Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "ChaosVPN:geekend0"

From CCCHHWiki
Jump to: navigation, search
m (Move to issues.)
(tinc development)
Line 49: Line 49:
 
** Determine what we need in the immediate future, to be implemented in tinc 1.0.13.
 
** Determine what we need in the immediate future, to be implemented in tinc 1.0.13.
 
** Determine milestones working towards the perfect ChaosVPN.
 
** Determine milestones working towards the perfect ChaosVPN.
 +
 +
* Determine minimal environment tinc should run in, eg. a Fonera system.
 +
** Can we use C++, including libstdc++?
 +
** Can we use crypto libraries other than OpenSSL? (For example, gcrypt, GnuTLS, Botan.)
 +
 +
* Can we make more people part of tinc development team?
  
 
= Goals =
 
= Goals =

Revision as of 11:15, 9 April 2010

what?

Lets do a geekend and get things done on the chaosvpn.

where

hamburg. The new Hackerspace of attraktor and ccc hamburg.

when

The idea is 9. - 11. of April. The weekend before is easterhegg in munich and breakpoint at bingen. it seems that most ppl have time on that weekend.

Issues

Need to finalize and get the OpenWRT packages supported for the Fonera2.0n

  • Need to have all the basic routing and security features in the OpenWRT package, but tailored for our networks.
  • Need to have a TINC and ChaosVPN code implementation so that we can have multiple concurrent VPN's that don't interefere
    • The independent VPN's need to be tied to a individual port.
  • Need to have a signing system so we don't have haegar supporting 1000 users in 24 times zones all the time. Need to build a way so we can have a trusted region manager to add on nodes.
    • already possible - the master config already is in a special non-public git repository, trusted managers can get their ssh key added to the access list for it. After pushing a change to the repository the server automatically executes a post-push-hook and recreates the signed and encrypted datafiles for all the clients (and mails me the changes, to have an eye on it) - without the trusted managers needing access to the secret data signing key. --Haegar 00:59, 24 March 2010 (UTC)

dns

Deploy Root DNS servers and sub DNS servers for the Agora/Chaos network

  • In the DNS implementation we need to have a the core hidden server and the trusted DNS servers able to be updated at each of the trusted root hackspaces.

hackint

hackint irc server

connect people

connect the router at some spaces

packages

build debian and openwrt packages

  • debian
    • build Packages
    • get in squeeze?
  • OpenWRT
    • package
    • image with tinc and config for fonera 2.0n

os builds

  • BSD?
  • mac os x

tinc development

We need to discuss what we want tinc to do for ChaosVPN:

  • Define requirements
    • Determine what we need in the immediate future, to be implemented in tinc 1.0.13.
    • Determine milestones working towards the perfect ChaosVPN.
  • Determine minimal environment tinc should run in, eg. a Fonera system.
    • Can we use C++, including libstdc++?
    • Can we use crypto libraries other than OpenSSL? (For example, gcrypt, GnuTLS, Botan.)
  • Can we make more people part of tinc development team?

Goals

Need to have the Agora/Chaos/Warzone networks running smoothly with the basic features. Root DNS - and distributed systems. Have a infrastructure that has more than one trusted manager able to add or remove nodes in different regions. The warzone server has to go live at the end of the weekend after solving the issues with NAT on the openwrt Fonera 2.0n unit, and multiple port support with multiple TINC VPN's.


infrastructure

lodging

attendes

questions? answers!