From f3533e9912926e9cdab96c3d9cdc9212473add6b Mon Sep 17 00:00:00 2001 From: Jeff Date: Sat, 6 Aug 2022 09:58:20 -0400 Subject: [PATCH] add initial high level usage docs --- docs/ideal-ux.md | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/docs/ideal-ux.md b/docs/ideal-ux.md index 2050892d5..e0706d2f9 100644 --- a/docs/ideal-ux.md +++ b/docs/ideal-ux.md @@ -1,3 +1,38 @@ -# How Do I use lokinet? +# What does Lokinet actually do? -`// TODO: this` +Lokinet is an onion routed authenticated unicast IP network. It exposes an IP tunnel to the user and provides a dns resolver that maps `.loki` and `.snode` gtld onto a user defined ip range. + +Lokinet allows users to tunnel arbitrary ip ranges to go to a `.loki` address to act as a tunnel broker via another network accessible via another lokinet client. This is commonly known as an "exit node" but the way lokinet does this is much more generic so that term is not very accurate given what it actually does. + +# How Do I use Lokinet? + +set system dns resolver to use the dns resolver provided by lokinet, make sure the upstream dns provider that lokinet uses for non lokinet gtlds is set as desired (see lokinet.ini `[dns]` section) + +configure exit traffic provider if you want to tunnel ip traffic via lokinet, by default this is off as we cannot provide a sane defualt that makes everyone happy. to enable an exit node, see lokinet.ini `[network]` section, add multiple `exit-node=exitaddrgoeshere.loki` lines for each endpoint you want to use for exit traffic. each `exit-node` entry will be used to randomly stripe across per IP you are sending to. + +note: per flow (ip+proto/port) isolation is trivial on a technical level but currently not implemented at this time. + +# Can I run lokinet on a soho router + +Yes and that is the best way to run it in practice. + +## The "easy" way + +We have a community maintained solution for ARM SBCs like rasperry pi: https://github.com/necro-nemesis/LabyrinthAP + +## The "fun" way (DIY) + +It is quite nice to DIY. if you choose to do so there is some assembly required: + +on the lokinet side, make sure that the... + +* ip ranges for `.loki` and `.snode` are statically set (see lokinet.ini `[network]` section `ifaddr=` option) +* network interace used by lokinet is statically set (see lokinet.ini `[network]` section `ifname=` option) +* dns socket is bound to an address the soho router's dns resolver can talk to, see `[dns]` section `bind=` option) + +on the soho router side: + +* route queries for `.loki` and `.snode` gtld to go to lokinet dns on soho router's dns resolver +* use dhcp options to set dns to use the soho router's dns resolver +* make sure that the ip ranges for lokinet are reachable via the LAN interface +* if you are tunneling over an exit ensure that LAN traffic will only forward to go over the lokinet vpn interface