Difference between revisions of "Template:ChaosVPNMailit"

From CCCHHWiki
Jump to: navigation, search
m (Generate keys)
(Devise a network-nick and a unique IP range you will be using: typo)
Line 8: Line 8:
 
=== Devise a network-nick and a unique IP range you will be using ===
 
=== Devise a network-nick and a unique IP range you will be using ===
  
This network-nick or sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running, not necessarily the name of the user, there may even be more than one gateway per user.
+
This network-nick or sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running, <br>
 +
not necessarily the name of the user, there may even be more than one gateway per user.
  
 
Used below where <nodename> is.
 
Used below where <nodename> is.
  
 
Please use only characters a-z, 0-9 and _ in it.
 
Please use only characters a-z, 0-9 and _ in it.
 +
<br><br>
 +
Second please select an unused IPv4 range out of [[ChaosVPN::IPRanges| IP Range]], and write yourself down in that wiki page to mark your future range as in-use. <br>
 +
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.
  
<p>&nbsp;</p>
+
Repeat: Please do not forget to add yourself to the list at [[ChaosVPN::IPRanges| IP Range]] to mark your range as used.<br>
Second please select an unused IPv4 range out of [[ChaosVPN::IPRanges]], and write yourself down in that wiki page to mark your future range as in-use. Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.
 
  
Repeat: Please do not forget to add yourself to the list at [[ChaosVPN::IPRanges]] to mark your range as used.
+
Used below where <ipv4 subnet in the vpn> is. <br><br>
  
Used below where <ipv4 subnet in the vpn> is.
+
The usage of IPv6 networks is also possible, but we do not have a central range for this (yet), <br>
 
+
you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, <br>
<p>&nbsp;</p>
+
or a private IPv6 ULA (Unique Local Address) network described in [http://www.rfc-editor.org/rfc/rfc4193.txt RFC4193]. <br>
The usage of IPv6 networks is also possible, but we do not have a central range for this (yet), you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, or a private IPv6 ULA (Unique Local Address) network described in [http://www.rfc-editor.org/rfc/rfc4193.txt RFC4193]. For more info about ULA and a network-range generator please also see http://www.sixxs.net/tools/grh/ula/ .
+
For more info about ULA and a network-range generator please also see http://www.sixxs.net/tools/grh/ula/ .<br>
  
 
Used below where <ipv6 subnet in the vpn> is.
 
Used below where <ipv6 subnet in the vpn> is.

Revision as of 23:12, 25 April 2012

Generate keys

generate public/private keypairs with

# tincd --net=chaos --generate-keys=2048

press Enter 2 times and backup the files on an external device.

Devise a network-nick and a unique IP range you will be using

This network-nick or sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running,
not necessarily the name of the user, there may even be more than one gateway per user.

Used below where <nodename> is.

Please use only characters a-z, 0-9 and _ in it.

Second please select an unused IPv4 range out of IP Range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.

Repeat: Please do not forget to add yourself to the list at IP Range to mark your range as used.

Used below where <ipv4 subnet in the vpn> is.

The usage of IPv6 networks is also possible, but we do not have a central range for this (yet),
you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN,
or a private IPv6 ULA (Unique Local Address) network described in RFC4193.
For more info about ULA and a network-range generator please also see http://www.sixxs.net/tools/grh/ula/ .

Used below where <ipv6 subnet in the vpn> is.

Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Better supply a hostname than a raw IP address even if it is static, so you can change it youself and do not need to contact us when needed. (Perhaps something linke chaosvpn.yourdomain.example)

Used below where <clienthost> is.

Mail us your Infos

  • send via email to chaosvpn-join@hamburg.ccc.de

We need the following info - but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn - or at least make us laugh. :)

(Please remove all lines starting with # from the email, they are just descriptions)

[<nodename>]

gatewayhost=<clienthost>
# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>
# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with  IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on [[ChaosVPN::IPRanges]], and add yourself there.

owner=
# (mandatory, must include)
# Admin of the VPN gateway, with email address - a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 needs to accept TCP and UDP traffic from outside.

hidden=0
# (optional)
# "I cannot accept inbound tunnel connections, I can only connect out."
# (e.g. behind a NAT)
silent=0
# (optional)
# "I cannot connect out, but you can connect to me."
# Only ONE of hidden=1 or silent=1 is possible.

-----BEGIN RSA PUBLIC KEY-----
....
-----END RSA PUBLIC KEY-----
# (mandatory, must include)
# rsa-public-key - contents of your /etc/tinc/chaos/rsa_key.pub

Awaiting Response

Retry until $success