Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "ChaosVPN"

From CCCHHWiki
Jump to: navigation, search
(fonera)
m (Services available on ChaosVPN: -Minetest - service no more exists)
 
(95 intermediate revisions by 20 users not shown)
Line 1: Line 1:
<span style="font-size:2em">and AgoraLink</span>
+
{{Template:ChaosVPNBanner}}
  
 +
= Goals =
  
''' the big picture '''
+
ChaosVPN is a system to connect Hackers.
  
What is this all about?
+
Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.
  
mc.fly will write some stuff about it. In case you have awesome ideas just add them.
+
It should be designed that noone sees other peoples traffic.
  
 +
It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to acutally do something when a node joins or leaves.
  
 +
If you want to find a solution for a Network without Single Point of failure, has - due to Voice over IP - low latency and that noone will see other peoples traffic you end up pretty quick with a full mesh based network.
  
A view on the connected nodes inside the ChaosVPN. Refreshed every minute: http://eee.ainex.net/chaosvpn.png
+
Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.
  
= ChaosVPN 2.0 =
+
ChaosVPN connects hacker wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks - maybe down to a small /32.
  
== redesign ==
+
So there we are. ChaosVPN is working and it seems the usage increases, more nodes join in and more sevices pop up.
The Rebuild of the ChaosVPN became nessesary at some point, as the vermittlung is blackholed. Furthermore we would like to put live back to the ChaosVPN and use it to interconnect the hackerspaces.
 
  
So we thought its a good time to redesign stuff. We will climb up to tinc 1.0.10.
+
For now, an overview picture of the currently connected nodes:
 +
* http://vpnhub1.hack/chaosvpn.png (only from inside ChaosVPN; updated once per hour)
 +
* http://vpnhub1.hack/chaosvpn.svg
 +
and a simple display of node-uptimes:
 +
* http://vpnhub1.hack/chaosvpn.nodes.html.
  
== software ==  
+
= Howto join ChaosVPN? =
  
An unfinshed Howto for Debian systems is available at [[ChaosVPN::DebianHowto|Debian]] - users of other systems need to adapt it likewise, more documentation will hopefully follow in the future.
+
You want to join ChaosVPN and experience the awesomeness of it?
  
=== tinc ===
+
* Go to our [[ChaosVPN:Howto|Generic Howto]]
we use tinc. There will be a tinc 2.0 version soon. The developer has his ideas about tinc 2.0 at http://tinc-vpn.org/goals/ and first code is at http://tinc-vpn.org/git/fides.
+
* Go to our [[ChaosVPN:DebianHowto|Debian Howto]]
 +
* Go to our [[ChaosVPN:UbuntuHowto|Ubuntu Howto]]
 +
* Go to our [[ChaosVPN:OpenWRTHowto|OpenWRT Howto]]
 +
* Go to our [[ChaosVPN:FreeBSDHowto|FreeBSD Howto]]
 +
* Go to our [[ChaosVPN:NetBSDHowto|NetBSD Howto]]
 +
* Go to our [[ChaosVPN:Netbsd_NAT_VPN_router_using_chaosvpn_and_ipnat|NetBSD NAT VPN router using chaosvpn and ipnet Howto]]
 +
* Go to our [[ChaosVPN:MacOSXHowto‎|Apple Mac OSX Howto]]
 +
* Go to our [[ChaosVPN:RaspbianHowto|Raspbian Howto]]
 +
* If you own a Fonera 2.0n you may want to try [[ChaosVPN:Fonera|Fonera Howto]] (quite outdated)
  
 +
There is a short HowTo [[ChaosVPN:MeshYourNodes|how to better mesh your own nodes]] using ChaosVPN.
  
=== Config builder ===
+
= Mailinglist =
Currently we are porting haegars script from perl to c and strip off curl and openssl, so it fits in a OpenWRT box.
 
  
=== OpenWRT Packages ===
+
We have a mailinglist, and invite all interested persons to join.
Blogic will build a special OpenWRT package, which is called chaosvpn at the moment and a recent tinc 1.0.10 for that.
 
  
See also http://0x1.net/openwrt
+
https://www.hamburg.ccc.de/mailman/listinfo/chaosvpn
Packages may be in flux for awhile, if you have trouble with any of the binaries, email [mailto:cjp@0x1.net cjp].
 
  
=== Debian Packages ===
+
= ChaosVPN 2.0 =
Haegar updated (backported) tinc 1.0.11 packages for debian. They are availible at:
 
* Debian Etch: http://debian.sdinet.de/etch/sdinet/tinc/
 
* Debian Lenny: http://debian.sdinet.de/lenny/sdinet/tinc/
 
  
I will also create Debian packages of the config builder once it is in a usable state.
+
== IP Ranges and Participants: ==
  
=== fonera20n ===
+
Please see [[ChaosVPN:IPRanges | IP Range ]] for more Infos.
  
