- 1 Goals
- 2 ChaosVPN 2.0
- 2.1 redesign
- 2.2 software
- 2.3 IP Ranges and Participants:
- 2.4 other related software
- 2.5 wanted changes
- 3 ChaosVPN 3.0
- 4 ChaosVPN 1.0 (historic)
- 5 Chaosvpn Geekends
- 6 Services available on ChaosVPN
ChaosVPN is a system to connect Hackers.
Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.
It should be designed that noone sees other peoples traffic.
It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to acutally do something when a node joins or leaves.
If you want to find a solution for a Network without Single Point of failure, has - due to Voice over IP - low latency and that noone will see other peoples traffic you end up pretty quick with a full mesh based network.
Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.
ChaosVPN connects hacker wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks - maybe down to a small /32.
So there we are. ChaosVPN is working and it seems the usage increases, more nodes join in and more sevices pop up.
For now, an overview picture of the currently connected nodes: http://172.31.2.1/chaosvpn.png (from inside ChaosVPN; updated once per hour) There is also a ChaosVPN internal wiki available at http://172.31.0.24/ (unfortunately down at the moment)
The Rebuild of the ChaosVPN became nessesary at some point, as the vermittlung was blackholed. Furthermore we would like to put live back to the ChaosVPN and use it to interconnect the hackerspaces.
So we thought its a good time to redesign stuff. We will climb up to tinc 1.0.13.
An unfinshed Howto for Debian systems is available at Debian - users of other systems need to adapt it likewise, more documentation will hopefully follow in the future.
Blogic will build a special OpenWRT package, which is called chaosvpn at the moment, a recent tinc 1.0.13 is already available in the openwrt packages repository.
There is a long description how to install on a Debian System: DebianHowto
Haegar created (backported) tinc 1.0.13 packages for Debian. They are availible at:
- Debian Etch: http://debian.sdinet.de/etch/sdinet/tinc/
- Debian Lenny / Stable: http://debian.sdinet.de/lenny/sdinet/tinc/
- Debian Sid / Unstable: http://debian.sdinet.de/sid/sdinet/tinc/
Please note that the above packages may need further backported packages, all of them are available in other subdirectories on debian.sdinet.de.
Pre-Created ChaosVPN program packages, updated every now and then:
- Debian Etch: http://debian.sdinet.de/etch/sdinet/chaosvpn/
- Debian Lenny / Stable: http://debian.sdinet.de/lenny/sdinet/chaosvpn/
- Debian Sid / Unstable: http://debian.sdinet.de/sid/sdinet/chaosvpn/
Full Setup Instructions: Fonera
Fonera 2.0n 2.3.5 firmware with chaosvpn 2.0 and tinc 1.0.13, tested. No clobber of configs using upgrade script.
For the fonera 2.0n http://www.aculei.net/~mjoyce/chaosvpn/
Included are Packages for ChaosVPN, and TINC There are source code packages as well.
Packages go in /openwrt/packages/ Source goes in /openwrt/dl/
.config is a sample config for fonera2n. It is not minimalist in any way. Vyrus has a minimal config I will hunt down.
The chaosvpn version is not reflected in the name of the package... that is just there because I was too lazy to update the chaosvpn package for the current version.
helios maintains an AUR-package: http://aur.archlinux.org/packages.php?ID=33307
The source code repository is available at: http://github.com/ryd/chaosvpn
You can download the source with git
git clone git://github.com/ryd/chaosvpn.git
IP Ranges and Participants:
Please see IPRanges for more Infos.
Asterisk servers allowing incoming and outgoing calls to POTS in Hannover and Hamburg hackerspaces. Ask the admins for more information.
During Chaos Communication Camp 2011, participants of the ChaosVPN workshop suggested various applications:
- Mirrors of interesting public FTP/WWW sites
- Bittorrent trackers
- Email (either transparently route email from public domains via ChaosVPN, or have .hack email addresses)
- Censorship detection: service to request a public webpage from proxies at several nodes at once, compare the differences
- GeoIP avoidance?
- Social networking things
- Varnish cache
- LDAP (maybe to allow authenticating hackers against their own hackerspace's LDAP server, like Eduroam)
- Multicast services (limited support in tinc, not automatically forwarded to the LANs)
- TOR entry nodes in ChaosVPN
- NNTP (already available on dn42)
- More games!
- Distributed computing (BOINC, GRID stuff)
- clients don't have to authentificate themself - everybody can see the config.
- if admins are lazy and don't rebuild the config file properly we will have old routes in the network that don't dissapear (at least until the tinc is reconfigured and restarted) (not a problem anymore with a current .git snapshot, the problem will only affect the non-updating participant with it)
tinc does have some problems. That is the reason why we want to replace that in the forseable future. That will be ChaosVPN 3.0
- Participants can fake network ranges my intention or mistake. (control informations inside tinc are not proper authentificated) (not true anymore with latest chaosvpn.git where we do not import infos from the tinc-network anymore (TunnelServer=yes))
ChaosVPN 1.0 (historic)
ChaosVPN 1.0 is obsolete, please see above for the next implementation.