Advertisement

You are here: Home > How-to > Link


How to Link UnrealIRCD 4.0.3 with Anope 2.0.3


Appearently there is alot of confusion when it comes to linking Unreal and Anope together. Suprisingly this is a very simple task.

What's required to follow this "tutorial" if you will is a bit of knowledge that you as a Server Admin should already have:

1> basic understanding of editing files in your OS.
2> basic understanding of how to start applications in your OS.
3> knowledge of /squit and /connect (stuff you should have learned on your first day as an IRCop
4> In depth knowledge of IRC and how it works is recommended.
5> the patience required to actually read this.


Lets begin by understanding that Anope is connected to the network as a trusted connection as is any other ircd. Where Services is different is it has some "super powers", these special permissions are granted via ulines. ulines are case sensitive and must exist on every server BEFORE services connects! This is very important. If I have already confused you, stop reading and consult your IRCd documentation of ulines, aka U:Lines aka ulines block, super block or trusted block.

So we can see the relationship between the components better I have elected to color code each requirement so that you can see how everything matches up.

Now down to business:

1> services is going to be named services.yournet.org
2> our unrealircd version is unrealircd4.0.3
2> our anope version anope2.0.3
3> our services IP is 1.2.3.4
4> our server IP is 1.2.3.4
5> our port is 6900 { any unused port between 1025 and 65535 may be used for linking services. }
6> our password is 'Your-Services-Link-Password' (without the quotes)

This is what your unrealircd.conf should contain:

link services.yournet.org { /* edit this line */
incoming {
mask *;
};
outgoing {
bind-ip *;
hostname 1.2.3.4; /* edit this line */
port 6900;
options { ssl; };
};
password "Your-Services-Link-Password"; /* edit this line */
class servers;
};

ulines {
services.yournet.org; /* edit this line */
};


This is what your services.conf should contain:

uplink
{

host = "1.2.3.4" /* edit this line */
ipv6 = no
ssl = yes
port = 6900
password = "Your-Services-Link-Password" /* edit this line */
}

Do NOT forget to change services.yournet.org with your services hostname, and chose your own Link password and port


How to Link UnrealIRCD 3.2 with UnrealIRCD 4


This page explains how to securely link two (or more) UnrealIRCd servers so you have a multi-server network. This tutorial applies to both UnrealIRCd 4 and the older UnrealIRCd 3.2.x (and mixing both).

Use SSL

You should be using SSL/TLS for all your server links. Why? Because sensitive data will travel between server links, including passwords, private messages and more.

UnrealIRCd 4 has SSL/TLS enabled by default and on initial installation has prompted you to create a certificate. So, you're all set.

On UnrealIRCd 3.2.x on the other hand you must enable it explicitly during ./Config on *NIX (and then re-compile) while on Windows you must use the SSL version of UnrealIRCd (we offer both on our site).

Unsure if you have SSL enabled? Type '/VERSION' as IRCOp(!) and if it outputs a line like 'OpenSSL X.Y.Z xxxxxxx' (among other things) then your server has SSL support enabled.

Grab the SSL fingerprint of your servers

We will need this in next step. Do this on both servers and write them down.

Run the following command on the shell. In UnrealIRCd 4 you run this from the ~/unrealircd/conf/ssl directory (or wherever you installed UnrealIRCd to), on 3.2.x you run it from Unreal3.2.X (or your installation target):

openssl x509 -sha256 -fingerprint -noout -in server.cert.pem

This will output something like:

SHA256 Fingerprint=EB:1F:5C:B0:E6:EE:DF:AE:A7:56:83:87:A1:8A:AE:E2:D2:B4:70:AF:D8:DD:C2:19:30:18:75:B0:CE:EF:D6:12

Here, EB:1F:5C:B0:E6:EE:DF:AE:A7:56:83:87:A1:8A:AE:E2:D2:B4:70:AF:D8:DD:C2:19:30:18:75:B0:CE:EF:D6:12 is the actual fingerprint.

TODO: make easier!!

Setting up link blocks

In the example below we assume you have two servers. One is named alpha.zera.org and the other one is called beta.zera.org. Simply replace the names with the actual names of your server.

UnrealIRCd 4 (New)

In the unrealircd.conf on alpha.zera.org you add a link block to link with beta.zera.org:

link beta.zera.org {
    incoming {
        mask *;
    };
    outgoing {
        bind-ip *; /* or explicitly an IP if you have a shell provider, as mentioned in step 2 */
        hostname beta.zera.org; /* or if 'beta.zera.org' does not exist then you can use an IP or something like 'beta.dyndns.org' */
        port 6900; /* the special SSL server port we opened up earlier */
        options { ssl; };
    };
    password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* put the SSL fingerprint of beta.zera.org here */
    hub *;
    class servers;
};

