Difference between revisions of "ChaosVPN"

From CCCHHWiki
Jump to: navigation, search
m
m (Services available on ChaosVPN: -Minetest - service no more exists)
 
(91 intermediate revisions by 20 users not shown)
Line 1: Line 1:
<span style="font-size:2em">and AgoraLink</span>
+
{{Template:ChaosVPNBanner}}
  
 +
= Goals =
  
''' the big picture '''
+
ChaosVPN is a system to connect Hackers.
  
What is this all about?
+
Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.
  
mc.fly will write some stuff about it. In case you have awesome ideas just add them.
+
It should be designed that noone sees other peoples traffic.
  
 +
It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to acutally do something when a node joins or leaves.
  
 +
If you want to find a solution for a Network without Single Point of failure, has - due to Voice over IP - low latency and that noone will see other peoples traffic you end up pretty quick with a full mesh based network.
  
A view on the connected nodes inside the ChaosVPN. Refreshed every minute: http://comyn.ainex.net/chaosvpn.png
+
Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.
  
= ChaosVPN 2.0 =
+
ChaosVPN connects hacker wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks - maybe down to a small /32.
  
== redesign ==
+
So there we are. ChaosVPN is working and it seems the usage increases, more nodes join in and more sevices pop up.
The Rebuild of the ChaosVPN became nessesary at some point, as the vermittlung is blackholed. Furthermore we would like to put live back to the ChaosVPN and use it to interconnect the hackerspaces.
 
  
So we thought its a good time to redesign stuff. We will climb up to tinc 1.0.10.
+
For now, an overview picture of the currently connected nodes:
 +
* http://vpnhub1.hack/chaosvpn.png (only from inside ChaosVPN; updated once per hour)
 +
* http://vpnhub1.hack/chaosvpn.svg
 +
and a simple display of node-uptimes:
 +
* http://vpnhub1.hack/chaosvpn.nodes.html.
  
== software ==  
+
= Howto join ChaosVPN? =
  
An unfinshed Howto for Debian systems is available at [[ChaosVPN::DebianHowto|Debian]] - users of other systems need to adapt it likewise, more documentation will hopefully follow in the future.
+
You want to join ChaosVPN and experience the awesomeness of it?
  
=== tinc ===
+
* Go to our [[ChaosVPN:Howto|Generic Howto]]
we use tinc. There will be a tinc 2.0 version soon. The developer has his ideas about tinc 2.0 at http://tinc-vpn.org/goals/ and first code is at http://tinc-vpn.org/git/fides.
+
* Go to our [[ChaosVPN:DebianHowto|Debian Howto]]
 +
* Go to our [[ChaosVPN:UbuntuHowto|Ubuntu Howto]]
 +
* Go to our [[ChaosVPN:OpenWRTHowto|OpenWRT Howto]]
 +
* Go to our [[ChaosVPN:FreeBSDHowto|FreeBSD Howto]]
 +
* Go to our [[ChaosVPN:NetBSDHowto|NetBSD Howto]]
 +
* Go to our [[ChaosVPN:Netbsd_NAT_VPN_router_using_chaosvpn_and_ipnat|NetBSD NAT VPN router using chaosvpn and ipnet Howto]]
 +
* Go to our [[ChaosVPN:MacOSXHowto‎|Apple Mac OSX Howto]]
 +
* Go to our [[ChaosVPN:RaspbianHowto|Raspbian Howto]]
 +
* If you own a Fonera 2.0n you may want to try [[ChaosVPN:Fonera|Fonera Howto]] (quite outdated)
  
 +
There is a short HowTo [[ChaosVPN:MeshYourNodes|how to better mesh your own nodes]] using ChaosVPN.
  
=== Config builder ===
+
= Mailinglist =
Currently we are porting haegars script from perl to c and strip off curl and openssl, so it fits in a OpenWRT box.
 