For the fonera 2.0n [http://www.aculei.net/~mjoyce/chaosvpn/ openfly have collected some information]
+
== Other related software ==
  
=== ArchLinux ===
+
=== DNS ===
helios maintains an AUR-package: http://aur.archlinux.org/packages.php?ID=33307
+
See [[ChaosVPN:DNS | DNS]]
  
=== sources ===
+
=== IRC ===
The source code repository is available at: http://github.com/ryd/chaosvpn
 
  
You can download the source with git
+
irc.hackint.hack (172.31.0.30) or irc.hackint.net - join us in #chaosvpn
git clone git://github.com/ryd/chaosvpn.git
 
  
== IP Ranges and Participants: ==
+
=== VoIP ===
  
Please see [[ChaosVPN::IPRanges]] for more Infos.
+
Asterisk servers allowing incoming and outgoing calls to POTS in [[ChaosVPN:IPRanges#ccc_hannover|Hannover]] and [[ChaosVPN:IPRanges#ccchh_-_Hamburg|Hamburg]] hackerspaces. <br>
 +
Ask the admins for more information.
  
== other related software ==
+
=== Requested applications ===
=== dns ===
 
There is a need for a dns.
 
  
== wanted changes ==
+
During Chaos Communication Camp 2011, participants of the ChaosVPN workshop suggested various applications:
=== short term ===
 
* clients don't have to authentificate themself - everybody can see the config.
 
* if admins are lazy and don't rebuild the config file properly we will have old routes in the network that don't dissapear (at least until the tinc is reconfigured and restarted) (not a problem anymore with a current .git snapshot, the problem will only affect the non-updating participant with it)
 
  
=== long term ===
+
* Mirrors of interesting public FTP/WWW sites
tinc does have some problems. That is the reason why we want to replace that in the forseable future.
+
* Bittorrent trackers
That will be [http://wiki.hamburg.ccc.de/index.php/ChaosVPN#ChaosVPN_3.0 ChaosVPN 3.0]
+
* Email (either transparently route email from public domains via ChaosVPN, or have .hack email addresses)
 +
* Censorship detection: service to request a public webpage from proxies at several nodes at once, compare the differences
 +
* GeoIP avoidance?
 +
* Social networking things
 +
* Varnish cache
 +
* LDAP (maybe to allow authenticating hackers against their own hackerspace's LDAP server, like Eduroam)
 +
* Multicast services (limited support in tinc, not automatically forwarded to the LANs)
 +
* TOR entry nodes in ChaosVPN
 +
* NNTP (already available on dn42)
 +
* More games!
 +
* Distributed computing (BOINC, GRID stuff)
  
* Participants can fake network ranges my intention or mistake. (control informations inside tinc are not proper authentificated) (not true anymore with latest chaosvpn.git where we do not import infos from the tinc-network anymore (TunnelServer=yes))
+
== Wanted changes ==
* http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
 
  
= ChaosVPN 3.0 =
+
Ideas?
  
 +
[[ChaosVPN:todo|A collection of short term changes]]
  
= ChaosVPN 1.0 (historic) =
+
= Chaosvpn Geekends =
  
ChaosVPN 1.0 is obsolete, please see above for the next implementation.
+
* [[ChaosVPN:geekend0|geekend 0 at Hamburg]]
 +
* [[ChaosVPN:geekend1|geekend 1 at Hamburg]]
 +
* [[ChaosVPN:geekend10|geekend 10 at Hamburg]]
  
== <strike>TINC SETUP</strike> ==
+
= Services available on ChaosVPN =
<strike>At the moment the Hamburg ccc Erfa uses [http://www.tinc-vpn.org TINC] together with some dirty perl-scripts, which are used to read the routes and peers.</strike>
 
  
<strike>For this Setup we have howtos for
+
Update:
[[ChaosVPN::DebianHowto|Debian]] and [[ChaosVPN::GentooHowto|Gentoo]] (in german).</strike>
 
  
=== <strike>Beginninig in 2003</strike> ===
+
If you have services you wish to be accessible to the whole of the Chaosvpn, please add your services to the online list available (within Chaosvpn) at:
<strike>(haegar:)
 
For me the whole setup with Openvpn was to complicated. It would take some time till its done and the scaling problems were forseable.
 
  
Therefore i took time today to get a working mini-solution with tinc running real quick.
+
http://list.weird.hack - Service list - 10.100.44.1 (but seems to be death currently)
  
The bigger issues with ip-submission and database are able to be added later without any big effort.
 
  
Most importand design goals were:
 
* data traffic between participants must not rely on the ccc infrastructure.
 
