ChaosVPN is a system to connect Hackers.
Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.
It should be designed that noone sees other peoples traffic.
It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to acutally do something when a node joins or leaves.
If you want to find a solution for a Network without Single Point of failure, has - due to Voice over IP - low latency and that noone will see other peoples traffic you end up pretty quick with a full mesh based network.
Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.
ChaosVPN connects hacker wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks - maybe down to a small /32.
So there we are. ChaosVPN is working and it seems the usage increases, more nodes join in and more sevices pop up.
For now, an overview picture of the currently connected nodes: http://vpnhub1-intern.hamburg.ccc.de/chaosvpn.png (from inside ChaosVPN; updated once per hour) There is also a ChaosVPN internal wiki available at http://172.31.0.24/ (unfortunately down at the moment)
Howto join ChaosVPN?
You want to join ChaosVPN and experience the awesomeness of it?
- Go to our Generic Howto
- Go to our Debian Howto
- Go to our OpenWRT Howto
- If you own a Fonera 2.0n you may want to try Fonera Howto
We have a mailinglist, and invite all interested persons to join.
IP Ranges and Participants:
Please see IPRanges for more Infos.
irc.hackint.hack (172.31.98.1) or irc.hackint.net - join us in #chaosvpn
During Chaos Communication Camp 2011, participants of the ChaosVPN workshop suggested various applications:
- Mirrors of interesting public FTP/WWW sites
- Bittorrent trackers
- Email (either transparently route email from public domains via ChaosVPN, or have .hack email addresses)
- Censorship detection: service to request a public webpage from proxies at several nodes at once, compare the differences
- GeoIP avoidance?
- Social networking things
- Varnish cache
- LDAP (maybe to allow authenticating hackers against their own hackerspace's LDAP server, like Eduroam)
- Multicast services (limited support in tinc, not automatically forwarded to the LANs)
- TOR entry nodes in ChaosVPN
- NNTP (already available on dn42)
- More games!
- Distributed computing (BOINC, GRID stuff)
tinc does have some problems. Tinc needs some deeper protocol-level fixes, which could be incompatible with the current connections. That (or something else) will be ChaosVPN 3.0.