  
=== OpenWRT Packages ===
+
We have a mailinglist, and invite all interested persons to join.
Blogic will build a special OpenWRT package, which is called chaosvpn at the moment and a recent tinc 1.0.10 for that.
 
  
See also http://0x1.net/openwrt
+
https://www.hamburg.ccc.de/mailman/listinfo/chaosvpn
Packages may be in flux for awhile, if you have trouble with any of the binaries, email [mailto:cjp@0x1.net cjp].
 
  
=== Debian Packages ===
+
= ChaosVPN 2.0 =
There is a long description how to install on a Debian System: [[ChaosVPN::DebianHowto]]
 
  
Haegar created (backported) tinc 1.0.12 and 1.0.13-git packages for Debian. They are availible at:
+
== IP Ranges and Participants: ==
* Debian Etch: http://debian.sdinet.de/etch/sdinet/tinc/
 
* Debian Lenny / Stable: http://debian.sdinet.de/lenny/sdinet/tinc/
 
* Debian Sid / Unstable: http://debian.sdinet.de/sid/sdinet/tinc/
 
  
Please note that the above packages may need further backported packages, all of them are available in other subdirectories on debian.sdinet.de.
+
Please see [[ChaosVPN:IPRanges | IP Range ]] for more Infos.
  
Pre-Created ChaosVPN program packages, updated every now and then:
+
== Other related software ==
* Debian Etch: http://debian.sdinet.de/etch/sdinet/chaosvpn/
 
* Debian Lenny / Stable: http://debian.sdinet.de/lenny/sdinet/chaosvpn/
 
* Debian Sid / Unstable: http://debian.sdinet.de/sid/sdinet/chaosvpn/
 
  
 +
=== DNS ===
 +
See [[ChaosVPN:DNS | DNS]]
  
=== fonera20n ===
+
=== IRC ===
  
Fonera 2.0n 2.3.5 firmware with chaosvpn 2.0 and tinc 1.0.13, tested. No clobber of configs using upgrade script.
+
irc.hackint.hack (172.31.0.30) or irc.hackint.net - join us in #chaosvpn
  
Grab here: http://www.agoralink.org/20100417_FON2303_2.3.5.0_DEV.tgz
+
=== VoIP ===
  
For the fonera 2.0n http://www.aculei.net/~mjoyce/chaosvpn/
+
Asterisk servers allowing incoming and outgoing calls to POTS in [[ChaosVPN:IPRanges#ccc_hannover|Hannover]] and [[ChaosVPN:IPRanges#ccchh_-_Hamburg|Hamburg]] hackerspaces. <br>
 +
Ask the admins for more information.
  
Included are Packages for ChaosVPN, and TINC
+
=== Requested applications ===
There are source code packages as well.
 
  
Packages go in /openwrt/packages/
+
During Chaos Communication Camp 2011, participants of the ChaosVPN workshop suggested various applications:
Source goes in /openwrt/dl/
 
  
.config is a sample config for fonera2n.  It is not minimalist in any way.  Vyrus has a minimal config I will hunt down.
+
* Mirrors of interesting public FTP/WWW sites
 +
* Bittorrent trackers
 +
* Email (either transparently route email from public domains via ChaosVPN, or have .hack email addresses)
 +
* Censorship detection: service to request a public webpage from proxies at several nodes at once, compare the differences
 +
* GeoIP avoidance?
 +
* Social networking things
 +
* Varnish cache
 +
* LDAP (maybe to allow authenticating hackers against their own hackerspace's LDAP server, like Eduroam)
 +
* Multicast services (limited support in tinc, not automatically forwarded to the LANs)
 +
* TOR entry nodes in ChaosVPN
 +
* NNTP (already available on dn42)
 +
* More games!
 +
* Distributed computing (BOINC, GRID stuff)
  
The chaosvpn version is not reflected in the name of the package... that is just there because I was too lazy to update the chaosvpn package for the current version.
+
== Wanted changes ==
  
=== ArchLinux ===
+
Ideas?
helios maintains an AUR-package: http://aur.archlinux.org/packages.php?ID=33307
 
  
=== sources ===
+
[[ChaosVPN:todo|A collection of short term changes]]
The source code repository is available at: http://github.com/ryd/chaosvpn
 
  
You can download the source with git
+
= Chaosvpn Geekends =
git clone git://github.com/ryd/chaosvpn.git
 
 
 
== IP Ranges and Participants: ==
 
 
 
Please see [[ChaosVPN::IPRanges]] for more Infos.
 