* failure of any parts of the infrastructure must not shut down the network completely
 
* no work needed for participants just because a new participant is joining or a old one quitting.
 
  
system requirements
+
* [[ChaosVPN:Proxy|Proxy]]
* linux only first
+
* [[ChaosVPN:CTF|OpenArena CTF]]
** tinc is availible for nearly all unix variants and windows, but my perl script is only working on linux so far.
+
* [[VoIP| Vermittlung Chaosphone]]
* perl with LWP and https support
+
* [[ChaosVPN:VoIP|VoIP]]
* working dyndns hostname that conains the actual router-ip or static ip
+
* [[ChaosVPN:IRC|IRC]]
</strike>
+
* [[ChaosVPN:Minecraft|Minecraft]]
 +
* [[ChaosVPN:Bitlbee|Bitlbee]]
 +
* [[ChaosVPN:ZNC|ZNC]]
 +
* [[ChaosVPN:Jabber|Jabber]]
 +
* [[ChaosVPN:FTP|FTP]]
 +
* [[ChaosVPN:BBS|BBS]]
 +
* [[ChaosVPN:Cracking|HashCracking]]
 +
* [[ChaosVPN:Monitoring|Monitoring]]
 +
* [[ChaosVPN:News|Usenet]]
 +
* [[ChaosVPN:NZB|Usenet indexer (newznab)]]
 +
* [http://brmlab.cz/project/chaosvpn#brmlab_warzone Brmlab WarZone challenges]
 +
* [http://brmlab.cz/project/chaosvpn#tor_socks4_proxy Brmlab Tor SOCKS4 proxy]
 +
* [[ChaosVPN:whatsmyip|ifconfig.hack info, a whats my ip page]]
  
=== <strike>Update 2006</strike> ===
+
[[Category:ChaosVPN]]
<strike>Today (2006) i would implement things different than i did before, but when this happens is completely up in the stars.
 
Until there is a better setup we will use the old setup.
 
</strike>
 
 
 
= Chaosvpn Geekends =
 
We want to do a chaosvpn geekend. Therefore this wiki page: [[ChaosVPN::geekend0|geekend 0 at Hamburg]]
 

Latest revision as of 19:24, 6 June 2019

Note:
ChaosVPN is a VPN to connect Hackers and Hackerspaces - it does NOT provide anonymous internet access!
For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the "dark web".

Alternative: If you prefer BGP, you can also connect via https://dn42.net/, we are interconnected.

Goals

ChaosVPN is a system to connect Hackers.

Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.

It should be designed that noone sees other peoples traffic.

It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to acutally do something when a node joins or leaves.

If you want to find a solution for a Network without Single Point of failure, has - due to Voice over IP - low latency and that noone will see other peoples traffic you end up pretty quick with a full mesh based network.

Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

ChaosVPN connects hacker wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks - maybe down to a small /32.

So there we are. ChaosVPN is working and it seems the usage increases, more nodes join in and more sevices pop up.

For now, an overview picture of the currently connected nodes:

and a simple display of node-uptimes:

Howto join ChaosVPN?

You want to join ChaosVPN and experience the awesomeness of it?

There is a short HowTo how to better mesh your own nodes using ChaosVPN.

Mailinglist

We have a mailinglist, and invite all interested persons to join.

https://www.hamburg.ccc.de/mailman/listinfo/chaosvpn

ChaosVPN 2.0

IP Ranges and Participants:

Please see IP Range for more Infos.

Other related software

DNS

See DNS

IRC

irc.hackint.hack (172.31.0.30) or irc.hackint.net - join us in #chaosvpn

VoIP

Asterisk servers allowing incoming and outgoing calls to POTS in Hannover and Hamburg hackerspaces.
Ask the admins for more information.

Requested applications

During Chaos Communication Camp 2011, participants of the ChaosVPN workshop suggested various applications:

  • Mirrors of interesting public FTP/WWW sites
  • Bittorrent trackers
  • Email (either transparently route email from public domains via ChaosVPN, or have .hack email addresses)
  • Censorship detection: service to request a public webpage from proxies at several nodes at once, compare the differences
  • GeoIP avoidance?
  • Social networking things
  • Varnish cache
  • LDAP (maybe to allow authenticating hackers against their own hackerspace's LDAP server, like Eduroam)
  • Multicast services (limited support in tinc, not automatically forwarded to the LANs)
  • TOR entry nodes in ChaosVPN
  • NNTP (already available on dn42)
  • More games!
  • Distributed computing (BOINC, GRID stuff)

Wanted changes

Ideas?

A collection of short term changes

Chaosvpn Geekends

Services available on ChaosVPN

Update:

If you have services you wish to be accessible to the whole of the Chaosvpn, please add your services to the online list available (within Chaosvpn) at:

http://list.weird.hack - Service list - 10.100.44.1 (but seems to be death currently)