Skip to content

Configuration

Jump to bottom
egg82 edited this page Feb 19, 2021 · 21 revisions

Contents

  • Home
  • Why Anti-VPN?

Setup

Features

  • Plugin Support
    • PLAN
    • PlaceholderAPI
    • LuckPerms/Vault

Developers

Clone this wiki locally

Storage

The storage section is how Anti-VPN stores long-term data. Let's break the section down.

storage:

The engines section shows various storage engines and their related settings. Each engine's enabled must be set to true in order for that engine to be used in the plugin. The connection section will allow you to configure how the plugin connects to the storage engine. Things like connection properties and login information can be set here.

   engine1:
      type: 'mysql'
      enabled: false
      connection:
        address: '127.0.0.1:3306'
        database: 'anti_vpn'
        username: ''
        password: ''
        options: 'useSSL=false&useUnicode=true&characterEncoding=utf8'

The settings section allows setting the number of connections in the pool and various connection timeout, and lifetime settings.

The max-pool-size is the maximum number of connections the plugin will make to a given storage engine. The "min-idle" is the minimum number of connections the plugin will keep alive after non-use. It's generally good practice to keep these two numbers the same.

The max-lifetime is how long a connection will live for before being re-created, and timeout is how long the plugin will wait before giving up on a new connection. Generally, you won't need to touch these, but if your storage setup is different then you may want to have a second look.

  settings:
    max-pool-size: 4
    min-idle: 4
    max-lifetime: '30minutes'
    timeout: '5seconds'

The order section tells the plugin in what order you'd like the storage engines to be used. In the default config (below), engine1 will be tried first, then engine2. If any of the engines are disabled or cannot function properly, the next in line will be used.

  order:
    - 'engine1'
    - 'engine2'

Messaging

The messaging section allows you to connect to an existing messaging engine so they may be used to push instant updates across a network.

messaging:

The engines section shows various storage engines and their related settings. Each engine's enabled must be set to true in order for that engine to be picked up in the plugin. The connection section will allow you to configure how the plugin connects to the messaging engine. Things like virtual-host or key prefixes, connection properties, and login information can be set here.

    engine1:
      type: 'rabbitmq'
      enabled: false
      connection:
        address: '127.0.0.1:5672'
        v-host: '/'
        username: 'guest'
        password: 'guest'

The settings section allows setting the number of connections in the pool and various connection timeout, and lifetime settings.

The max-pool-size is the maximum number of connections the plugin will make to a given messaging engine. The "min-idle" is the minimum number of connections the plugin will keep alive after non-use. It's generally good practice to keep these two numbers the same.

The max-lifetime is how long a connection will live for before being re-created, and timeout is how long the plugin will wait before giving up on a new connection. Generally, you won't need to touch these, but if your messaging setup is different then you may want to have a second look.

  settings:
    max-pool-size: 4
    min-idle: 4
    max-lifetime: '30minutes'
    timeout: '5seconds'

Sources

Sources are how the plugin determines whether or not an IP is "bad"- sadly, the plugin itself is not magical and does not automatically "know" anything about a player or their IP. Instead, when a player logs in it grabs their IP and sends it off to various sources which then return a result- "good" or "bad"- which the plugin then stores and uses itself.

sources:

The cache-time defines how long to keep IP results for before forcibly fetching new results from sources. As the internet changes frequently, keeping these values for too long may give you bad results. However, not keeping these values for long enough will force the plugin to continually fetch new results and will run you out of source credits (or make the sources very angry with you) very quickly.

  cache-time: '6hours'

The order is used in cascade mode (explained below). The default order represents "best-to-worst" as tested by myself, but you may change it if you wish.

  order:
  - 'proxycheck'
  - 'iptrooper'
  - 'getipintel'
  - 'ipqualityscore'
  - 'iphub'
  - 'iphunter'
  - 'vpnblocker'
  - 'ip2proxy'
  - 'shodan'
  - 'ipinfo'
  - 'teoh'

The sections below outline various sources for your use. Each section will be slightly different due to the way the services work, but the config does a good job at explaining what each option does. Each source will also have an enabled option defining whether or not to actually use the source.

You'll also notice that each source section has a header with some numbers. These numbers represent the overall "accuracy" of each source as tested on the dates provided.