Similarly, on beta.zera.org configure the block to link with alpha.zera.org:

link alpha.zera.org {
    incoming {
        mask *;
    };
    outgoing {
        bind-ip *; /* or explicitly an IP if you have a shell provider, as mentioned in step 2 */
        hostname alpha.zera.org; /* or if 'alpha.zera.org' does not exist then you can use an IP or something like 'alpha.dyndns.org' */
        port 6900; /* the special SSL server port we opened up earlier */
        options { ssl; autoconnect; };
    };
    password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* put the SSL fingerprint of alpha.zera.org here */
    hub *;
    class servers;
};

UnrealIRCd 3.2.x (Old)

In the unrealircd.conf on alpha.zera.org you add a link block to link with beta.zera.org:

link beta.zera.org {
    username *;
    hostname *;
    bind-ip *; /* or explicitly an IP if you have a shell provider, as mentioned in step 2 */
    port 6900; /* the special SSL server port we opened up earlier */
    password-connect "*";
    password-receive "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF" { sslclientcertfp; }; /* replace 00:11etc.. with the SSL fingerprint of beta.zera.org */
    hub *;
    class servers;
    options { ssl; };
};

Similarly, on beta.zera.org configure the block to link with alpha.zera.org:

link alpha.zera.org {
    username *;
    hostname alpha.zera.org; /* or if 'alpha.zera.org' does not exist then you can use an IP or something like 'alpha.dyndns.org' */
    bind-ip *; /* or explicitly an IP if you have a shell provider, as mentioned in step 2 */
    port 6900; /* the special SSL server port we opened up earlier */
    password-connect "*";
    password-receive "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF" { sslclientcertfp; }; /* replace 00:11etc.. with the SSL fingerprint of beta.zera.org */
    hub *;
    class servers;
    options { ssl; };
};

NOTE: Since 3.2.x is a little less flexible, above we set it up so beta.zera.org will always link to alpha.zera.org and never the other way around.

UnrealIRCd 4 to 3.2.x (New to Old)

On your UnrealIRCd 4 server alpha.zera.org you add a link block to link with beta.zera.org:

link beta.zera.org {
    incoming {
        mask *;
    };
    outgoing {
        bind-ip *; /* or explicitly an IP if you have a shell provider, as mentioned in step 2 */
        hostname beta.zera.org; /* or if 'beta.zera.org' does not exist then you can use an IP or something like 'beta.dyndns.org' */
        port 6900; /* the special SSL server port we opened up earlier */
        options { ssl; };
    };
    password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* put the SSL fingerprint of beta.zera.org here */
    hub *;
    class servers;
};

Similarly, on your UnrealIRCd 3.2.x server beta.zera.org you add a link block to link with alpha.zera.org:

link alpha.zera.org {
    username *;
    hostname alpha.zera.org; /* or if 'alpha.zera.org' does not exist then you can use an IP or something like 'alpha.dyndns.org' */
    bind-ip *; /* or explicitly an IP if you have a shell provider, as mentioned in step 2 */
    port 6900; /* the special SSL server port we opened up earlier */
    password-connect "*";
    password-receive "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF" { sslclientcertfp; }; /* replace 00:11etc.. with the SSL fingerprint of beta.zera.org */
    hub *;
    class servers;
    options { ssl; };
};

NOTE: Since 3.2.x is a little less flexible, above we set it up so beta.zera.org will always link to alpha.zera.org and never the other way around.

UnrealIRCd 3.2.x to 4 (Old to New)

On your UnrealIRCd 3.2.x server alpha.zera.org you add a link block to link with beta.zera.org:

link beta.zera.org {
    username *;
    hostname *;
    bind-ip *; /* or explicitly an IP if you have a shell provider, as mentioned in step 2 */
    port 6900; /* the special SSL server port we opened up earlier */
    password-connect "*";
    password-receive "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF" { sslclientcertfp; }; /* replace 00:11etc.. with the SSL fingerprint of beta.zera.org */
    hub *;
    class servers;
    options { ssl; };
};


Similarly, on your UnrealIRCd 4 server beta.zera.org you add a link block to link with alpha.zera.org:

link alpha.zera.org {
    incoming {
        mask *;
    };
    outgoing {
        bind-ip *; /* or explicitly an IP if you have a shell provider, as mentioned in step 2 */
        hostname alpha.zera.org; /* or if 'alpha.zera.org' does not exist then you can use an IP or something like 'alpha.dyndns.org' */
        port 6900; /* the special SSL server port we opened up earlier */
        options { ssl; autoconnect; };
    };
    password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* put the SSL fingerprint of alpha.zera.org here */
    hub *;
    class servers;
};

Autoconnect

In the example of above we added autoconnect (in link::outgoing::options) in beta.zera.org's config. This means beta will automatically try to link to alpha every class::connfreq seconds (configured in step 3: every 30 seconds). You can also choose to autoconnect the other way around or not to autoconnect at all. While it's also possible to autoconnect from both sides (especially in UnrealIRCd 4) we generally don't recommend it.

Rehash

Rehash both servers (or restart them if you are lazy and you have no users on them). We recommend to rehash a server as IRCOp by executing '/REHASH' on IRC.

If you restarted or did the '/REHASH' as an IRCOp you should see directly if there are any warnings or errors in your configuration. If so, fix them now.