Sign up for free AWS account: http://aws.amazon.com/free/
Once account is made and a phone call verifies your identity, a $1 test-charge will go to your credit card.
It is just a verification. The charges won't actually remain and will time off your account in a few days (the time varies depending on the card issuer). Amazon puts it through in a way that puts a "hold" on that amount, but it never gets processed as a payment and the hold eventually expires.
Go to the EC2 tab: https://console.aws.amazon.com/ec2/home
Choose your favorite Region from the Navigation bar on the left.
Click Launch Instance. Give it these details:
instance name = CJDNS
key pair name = myhosts
Amazon Linux 64 bit
Click Download and save your myhosts.pem file. Then click Continue.
Click Edit Details
Click Security Settings > Security Groups
Click the radio button for Create new Security Group
Group name: CJDNS
Description: CJDNS UDP port
Click Create
Make a new rule- find SSH in the drop down list
Source: 0.0.0.0/0
Click Add Rule. Leave all the other defaults, click Save Details then click Launch
Back at the EC2 Dashboard, click Refresh under My Resources. Then click Running Instances. Verify it's running.
Amazon's documentation: http://docs.amazonwebservices.com/AWSEC2/latest/GettingStartedGuide/ConnectToInstanceLinux.html
If you're using linux, you can use these commands:
chmod 400 myhosts.pem
ssh -i myhosts.pem ec2-user@ec2-72-44-44-42.compute-1.amazonaws.com
IMO, the best SSH client, SecureCRT 6.2 and above:
Support for Amazon EC2 keys has been implemented in SecureCRT 6.5 beta 2 and later.
To use the Amazon EC2 private key:
1. Create an SSH2 session
2. Specify PublicKey as the authentication method in Session Options / SSH2
3. Set the Amazon EC2 key as the private key to use for the session
a. Select PublicKey in Session Options / SSH2
b. Click the Properties button
c. Select Use session public key setting
d. Browse to or enter the path to the EC2 private key in the entry box under Use identity or certificate file
4. Connect to the EC2 server
Putty is a free SSH client for Windows, but you need to convert the key first:
Use puttygen.exe to convert myhosts.pem to myhost.ppk
- click Converstions > Import key
- click Save private key, name it myhosts.ppk
Open Putty:
Under Session, find the Host Name field and enter:
ec2-72-44-44-42.compute-1.amazonaws.com
Scroll down to Connection, SSH, Auth. Click Browse and point it to your myhosts.ppk file
Under Session (again), Click in Saved Sessions, where you can type and give it a name like "EC2". Then click Save
Click Open. When prompted, the username is ec2-user
Or skip this step and get the AWS cjroute binary: http://path.to/cjdroute-aws
Once you're logged via SSH in to a brand-new EC2 Linux instance, issue these commands:
sudo su
yum install -y git
yum install -y gcc
yum install -y g++
yum install -y make
yum install -y cmake
yum update
exit
- Get the latest source code for CJDNS
- Make a build directory
- Get/install a compatible version of cmake (AWS comes with 2.6.4)
- Get/install libevent2 which CJDNS needs
- Make CJDNS, move the binary to your home directory
The commands to do this:
git clone https://github.com/cjdelisle/cjdns.git cjdns
cd cjdns/build
wget http://www.cmake.org/files/v2.8/cmake-2.8.2-Linux-i386.tar.gz
tar -xf cmake-2.8.2-Linux-i386.tar.gz
chmod 755 cmake-2.8.2-Linux-i386/bin/*
sudo cp cmake-2.8.2-Linux-i386/bin/* /usr/bin/
sudo cp -R cmake-2.8.2-Linux-i386/doc/* /usr/share/doc/
sudo cp -R cmake-2.8.2-Linux-i386/man/* /usr/share/man/
sudo cp -R cmake-2.8.2-Linux-i386/share/* /usr/share/
wget https://github.com/downloads/libevent/libevent/libevent-2.0.16-stable.tar.gz
tar -xzf libevent-2.0.16-stable.tar.gz
cd libevent-2.0.16-stable
./configure
make
sudo make install
cd ..
cmake ..
make
mv cjdroute ~
cd ~
./cjdroute --genconf > cjdroute.conf
Edit cjdroute.conf to add your peers. Give your new peer your public key) Now run it:
sudo su -c "./cjdroute < cjdroute.conf >> cjdroute.log & ./cjdroute --getcmds < cjdroute.conf | bash"
If you want to have incoming conections, you'll have to open a port to allow incoming traffic. First, find your public IP:
curl whatismyip.org;echo ""
Remember that number. It should be something like 72.44.44.42
Then edit your config:
nano -c cjdroute.conf
Line 28 should look like "your.external.ip.goes.here:12345":.
12345, or whatever number, is randomly generated just for you to avoid easy blocking of CJDNS. This is your UDP port number. Make Line 28 look like "72.44.44.42:12345":.
Go back to https://console.aws.amazon.com/ec2/home?region=us-east-1#s=SecurityGroups
Click on `Security Groups`, find group `CJDNS`
Make a new Custom UDP rule
Port range: `12345`
Source: `0.0.0.0/0`
Click Add Rule
Now you're ready to edit your CJDNS configuration to allow incoming peers.
In order to get into the network you need to meet someone who is also in the network and connect to them. This is required for a number of reasons:
- It is a preventitive against abuse because bad people will be less likely to abuse a system after they were, in an act of human kindness, given access to that system.
- This is not intended to overlay The Old Internet, it is intended to replace it. Each connection will in due time be replaced by a wire, a fiber optic cable, or a wireless network connection.
- In any case of a disagreement, there will be a "chain of friends" linking the people involved so there will already be a basis for coming to a resolution.
tl;dr Get out and make some human contact once in a while!
You can meet people to peer with in the IRC channel:
irc://irc.EFNet.org/#cjdns
http://chat.efnet.org:9090/?channels=%23cjdns&Login=Login
This is the main page: https://github.com/cjdelisle/cjdns/
Peering is client to server, then they talk bidirectionally. So it's really good at getting out of firewalls as long as the jailed client can access the remote server's IP/port.
Client's IP is 1.2.3.4. The config would look like:
"interfaces":
{
// The interface which connects over UDP/IP based VPN tunnel.
"UDPInterface":
{
// Bind to this port.
"bind": "0.0.0.0:32821",
// Nodes to connect to.
"connectTo":
{
// Add connection credentials here to join the network
//Somebody's Server
"5.6.7.8:37291":
{
"password": "newFriend-1234",
"authType": 1,
"publicKey": "5678.k",
"trust": 10000
}
}
}
},
Server's IP is 5.6.7.8. Server's NAT Gateway needs to forward port 37291 to the actual server. Server config:
"authorizedPasswords":
[
// Allow anybody to connect with this password
{
"password": "default-promiscious",
"authType": 1,
"trust": 5000
}
// My new friend only can use this key
{
"password": "newFriend-1234",
"authType": 1,
"publicKey": "1234.k",
"trust": 10000
}
],
The flow for server's GW looks like:
server@JUNOS> show security flow session destination-port 37291
Session ID: 46035, Policy name: default-deny/6, Timeout: 58, Valid
In: 1.2.3.4/42726 --> 5.6.7.8/37291;udp, If: ge-0/0/7.0, Pkts: 168, Bytes: 37416
Out: 192.168.42.229/37291 --> 1.2.3.4/42726;udp, If: ge-0/0/0.0, Pkts: 59, Bytes: 10318
Total sessions: 1
... where ge-0/0/0 is facing the server and ge-0/0/7 is facing the Internet.
This is accurate as of 2012-02-01.