cjdroute.conf man page

cjdroute.conf — Cjdns configuration file


The cjdroute.conf file configures the cjdns routing engine, cjdns(8), generally through cjdroute(1).

The configuration is written in a variation of the JSON format that also accepts traditional C-like comments such as single line comments (//) and multiline comments (/* and */). Additionally, unused JSON values found in cjdroute.conf are ignored by cjdns and can be used as a form of JSON-compliant comments.


"privateKey": "..."

Your node's private key. It should be kept secret because your confidentiality and data integrity depend on it.

"publicKey": "..."

Your node's public key. Based on your private key It is fine for anyone to know this.

"ipv6": "..."

Your node's IPv6 address when it is on the network. It is generated by using the first 16 bytes of a double SHA-512 of your public key. All cjdns IPv6 addresses must begin with "fc" or else they are invalid.

"authorizedPasswords": [...]

An array of passwords that may be used to connect (peer) to your node.

"password": "..."
A password which can be used to peer with your node.

"user": "..."
An optional human-readable string that identifies what password a peer is using on the admin interface. If omitted, the password will be identified by its position within the array (starting from 0)

{ "password": "AnExamplePassword", "user": "Bob" },
{ "password": "YetAnotherExample", "user": "Alice" },
{ "password": "j3fus4r3gkhv80xdz1yqc0qvn1p91hr", "user": "Eve" }

"admin": {...}

An object which defines where to bind to the admin RPC server as well as the password for the admin RPC server. The two required strings are "bind", which should be in the format "IP:PORT", and "password", which should preferably be a long random string of characters.

"interfaces": {...}

An object that defines which interfaces cjdns will bind to and what peers to connect to. There are two different interfaces, UDPInterface and ETHInterface, both of which are arrays. Within each array there are a variety of different options

"bind": "..."
Defines what the interface should bind to. In UDPInterface, the bind is an IP:PORT string, such as "", while in ETHInterface the bind is a network interface, such as "eth0".

"beacon": Integer
This option is only found in ETHInterface and defines whether auto-connecting beacons should be sent or listened to. This is useful for a zeroconf local network.

0 -- Disabled.
1 -- Accept incoming beacons and try connecting to the sender.
2 -- Accept incoming beacons and broadcast beacons to the local network.

"connectTo": {...}
Defines which nodes cjdns should connect to with the specified interface. Multiple nodes may be placed in a single "connectTo" as long as each are seperated by commas. If a node happens to be offline or become offline during runtime, cjdns will attempt to reconnect at regular intervals. The one difference in this option between UDPInterface and ETHInterface is that UDPInterface connects to an "IP:PORT" while ETHInterface connects to a MAC address.

UDPInterface Example:
"password": "password From Your Peer's authorizedPasswords",
"publicKey": "Your Peer's publicKey.k"
"password": "Correct Horse Battery Staple",
"publicKey": "Other Peer's publicKey.k"
} }

"router": {...}

An object that holds configuration information on the router

"interface": {...}
Defines the type of interface used for connecting to the cjdns network. It requires a "type" string, and optionally a "tunDevice" string. The "type" string defines the type of interface used, however only "TUNInterface" is supported at the moment. The "tunDevice" string defines the name of a persistent TUN device to use, which is helpful for starting cjdroute as its own user instead of root.

"ipTunnel": {...}
A system for tunneling ICANN IPv4 and ICANN IPv6 through cjdns. This is using the cjdns switch layer as a VPN carrier.

NOTE: Simply editing your configuration file is not sufficient to setting up an ipTunnel gateway. Please read through tunnel/README.md in the cjdns git tree for more information

"allowedConnections": [...]
Nodes allowed to connect to us, specified by their public key, and what IP address(es) to give them. It is fine to only specify one address.


"publicKey": "f64hfl7c4uxt6krmhPutTheRealAddressOfANodeHere7kfm5m0.k",
"ip4Address": "",
"ip4Prefix": 24,
"ip6Address": "2001:123:ab::10",
"ip6Prefix": 0
"publicKey": "ydq8csdk8p8ThisIsJustAnExampleAddresstxuyqdf27hvn2z0.k",
"ip4Address": "",
"ip4Prefix": 24

"outgoingConnections": [...]
An array of nodes to connect and ask for IP addresses.



"security": [...]

An array that defines what user to change to after startup and whether to exempt the Angel process from this user change.

"setuser": "username"
User to switch to after startup, for security purposes. Default value is "nobody".

"exemptAngel": Integer
Whether or not to exempt the Angel process from the user change. The Angel is a small isolated piece of code which exists outside of the core's strict sandbox but does not handle network traffic. This option must be enabled for ipTunnel to automatically set IP addresses for the TUN device.

0 -- False
1 -- True

"logging": {...}

Add or uncomment "logTo":"stdout" to have cjdns log to stdout rather than making logs available via the admin socket

"noBackground": Integer

If set to a non-zero value, cjdns will not fork to the background. Recommended for use in conjunction with "logTo":"stdout".

"dns": {...}

This section is used to configure the dns capabilities being added to cjdns. Unfortunetly, there is no documentation for this DNS section at this time.

"keys": [...]

"servers": [...]

"MinSignatures": Integer



A common location for the configuration file.

See Also

cjdroute(1), cjdns(8)


Explore man page connections for cjdroute.conf(5).