From 38feda15946e22613696ec058e01d6960175bac3 Mon Sep 17 00:00:00 2001 From: 0xflotus <0xflotus@gmail.com> Date: Thu, 14 Nov 2019 10:17:05 +0100 Subject: [PATCH 1/3] fixed small error --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b571459d0..f4ae216ee 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ZeroTier is a smart programmable Ethernet switch for planet Earth. It allows all This is accomplished by combining a cryptographically addressed and secure peer to peer network (termed VL1) with an Ethernet emulation layer somewhat similar to VXLAN (termed VL2). Our VL2 Ethernet virtualization layer includes advanced enterprise SDN features like fine grained access control rules for network micro-segmentation and security monitoring. -All ZeroTier traffic is encrypted end-to-end using secret keys that only you control. Most traffic flows peer to peer, though we offer free (but slow) relaying for users who cannot establish peer to peer connetions. +All ZeroTier traffic is encrypted end-to-end using secret keys that only you control. Most traffic flows peer to peer, though we offer free (but slow) relaying for users who cannot establish peer to peer connections. The goals and design principles of ZeroTier are inspired by among other things the original [Google BeyondCorp](https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43231.pdf) paper and the [Jericho Forum](https://en.wikipedia.org/wiki/Jericho_Forum) with its notion of "deperimeterization." From e744c95c5bd5bc63900d04bc2d2a5f5c313d0b7e Mon Sep 17 00:00:00 2001 From: Travis LaDuke Date: Fri, 15 Nov 2019 10:27:48 -0800 Subject: [PATCH 2/3] Add Managed Routes example to controller readme. --- controller/README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/controller/README.md b/controller/README.md index 368613a69..0a76ebbc7 100644 --- a/controller/README.md +++ b/controller/README.md @@ -134,6 +134,26 @@ IPv6 ranges work just like IPv4 ranges and look like this: That defines a range within network `fd00:feed:feed:beef::/64` that contains up to 2^64 addresses. If an IPv6 range is large enough, the controller will assign addresses by placing each member's device ID into the address in a manner similar to the RFC4193 and 6PLANE modes. Otherwise it will assign addresses at random. +**Managed Route object format:** + +| Field | Type | Description | +| --------------------- | ------------- | ------------------------------------------------- | +| target | string | Subnet in CIDR notation | +| via | string/null | Next hop router IP address | + +Managed Route objects look like this: + + { + "target": "10.147.20.0/24" + } + +or + + { + "target": "192.168.168.0/24", + "via": "10.147.20.1" + } + **Rule object format:** Each rule is actually a sequence of zero or more `MATCH_` entries in the rule array followed by an `ACTION_` entry that describes what to do if all the preceding entries match. An `ACTION_` without any preceding `MATCH_` entries is always taken, so setting a single `ACTION_ACCEPT` rule yields a network that allows all traffic. If no rules are present the default action is `ACTION_DROP`. From b6b11dbf8242ff17c58f10f817d754da3f8c00eb Mon Sep 17 00:00:00 2001 From: Travis LaDuke Date: Wed, 25 Mar 2020 10:26:14 -0700 Subject: [PATCH 3/3] Document allowSecondaryPort --- service/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/service/README.md b/service/README.md index c77ee5110..6ad0ccfef 100644 --- a/service/README.md +++ b/service/README.md @@ -29,6 +29,7 @@ Settings available in `local.conf` (this is not valid JSON, and JSON does not al "secondaryPort": 1-65535, /* If set, override default random secondary port */ "tertiaryPort": 1-65535, /* If set, override default random tertiary port */ "portMappingEnabled": true|false, /* If true (the default), try to use uPnP or NAT-PMP to map ports */ + "allowSecondaryPort": true|false /* false will also disable secondary port */ "softwareUpdate": "apply"|"download"|"disable", /* Automatically apply updates, just download, or disable built-in software updates */ "softwareUpdateChannel": "release"|"beta", /* Software update channel */ "softwareUpdateDist": true|false, /* If true, distribute software updates (only really useful to ZeroTier, Inc. itself, default is false) */