: 3. Switching on the forwarding

Open the config at the path /etc/sysctl.conf, scroll to the bottom and add a line with this content: net.ipv4.ip_forward=1.

After that, save the file and apply the changes with sudo sysctl -p.

This completes the configuration, start the RiVPN service.

:black_square_button: 4. Port forwarding (optional)

$ iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 80 -j DNAT --to-destination 10.145.145.145