 
 
== other related software ==
 
=== dns ===
 
There is a need for a dns.
 
 
 
== wanted changes ==
 
=== short term ===
 
* clients don't have to authentificate themself - everybody can see the config.
 
* if admins are lazy and don't rebuild the config file properly we will have old routes in the network that don't dissapear (at least until the tinc is reconfigured and restarted) (not a problem anymore with a current .git snapshot, the problem will only affect the non-updating participant with it)
 
 
 
=== long term ===
 
tinc does have some problems. That is the reason why we want to replace that in the forseable future.
 
That will be [http://wiki.hamburg.ccc.de/index.php/ChaosVPN#ChaosVPN_3.0 ChaosVPN 3.0]
 
 
 
* Participants can fake network ranges my intention or mistake. (control informations inside tinc are not proper authentificated) (not true anymore with latest chaosvpn.git where we do not import infos from the tinc-network anymore (TunnelServer=yes))
 
* http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
 
 
 
= ChaosVPN 3.0 =
 
 
 
 
 
= ChaosVPN 1.0 (historic) =
 
 
 
ChaosVPN 1.0 is obsolete, please see above for the next implementation.
 
  
== <strike>TINC SETUP</strike> ==
+
* [[ChaosVPN:geekend0|geekend 0 at Hamburg]]
<strike>At the moment the Hamburg ccc Erfa uses [http://www.tinc-vpn.org TINC] together with some dirty perl-scripts, which are used to read the routes and peers.</strike>
+
* [[ChaosVPN:geekend1|geekend 1 at Hamburg]]
 +
* [[ChaosVPN:geekend10|geekend 10 at Hamburg]]
  
<strike>For this Setup we have howtos for
+
= Services available on ChaosVPN =
[[ChaosVPN::DebianHowto|Debian]] and [[ChaosVPN::GentooHowto|Gentoo]] (in german).</strike>
 
  
=== <strike>Beginninig in 2003</strike> ===
+
Update:
<strike>(haegar:)
 
For me the whole setup with Openvpn was to complicated. It would take some time till its done and the scaling problems were forseable.
 
  
Therefore i took time today to get a working mini-solution with tinc running real quick.
+
If you have services you wish to be accessible to the whole of the Chaosvpn, please add your services to the online list available (within Chaosvpn) at:
  
The bigger issues with ip-submission and database are able to be added later without any big effort.
+
http://list.weird.hack - Service list - 10.100.44.1 (but seems to be death currently)
  
Most importand design goals were:
 
* data traffic between participants must not rely on the ccc infrastructure.
 
* failure of any parts of the infrastructure must not shut down the network completely
 
* no work needed for participants just because a new participant is joining or a old one quitting.
 
