IPFS private networking issue

Hey guys,

I’ve followed the suggested steps to establish a private IPFS network with another peer:

  1. store under ~user/.ipfs/swarm_key
  2. ipfs daemon
  3. ipfs bootstrap rm --all
  4. ipfs swarm peers (verify that I have no peers)
  5. ipfs id
  6. ipfs bootstrap add $FULL_ADDRESS_PEERID_OF_THE_OTHER_NODE

but unfortunately the other peer’s or mine IP addresses in ipfs id seem to be internal IPs:

$ ipfs id
“ID”: “QmZnhS8np1N1yPeJEV2WrH9pFYgErWpQshSUQz2HcRsYoq”,
“PublicKey”: “CAASpgIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC010qO9hK53Tue4orKlJkMYyHr00VZoupa5/KIvDV9NZ801IdBuPwTLPUoGRU5Hps04lXaTVXO8wynzVOVEfukuQqaYEnEMk5TttmV3PzNmuGNsgMHyXsgvRZ9xQIaFjz2pqVsz5LVv+YxN5QCkGRWCFuLYcNSSypTtMJkxSlbQySl/i7z8oAjRa1NiK1duRf7Ujux1imTk2Pe23BcuFatUo9Lq3NWp/0siU+3jdpeAF/h8gEPs6nt8jXMJLvPgQXCHZLzmimHnrQSHt6NdLRwimZ3d1pp24JYNlHsr3JJuOZ+oftWHYDSymzsy9aOZ2vvJ+aquv4nkjK0QyrN5mJHAgMBAAE=”,
“Addresses”: [
“AgentVersion”: “go-ipfs/0.4.11-rc2/”,
“ProtocolVersion”: “ipfs/0.1.0”

What am I doing wrong?

OK it seems that it’s not possible to setup an IPFS private network across the internet. As far as I can see the same thing occurs in an ipfs-cluster.

Both of them have been designed for intranets and local organization networks, right?

Are these the instructions you’re looking at? https://github.com/ipfs/go-ipfs/blob/master/docs/experimental-features.md#private-networks

If your bootstrap node doesn’t have a public IP I’m not sure how that’s going to work. It sounds like you’ll need to

  1. update the IP address for the bootstrap node to the public IP (instead of using any internal IP)
  2. set up port forwarding in the bootstrap node’s router to make the bootstrap node reachable by the other nodes

Yes @leerspace these are the exact steps I follow. The whole idea of IPFS is to not making extra configuration of port forwarding, etc. Anyways, it seems that this kind of feature (private networking) is not that mature yet, I’ll have to look for another decentralized framework. However, thanks for you response!

While I don’t agree that this is the whole idea of IPFS (but helps adoption and usability), using it with default settings generally doesn’t require any additional configuration for most users. For the advanced (and currently experimental) case of setting up your own private network, I don’t think it’s unreasonable to expect a little bit of configuration; and this case it seems to only be required because the bootstrap node doesn’t have a public IP address that’s reachable from the other node.

Even as private networking matures, I’m not sure how it can possibly get around the fact that bootstrap nodes need to be reachable from the nodes trying to join the network.

I don’t know if it’ll do what your looking for, the configuration doesn’t look as easy, and I’m sure your nodes will still need to be able to reach each other over the network, but you might be interested in Camlistore – which is similar to IPFS in some ways but seems more geared towards personal storage. Hopefully you find something that works for your use case.

Thanks a lot @leerspace, I’ll give it a try to Camlistore.

Hi @mariosk, your ipfs/ipfs-cluster nodes need to be able to reach each other across the internet for a private network.

The whole idea of IPFS is to not making extra configuration of port forwarding, etc

That’s not accurate. When you start an ipfs node, it will contact one of the public bootstrap servers which in turns figures out your node’s external IP and does some basic NAT hole punching for you. If you run a private network, you need to at least bring up a reachable bootstrap server for it.

In regards to ipfs-cluster, all peers in the cluster should be able to reach each others and will possibly work better if ipfs daemons in it can do so as well.

1 Like

I’m using IPFS in conjunction with tinc. Setting it up with the swarm.key and LIBP2P_FORCE_PNET=1, so far no issues. Also, not sure if swarm_key is a typo on your side, but mine is swarm.key, not swarm_key.

Hi @dochench, yes swarm_key is a typo. Even with LIBP2P_FORCE_PNET=1 I still don’t get the public interface. Anyways, thanks for your help.

I am really interested in this discussion on ‘do things need to be configured’ to obtain a private network. I can’t work out whether you got the question answered from above. Just curious.

Hi @ChristopherTownsend, well the response is that the private networking feature works fine for a real private and local network. If you want to make it work with public internet interfaces you should do manual configurations like port forwarding, NAT, etc.

Great - thanks for the clarity. Christopher

Maybe this is a stupid question, but -

Is there a formal definition of an IPFS bootstrap node? Or even just a 1 paragraph description of what such a node does (it’s role in an ipfs network).

I don’t think the IPFS bootstrap nodes are a whole lot different than what’s described in the relatively short bootstrapping node article on Wikipedia. My understanding of IPFS bootstrap nodes is that by default, any regular IPFS node can be a bootstrap node by helping nodes connecting to it find other peers in the swarm to connect to.

Yes, ipfs default bootstrap nodes are just regular ipfs daemons that the IPFS team keeps running and available. You can change the list of bootstrap nodes to other, they do nothing special, but peer discovery might take longer then. Also, ipfs does mDNS discovery on the local network so if there are other nodes running nearby, it might just connect without even needing an explicit bootstrap.

Thanks for the responses to my question (edit: and I hope I’m not jacking this thread).

So am I understanding correctly that if I set up a private IPFS network, any node can act as a bootstrap node as long as it’s running? I don’t need to do anything special other than run the IPFS daemon on it?

Yes, that is correct @WhoopItUp :slight_smile: