URnetwork Providers
URnetwork is a decentralized VPN where egress capacity is provided by anyone who wants to participate in the network, called a provider. A provider connects to a network space, which is a distributed set of servers that manage and faciliate the network using the URnetwork API and connect protocol. Users authenticate with the network space to use the network for security, privacy, anonymity, and content acccess.
The main URnetwork space follows a set of trust and safety rules and an economic model that keeps the network safe for providers, and rewards providers for participating. The network is free to use with a data cap, where users can become a supporter to get a higher data cap and priority speeds. The main URnetwork space supports email, SMS, Google, and Apple authentication.
Provide using an app
URnetwork builds apps for popular consumer platforms. Our goal is to support as much existing hardware as possible and make it "one tap" to get set up as a provider. When you install an app, select "Provide while disconnected" from the settings to enable always-on provider. Otherwise, the provider is only active while you are connected to the network.
Provide using a binary
The provider
binary compiles to run on Linux, Windows, macOS. For information on specific IoT and router platforms see Raspberry Pi, EdgeOS, and RouterOS.
The binary runs as any user and does not require special permissions.
The binary can be compiled and deployed from source, or deployed with our pre-built docker container. Both methods are documented below.
Provider binary
Run the following commands to build the provider
binary from source. You will need go
version of at least 1. and git
.
To initialize a provider on your network, follow the steps below.
Log into your network in the web UI. You can create a new network here also.
Once logged in, there is an button in the dialog called "Copy an Auth Code". Tap that button to copy a time-limited auth code. You'll use this in the next step to generate a local JWT file.
./provider auth
. Paste the auth code at the prompt to enter the auth code.You should see output that says "Saved auth to ~/.urnetwork/jwt". Now any provider that runs in your user will be authenticated to your network. You can copy the
$HOME/.urnetwork
dir to new environments to quickly set up the provider.
To run a provider on your network, run the command below.
This runs in the foreground and provides egress capacity to the network until killed. Payouts are made to the wallet set up in the network. You can use one of the apps to set up your wallet.
To run a provider all the time in the background, follow the steps below.
Linux
On modern Linux, background processes are managed with systemd
using the commands systemctl
and journalctl
for logs. The following steps set up a basic systemd unit to run the provider binary using the configuration at $HOME/.urnetwork
.
Download the latest systemd template from Github
Edit the
/path/to/provider
to the actual provider pathEdit the
$USER
to the user you want to run asMake sure for that user,
$HOME/.urnetwork
is in placesudo cp <EDITED urnetwork-provider.service> /etc/systemd/system/urnetwork-provider.service
sudo systemctl enable urnetwork-provider.service
Verify the unit is running with
journalctl -u urnetwork-provider.service
. You should see the message "Running on port XX".You're all set!
macOS
On modern macOS, background processes are managed with launchd
using the command launchctl
while the logs get appended to /var/log/system.log
. The following steps set up a basic launchd unit to run the provider binary using the configuration at $HOME/.urnetwork
.
Download the latest launchd template from Github
Edit the
/path/to/provider
to the actual provider pathEdit the
$USER
to the user you want to run asMake sure for that user,
$HOME/.urnetwork
is in placesudo cp <EDITED urnetwork-provider.plist> /Library/LaunchAgents/urnetwork-provider.plist
sudo launchctl load /Library/LaunchAgents/urnetwork-provider.plist
sudo launchctl start /Library/LaunchAgents/urnetwork-provider.plist
Verify the unit is running with
tail -f /var/log/system.log | grep -i provider
. You should see the message "Running on port XX"You're all set!
Provider binary on multiple platforms
If you want to build the binary for multiple platforms, use the Makefile.
Choose the provider
binary for your OS and architecture.
Note: darwin
is for macOS
Note: if you have a modern Intel or AMD processor, choose amd64
. If you have a modern Apple or Qualcomm processor, choose arm64
. Otherwise for Linux IoT and router platforms, run uname -m
to find your architecture.
Note: you can download pre-built binaries from the nightly releases
Provider container
We publish an image for following the warp convention to make running an up-to-date provider easier. We continuously update the image with 4 service blocks, where the last block (g4
) has been tested the longest and hence is the most stable.
g1
g2
g3
g4
Note: the images are built for amd64 and arm64 architectures only.
To initialize with the latest, most stable version, run the command below.
To run the latest, most stable version, run the command below.
You can adapt the commands from the section To run a provider all the time in the background, follow the steps below to use docker run bringyour/community-provider:g4-latest --mount type=bind,source=$HOME/.urnetwork,target=/root/.urnetwork
instead of /path/to/provider
.
To update your provider, just run docker pull bringyour/community-provider:g4-latest
. A new g4 is published about once a month. You can see the changelogs in the releases section of the Github repo.
Main Network Space
The main URnetwork space is below. Anyone can host a network space by deploying and maintaining the services in the server repo. The main network space is continuously deployed with the warp tools, where the continuous versions are committed as tags on GitHub for transparency.
api.bringyour.com
API server
connect.bringyour.com
Connect protocol server
extender.bringyour.com
Public extender server. Users can run their own extenders in a secure location to have their own IP to access the network, which is benefitial for some network access situations.
The provider tools use the main network space by default.
Last updated