  X:
    enabled: false
    Y: ''
    Z: 1

MCLeaks

Since the plugin now has the ability to block and/or detect MCLeaks accounts, there's a new section for it. It's fairly straightforward in that it's similar to the sources section.

mcleaks:

The cache-time defines how long to keep MCLeaks results for before forcibly fetching new results from the API. As Minecraft can change fairly frequently and accounts are lost and recovered, keeping these values for too long may give you bad results. However, not keeping these values for long enough will force the plugin to continually fetch new results and will run you out of credits very quickly.

  cache-time: '1day'

Action

This section defines whether or not the plugin will take automatic action on players using VPNs/proxies or MCLeaks accounts, and how it will do so.

action:

Both the vpn and mcleaks sections are similar in regards to actions being taken on the player if found using a VPN or MCLeaks account respectively. When kick-message is set the plugin will kick the player with the defined message.

When commands is set the plugin will run the commands specified as the console user. You may use "%player%" in place of the player's real name, and "%uuid%" in place of the player's UUID when creating the command to be run.

If both are set, the commands will always run before the player is kicked.

If you set kick-message to an empty value Anti-VPN won't kick players. Similarly, if you set commands to an empty list the system won't run any command.

  vpn:
    kick-message: '&cPlease disconnect from your proxy or VPN before re-joining!'
    commands:
      - ''

The algorithm determines how the sources for the default action are to be used. The options are cascade or consensus.

  • When using cascade mode, the plugin will run through all the enabled, valid sources defined above one by one and check each as it goes. Once a result is found, it uses that result to determine the validity of an IP (whether or not it's "good" or "bad")

    For example, if you have the default order (iphub, proxycheck, getipintel, etc) it will first check iphub. If iphub returns a "failure" result (service is down, ran out of "credits", etc) it will then check proxycheck. It will continue down this list until a source finally responds with a valid result, telling the plugin whether or not the given IP is "good " or "bad".

  • When using consensus mode the plugin will request a result from every enabled, valid source defined above at the same time. Once every source has returned with a result, it will then check the ratio of "good" results vs "bad" results to determine the validity of an IP (whether or not it's "good" or "bad")

    For example, if you have only iphub and proxycheck enabled, it will send a request to both of the sources. If iphub says the IP is "bad" and proxycheck says "good" the result will be 0.5 or 50%. If both return "bad" the result will be 1.0 or 100%. Similarly, if both return "good" the result will be 0.0 or "0%"

    If a service returns a "failure" result (service is down, ran out of "credits", etc) it will not count towards the final result. For example, if you have only iphub and proxycheck enabled and iphub returns a "failure" then only proxycheck's result will actually be considered.

    algorithm:
      method: 'cascade'

The min-consensus is used with the consensus mode above. If the returned result is greater than or equal to this number, the IP is considered to be "bad" and the default action is taken against the player.

For example, if the min-consensus is set to 0.6 then at least 60% of the sources must agree that the IP is "bad" before taking action on the player.

      min-consensus: 0.6

The ignore list is a list of IPs and/or IP ranges to ignore when deciding to check players. This will skip checking for any player that connects from any IP defined here. Both IPv4 and IPv6 and their respective ranges are allowed.

  ignore:
  - '127.0.0.0/8'
  - '::1/128'

Connection

These connection settings define how connections to the outside world are used. Specifically, this refers to APIs used by the plugin to detect VPNs and MCLeaks players.

connection:

The cache-time defines how long to keep results in-memory. Since it's time-consuming to continually fetch data from storage, caching recent results in the server's memory can be a lot faster. This also prevents certain kinds of denial-of-service attacks that would otherwise prevent your server or storage engine from doing its job properly.

  cache-time: '1minute'

The threads option defines how many simultaneous connections can be used with API queries. The default is a good starting point, but you may want to increase it if you find you have many players logging in at once, or are using consensus mode.

  threads: 4

The timeout here determines how long each thread will try to connect to an API before giving up and erroring out. You want this fairly low so you're not trying to hang on to a connection that just won't work, but high enough that you don't try to disconnect before the service responds. Some services can be a bit slow on bad days.

  timeout: '5seconds'

General

These are some general/misc options that you may or may not want to play with.

Enabling "debug" will tell the plugin to print a LOT more information about its actions to the console. This is very useful when debugging the plugin or trying to figure out why you're getting a particular result from a particular player.

debug: false

The lang value represents the default language of your server. Once restarted (not reloaded), the console output will use the new language you specify. Once reloaded (or restarted), the server's default language will become this. Any players that are using languages not known by the plugin will default to this language.

lang: 'en'

This section defines whether or not the plugin will send usage and error stats to the author. Usage stats are provided to bstats and error reports are sent to GameAnalytics.

stats:
  usage: true
  errors: true

This section defines whether or not the plugin checks for updates, and whether or not players with the avpn.admin permission node are notified of updates on login.

update:
  check: true
  notify: true