Getting Started

Please note that connecting as a client or server does not provide instructions for installing the root certificate authority required for HTTPS. Please see RISENet Root CA for information on how to set up the certificate required.

As a Client

Connecting to RISENet as a client is straightforward with ST4RGATE. We use the NetBird client to connect, and as soon as this is set up on your device you're ready to go. Clients can only form outbound connections, they cannot host any services due to NetBird's firewall. See the instructions on joining as a server for how to get around this.

1. Install NetBird

Install NetBird from their official documentation. On Linux, this can be achieved with curl -fsSL https://pkgs.netbird.io/install.sh | sh, though in many cases a method more suitable to your distribution is available.

OS-Specific Links:

Note that mobile devices may currently experience compatibility issues if IPv6 is not supported.

2. Log In

Laptop/PC

This step will depend on your device. The Windows and macOS clients have GUIs available, however the CLI app can also be used as shown below: netbird up --management-url https://vpn.lab.st4rburn.dev d5e9f0f2a70f6f19192b72c1d52abe56.png

You should open this link in your browser.

Mobile

Upon opening the app, you may be able to immediately add a profile / configure the default. If not, navigate to settings: 9930FFCF-9FFB-4975-9DC8-D48D41FC26C4.png

From here, add a profile with this specific server value: https://vpn.lab.st4rburn.dev:443 78F44624-2EC5-4B3B-9D08-F9E1422DFC08.png

SSO

Upon logging in / setting up your profile, you'll an SSO page like this: f1fb1fec96420bd461d0c7c957378238.png

Select the 'Discord' option and log in with your Discord account. After successful authentication, you should be able to connect.

Note that for new users this will not provide immediate access. You first need to be verified. This can be done by either logging in to the account console ahead of time and being verified when your account is seen, or pinging/DMing @aurillium on Discord. If I know who you are on Discord or one of RedRoom's staff can vouch for you, I'll verify you and you will be able to access RISENet - this may require reauthenticating.

As a Server

Connecting as a server is also relatively easy, only requiring a few additional steps.

1. Firewall

If you haven't already, install NetBird following the instructions above. When you connect as a server, you will need to pass the --disable-firewall flag like so:

netbird up --management-url https://vpn.lab.st4rburn.dev --disable-firewall

The impact of this flag in this environment is very low, as your host will only be able to directly peer with ST4RGATE's router, which should prevent any non-RISENet traffic reaching you.

If you want to certain however, the following nftables rules will block all traffic which does not come from RISENet on the NetBird interface (wt0 unless otherwise specified).

table inet filter {
    chain input {
        type filter hook input priority 0;
        policy accept;

        iifname "wt0" ct state established,related accept
        iifname "wt0" ip6 saddr fdb3:7561::/32 accept
        iifname "wt0" ip4 saddr 10.128.0.0/10 accept
        iifname "wt0" drop
    }
}

This allows you to initiate outbound connections (traffic for already started connections is allowed through ct state established,related), and allows all RISENet IP addresses inbound, but blocks everything else.

2. IP Address

Most ST4RGATE connections are currently NATed, meaning the IP address you see via ip addr or similar does not match that which clients can find you on. The simplest way to work out your RISENet IP address is by performing the following translation:

  1. See the initial IP: fd6d:7362:0:ff00:79ea:d7c1:ee3c:7959

  2. Take the last four sections: 79ea:d7c1:ee3c:7959

  3. Prepend fdb3:7561:a000:fffe:: fdb3:7561:a000:fffe:79ea:d7c1:ee3c:7959

This results in fdb3:7561:a000:fffe:79ea:d7c1:ee3c:7959, which is the IP other RISENet devices can reach you on. In future a simple wrapper for NetBird will be developed which adds your RISENet IP as a visible IP on the network interface, however for now this translation and/or IP lookup pages must be used.

RISENet Root CA

While the instructions above allow for the usage of the RISENet network, HTTPS and other services secured with TLS will require the installation of a root certificate. This is the ultimate source of cryptographic authority for all RISENet domains

Instructions on how to install this vary between operating systems, however searching 'Install root CA on (OS name)' will generally provide straightforward results.

The file can be downloaded here, and is also available as raw ASCII below. root_ca.crt

Raw Certificate

-----BEGIN CERTIFICATE-----
MIIDBDCCAoqgAwIBAgIQCLbB3x7xePQgx0GmOoY0BDAKBggqhkjOPQQDAzAaMRgw
FgYDVQQDEw9SSVNFTmV0IFJvb3QgQ0EwIBcNMjYwNjE0MDYzMjA1WhgPMjEyNjA2
MTUwNjMyMDVaMBoxGDAWBgNVBAMTD1JJU0VOZXQgUm9vdCBDQTB2MBAGByqGSM49
AgEGBSuBBAAiA2IABOX7ahSQbmc54wKDd9ZfloCiJ88qTjeeyCyOG6OQt4E5pP4Q
/h+4r4O/SQhpcfF2/MJ8EX1u6bUzGPcwilu73xvDwKD7QwNv1F921PRwSv0hU7WK
vgh5UE9K05WUAOqyCqOCAZEwggGNMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E
CDAGAQH/AgECMB0GA1UdDgQWBBTs8oShrXuuFTB8WfyTshdZ4R7ipzCCAUYGA1Ud
HgEB/wSCATowggE2oIIBMjAMggpyaXNlbmV0LmF1MAmCB3Jpc2VuZXQwB4IFcmlz
ZW4wBoIEcmlzZTAEggJycjAJggdyZWRyb29tMAeCBWNhc3NhMAmCB3N0dWRlbnQw
CIIGYWx1bW5pMAmCB2ZhY3VsdHkwCIIGaGFja21lMAWCA3B3bjAFggNjdGYwBYID
bnlhMAaCBGJvcmswBYIDdXd1MAWCA3JzcDAMgQpyaXNlbmV0LmF1MAmBB3Jpc2Vu
ZXQwB4EFcmlzZW4wBoEEcmlzZTAEgQJycjAJgQdyZWRyb29tMAeBBWNhc3NhMAmB
B3N0dWRlbnQwCIEGYWx1bW5pMAmBB2ZhY3VsdHkwCIEGaGFja21lMAWBA3B3bjAF
gQNjdGYwBYEDbnlhMAaBBGJvcmswBYEDdXd1MAWBA3JzcDAKBggqhkjOPQQDAwNo
ADBlAjAgKrxpJbuKK9mFRTWD6fXZXs5WrL4TBVXrG6dJU1RgEdWVoM2tZdn6HE27
rbTvLSYCMQCvZQqiek1c2CiOq6bqR53WUwBcFMqVsux481m/JqibmbFPYV1SlcLA
oLDlOAuC2ME=
-----END CERTIFICATE-----