  
system requirements
 
* linux only first
 
** tinc is availible for nearly all unix variants and windows, but my perl script is only working on linux so far.
 
* perl with LWP and https support
 
* working dyndns hostname that conains the actual router-ip or static ip
 
</strike>
 
  
=== <strike>Update 2006</strike> ===
+
* [[ChaosVPN:Proxy|Proxy]]
<strike>Today (2006) i would implement things different than i did before, but when this happens is completely up in the stars.
+
* [[ChaosVPN:CTF|OpenArena CTF]]
Until there is a better setup we will use the old setup.
+
* [[VoIP| Vermittlung Chaosphone]]
</strike>
+
* [[ChaosVPN:VoIP|VoIP]]
 +
* [[ChaosVPN:IRC|IRC]]
 +
* [[ChaosVPN:Minecraft|Minecraft]]
 +
* [[ChaosVPN:Bitlbee|Bitlbee]]
 +
* [[ChaosVPN:ZNC|ZNC]]
 +
* [[ChaosVPN:Jabber|Jabber]]
 +
* [[ChaosVPN:FTP|FTP]]
 +
* [[ChaosVPN:BBS|BBS]]
 +
* [[ChaosVPN:Cracking|HashCracking]]
 +
* [[ChaosVPN:Monitoring|Monitoring]]
 +
* [[ChaosVPN:News|Usenet]]
 +
* [[ChaosVPN:NZB|Usenet indexer (newznab)]]
 +
* [http://brmlab.cz/project/chaosvpn#brmlab_warzone Brmlab WarZone challenges]
 +
* [http://brmlab.cz/project/chaosvpn#tor_socks4_proxy Brmlab Tor SOCKS4 proxy]
 +
* [[ChaosVPN:whatsmyip|ifconfig.hack info, a whats my ip page]]
  
= Chaosvpn Geekends =
+
[[Category:ChaosVPN]]
We want to do a chaosvpn geekend. Therefore this wiki page: [[ChaosVPN::geekend0|geekend 0 at Hamburg]]
 

Latest revision as of 19:24, 6 June 2019

Note:
ChaosVPN is a VPN to connect Hackers and Hackerspaces - it does NOT provide anonymous internet access!
For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the "dark web".

Alternative: If you prefer BGP, you can also connect via https://dn42.net/, we are interconnected.

Goals

ChaosVPN is a system to connect Hackers.

Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.

It should be designed that noone sees other peoples traffic.

It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to acutally do something when a node joins or leaves.

If you want to find a solution for a Network without Single Point of failure, has - due to Voice over IP - low latency and that noone will see other peoples traffic you end up pretty quick with a full mesh based network.

Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

ChaosVPN connects hacker wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks - maybe down to a small /32.

So there we are. ChaosVPN is working and it seems the usage increases, more nodes join in and more sevices pop up.

For now, an overview picture of the currently connected nodes:

and a simple display of node-uptimes:

Howto join ChaosVPN?

You want to join ChaosVPN and experience the awesomeness of it?

There is a short HowTo how to better mesh your own nodes using ChaosVPN.

Mailinglist

We have a mailinglist, and invite all interested persons to join.

https://www.hamburg.ccc.de/mailman/listinfo/chaosvpn

ChaosVPN 2.0

IP Ranges and Participants:

Please see IP Range for more Infos.

Other related software

DNS

See DNS

IRC

irc.hackint.hack (172.31.0.30) or irc.hackint.net - join us in #chaosvpn

VoIP

Asterisk servers allowing incoming and outgoing calls to POTS in Hannover and Hamburg hackerspaces.
Ask the admins for more information.

Requested applications

During Chaos Communication Camp 2011, participants of the ChaosVPN workshop suggested various applications:

  • Mirrors of interesting public FTP/WWW sites
  • Bittorrent trackers
  • Email (either transparently route email from public domains via ChaosVPN, or have .hack email addresses)
  • Censorship detection: service to request a public webpage from proxies at several nodes at once, compare the differences
  • GeoIP avoidance?
  • Social networking things
  • Varnish cache
  • LDAP (maybe to allow authenticating hackers against their own hackerspace's LDAP server, like Eduroam)
  • Multicast services (limited support in tinc, not automatically forwarded to the LANs)
  • TOR entry nodes in ChaosVPN
  • NNTP (already available on dn42)
  • More games!
  • Distributed computing (BOINC, GRID stuff)

Wanted changes

Ideas?

A collection of short term changes

Chaosvpn Geekends

Services available on ChaosVPN

Update:

If you have services you wish to be accessible to the whole of the Chaosvpn, please add your services to the online list available (within Chaosvpn) at:

http://list.weird.hack - Service list - 10.100.44.1 (but seems to be death currently)