How do I disable WAN DHT so my IPFS isn't seeing any internet peers and only local?

Hello! I’ve spent a long time now trying to figure out how to disable the WAN DHT/Internet Peers from ever being considered by my IPFS. I need to use it internally and I’d like to disable the WAN DHT stuff.

How would I go about this? Thanks!

I tried --profile lowpower and it’s still looking for a hundreds of nodes according to the webui peers page.

Configure your peers with a private network

1 Like

Hey Hector, I’ve been trying this and can’t seem to get it working. Here is what I’m doing:

 = Executing set -eo pipefail; 
    ipfs shutdown || true
    pkill -9 ipfs || true
    rm -rf $HOME/.ipfs* || true
  
Error: no IPFS repo found in /Users/nathanpierce/.ipfs.
please run: 'ipfs init'

]] Preparing this machine as Bootnode
 = Executing set -eo pipefail; 
    mkdir -p $HOME/ipfs-cluster
  
 = Executing set -eo pipefail; 
    ipfs init
    ipfs bootstrap rm --all
  
generating ED25519 keypair...done
peer identity: 12D3KooWRJFbA72ziAAXedw5h7TaoUCQymZJMJHGNXbXKjGMmhhk
initializing IPFS node at /Users/nathanpierce/.ipfs
to get started, enter:

        ipfs cat /ipfs/QmQPeNsJPyVWPFDVHb77w8G42Fvo15z4bG2X8D2GhfbSXc/readme

removed /dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN
removed /dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa
removed /dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb
removed /dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt
removed /ip4/104.131.131.82/tcp/4001/p2p/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ
removed /ip4/104.131.131.82/udp/4001/quic/p2p/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ

 = Executing set -eo pipefail; 
    ipfs bootstrap add /ip4/127.0.0.1/tcp/4001/p2p/12D3KooWRJFbA72ziAAXedw5h7TaoUCQymZJMJHGNXbXKjGMmhhk
  
added /ip4/127.0.0.1/tcp/4001/p2p/12D3KooWRJFbA72ziAAXedw5h7TaoUCQymZJMJHGNXbXKjGMmhhk
 
= Executing set -eo pipefail; 
    export LIBP2P_FORCE_PNET=1
    ipfs daemon &>/tmp/ipfs-daemon.log &
    sleep 10
    ps aux | grep [i]pfs
    tail -100 /tmp/ipfs-daemon.log
  
nathanpierce     90247   0.0  0.0  4422584   1352 s006  S+    9:56PM   0:00.01 /bin/bash ./install-ipfs-cluster.bash norsegaud@192.168.0.136
Initializing daemon...
go-ipfs version: 0.7.0-ea77213
Repo version: 10
System version: amd64/darwin
Golang version: go1.14.12
2021-01-31T21:56:34.814-0500    ERROR   p2p-config      tried to create a libp2p node with no Private Network Protector but usage of Private Networks is forced by the enviroment
2021-01-31T21:56:34.814-0500    ERROR   cmd/ipfs        error from node construction: could not build arguments for function "github.com/ipfs/go-ipfs/core/node".PeerWith.func1 (src/github.com/ipfs/go-ipfs/core/node/peering.go:29): failed to build *peering.PeeringService: could not build arguments for function "github.com/ipfs/go-ipfs/core/node".Peering (src/github.com/ipfs/go-ipfs/core/node/peering.go:14): failed to build host.Host: received non-nil error from function "github.com/ipfs/go-ipfs/core/node/libp2p".Host (src/github.com/ipfs/go-ipfs/core/node/libp2p/host.go:40): privnet: private network was not configured but is enforced by the environment

Error: could not build arguments for function "github.com/ipfs/go-ipfs/core/node".PeerWith.func1 (src/github.com/ipfs/go-ipfs/core/node/peering.go:29): failed to build *peering.PeeringService: could not build arguments for function "github.com/ipfs/go-ipfs/core/node".Peering (src/github.com/ipfs/go-ipfs/core/node/peering.go:14): failed to build host.Host: received non-nil error from function "github.com/ipfs/go-ipfs/core/node/libp2p".Host (src/github.com/ipfs/go-ipfs/core/node/libp2p/host.go:40): privnet: private network was not configured but is enforced by the environment

This is preparing the bootstrap node. What am I doing wrong? I’m following the docs you provided.

It looks like you didn’t create a private swarm key. Check the docs for setting up a private network for running ipfs-swarm-key-gen. The swarm key needs to be copied to every node in your private network. I’m not sure if your config is for a boot node or non-boot node so I’m not sure if the bootstrap setting to localhost is correct.

I just recently did what you’re looking to do. It would be nice if there was an automated way of distributing the swarm key so that you could rekey if you needed to kick a node out. Or some way of doing swarm key revocation.

1 Like

Thanks Zachary, I did create a swarm key and I’m placing it into ~/.ipfs (it’s not shown in the output). I do the copy into ~/.ipfs/ right after the ipfs init.

Could be the localhost in the bootstrap server is doing it. Try changing it to your public ip… The error seems to be saying, “You said you want a private network but aren’t configured for it”. Maybe it’s seeing that the only bootstrap server is itself and is flagging that as an error.

1 Like

Thanks! Do you mean the ipfs bootstrap add /ip4/127.0.0.1/tcp/4001/p2p... that I’m doing when you say “localhost”?

Sorry, I’m a newb :slight_smile:

No worries. Ya, that’s the loopback address. Kind of a reflexive ip address.

Unless I’m mistaken, each node should have all the other nodes listed as bootstrap peers…

And

Each node should also have the swarm key…

So, if you have a set of private LAN nodes A, B, and C:

  • Put B and C LAN addresses in bootstrap for A
  • Put A and C LAN addresses in bootstrap for B
  • Put A and B LAN addresses in bootstrap for C

Remove all other bootstrap addresses. Copy the swarm key to…

  • A’s ~/.ipfs
  • B’s ~/.ipfs
  • C’s ~/.ipfs

Got it! Human error with the swarm.key file :slight_smile:

Seems to work. Thanks everyone <3

1 Like

@ipfsme Thanks worked for me as well.

Is there a workaround for not adding addresses manually as it does not look scalable. Suppose if you have 50 ipfs nodes in a private network . Do we need to manually add all the nodes in each other??