[router] # Configuration for routing activity. # Network ID; this is 'lokinet' for mainnet, 'gamma' for testnet. #netid=lokinet # Minimum number of routers lokinet will attempt to maintain connections to. #min-connections=4 # Maximum number (hard limit) of routers lokinet will be connected to at any time. #max-connections=6 # Optional directory for containing lokinet runtime data. This includes generated # private keys. #data-dir=/var/lib/lokinet # The number of threads available for performing cryptographic functions. # The minimum is one thread, but network performance may increase with more. # threads. Should not exceed the number of logical CPU cores. # 0 means use the number of logical CPU cores detected at startup. #worker-threads=0 [network] # Network settings # Snapp settings # Public key of a router which will act as a pinned first-hop. This may be used to # provide a trusted router (consider that you are not fully anonymous with your # first hop). #strict-connect= # The private key to persist address with. If not specified the address will be # ephemeral. keyfile=/caddy/data/snappkey.private # Set the endpoint authentication mechanism. # none/whitelist/lmq #auth= # lmq endpoint to talk to for authenticating new sessions # ipc:///var/lib/lokinet/auth.socket # tcp://127.0.0.1:5555 #auth-lmq= # lmq function to call for authenticating new sessions # llarp.auth #auth-lmq-method=llarp.auth # manually add a remote endpoint by .loki address to the access whitelist #auth-whitelist= # Determines whether we will publish our snapp's introset to the DHT. #reachable=1 # Number of hops in a path. Min 1, max 8. #hops=4 # Number of paths to maintain at any given time. #paths=6 # Whether or not we should act as an exit node. Beware that this increases demand # on the server and may pose liability concerns. Enable at your own risk. #exit=0 # When in exit mode announce we allow a private range in our introsetexmaple: # owned-range=10.0.0.0/24 #owned-range= # List of ip traffic whitelist, anything not specified will be dropped by us.examples: # tcp for all tcp traffic regardless of port # 0x69 for all packets using ip protocol 0x69udp/53 for udp port 53 # tcp/smtp for smtp port #traffic-whitelist= # Specify a `.loki` address and an optional ip range to use as an exit broker. # Example: # exit-node=whatever.loki # maps all exit traffic to whatever.loki # exit-node=stuff.loki:100.0.0.0/24 # maps 100.0.0.0/24 to stuff.loki #exit-node= # Specify an optional authentication code required to use a non-public exit node. # For example: # exit-auth=myfavouriteexit.loki:abc # uses the authentication code `abc` whenever myfavouriteexit.loki is accessed. # Can be specified multiple time to store codes for different exit nodes. #exit-auth= # Interface name for lokinet traffic. If unset lokinet will look for a free name # lokinetN, starting at 0 (e.g. lokinet0, lokinet1, ...). #ifname= # Local IP and range for lokinet traffic. For example, 172.16.0.1/16 to use # 172.16.0.1 for this machine and 172.16.x.y for remote peers. If omitted then # lokinet will attempt to find an unused private range. #ifaddr= # For all ipv6 exit traffic you will use this as the base address bitwised or'd with the v4 address in use. # To disable ipv6 set this to an empty value. # !!! WARNING !!! Disabling ipv6 tunneling when you have ipv6 routes WILL lead to de-anonymization as lokinet will no longer carry your ipv6 traffic. #ip6-range=fd00:: # Map a remote `.loki` address to always use a fixed local IP. For example: # mapaddr=whatever.loki:172.16.0.10 # maps `whatever.loki` to `172.16.0.10` instead of using the next available IP. # The given IP address must be inside the range configured by ifaddr= #mapaddr= # Adds a lokinet relay `.snode` address to the list of relays to avoid when # building paths. Can be specified multiple times. #blacklist-snode= # Specify SRV Records for services hosted on the SNApp # for more info see https://docs.loki.network/Lokinet/Guides/HostingSNApps/ # srv=_service._protocol priority weight port target.loki #srv= # time in seconds how long to wait for a path to align to pivot routers # if not provided a sensible default will be used #path-alignment-timeout= # persist mapped ephemeral addresses to a file # on restart the mappings will be loaded so that ip addresses will not be mapped to a different address #persist-addrmap-file=/var/lib/lokinet/addrmap.dat [paths] # path selection algorithm options # Netmask for router path selection; each router must be from a distinct IP subnet of the given size. # E.g. 16 ensures that all routers are using distinct /16 IP addresses. #unique-range-size=32 [dns] # DNS configuration # Upstream resolver(s) to use as fallback for non-loki addresses. # Multiple values accepted. #upstream=1.1.1.1 # Address to bind to for handling DNS requests. #bind=127.3.2.1:53 # Add a hosts file to the dns resolver # For use with client side dns filtering #add-hosts= # Can be uncommented and set to 1 to disable resolvconf configuration of lokinet DNS. # (This is not used directly by lokinet itself, but by the lokinet init scripts # on systems which use resolveconf) #no-resolvconf= [bind] # This section specifies network interface names and/or IPs as keys, and # ports as values to control the address(es) on which Lokinet listens for # incoming data. # # Examples: # # eth0=1090 # 0.0.0.0=1090 # 1.2.3.4=1090 # # The first bind to port 1090 on the network interface 'eth0'; the second binds # to port 1090 on all local network interfaces; and the third example binds to # port 1090 on the given IP address. # # If a private range IP address (or an interface with a private IP) is given, or # if the 0.0.0.0 all-address IP is given then you must also specify the # public-ip= and public-port= settings in the [router] section with a public # address at which this router can be reached. # Typically this section can be left blank: if no inbound bind addresses are # configured then lokinet will search for a local network interface with a public # IP address and use that (with port 1090). # Specify a source port for **outgoing** Lokinet traffic, for example if you want to # set up custom firewall rules based on the originating port. Typically this should # be left unset to automatically choose random source ports. #*=0 [api] # JSON API settings # Determines whether or not the LMQ JSON API is enabled. Defaults #enabled=1 # IP address and port to bind to. # Recommend localhost-only for security purposes. #bind=tcp://127.0.0.1:1190 [bootstrap] # Configure nodes that will bootstrap us onto the network # Whether or not to run as a seed node. We will not have any bootstrap routers configured. #seed-node=0 # Specify a bootstrap file containing a signed RouterContact of a service node # which can act as a bootstrap. Can be specified multiple times. #add-node= [logging] # logging settings # Log type (format). Valid options are: # file - plaintext formatting # json - json-formatted log statements # syslog - logs directed to syslog #type=file # Minimum log level to print. Logging below this level will be ignored. # Valid log levels, in ascending order, are: # trace # debug # info # warn # error #level=warn # When using type=file this is the output filename. If given the value 'stdout' or # left empty then logging is printed as standard output rather than written to a # file. #file=