Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
Difference between revisions of "ChaosVPN"
(→Chaosvpn Geekends) |
(This wiki has a history, right?) |
||
Line 101: | Line 101: | ||
ChaosVPN 1.0 is obsolete, please see above for the next implementation. | ChaosVPN 1.0 is obsolete, please see above for the next implementation. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
= Chaosvpn Geekends = | = Chaosvpn Geekends = |
Revision as of 15:27, 29 January 2011
and AgoraLink
the big picture
What is this all about?
mc.fly will some day write some stuff about it. In case you have awesome ideas just add them.
Contents
ChaosVPN 2.0
redesign
The Rebuild of the ChaosVPN became nessesary at some point, as the vermittlung was blackholed. Furthermore we would like to put live back to the ChaosVPN and use it to interconnect the hackerspaces.
So we thought its a good time to redesign stuff. We will climb up to tinc 1.0.13.
software
An unfinshed Howto for Debian systems is available at Debian - users of other systems need to adapt it likewise, more documentation will hopefully follow in the future.
tinc
we use tinc. There will be a tinc 2.0 version soon. The developer has his ideas about tinc 2.0 at http://tinc-vpn.org/goals/ and first code is at http://tinc-vpn.org/git/fides.
OpenWRT Packages
Blogic will build a special OpenWRT package, which is called chaosvpn at the moment, a recent tinc 1.0.13 is already available in the openwrt packages repository.
See also http://0x1.net/openwrt Packages may be in flux for awhile, if you have trouble with any of the binaries, email cjp.
Debian Packages
There is a long description how to install on a Debian System: DebianHowto
Haegar created (backported) tinc 1.0.13 packages for Debian. They are availible at:
- Debian Etch: http://debian.sdinet.de/etch/sdinet/tinc/
- Debian Lenny / Stable: http://debian.sdinet.de/lenny/sdinet/tinc/
- Debian Sid / Unstable: http://debian.sdinet.de/sid/sdinet/tinc/
Please note that the above packages may need further backported packages, all of them are available in other subdirectories on debian.sdinet.de.
Pre-Created ChaosVPN program packages, updated every now and then:
- Debian Etch: http://debian.sdinet.de/etch/sdinet/chaosvpn/
- Debian Lenny / Stable: http://debian.sdinet.de/lenny/sdinet/chaosvpn/
- Debian Sid / Unstable: http://debian.sdinet.de/sid/sdinet/chaosvpn/
fonera20n
Full Setup Instructions: Fonera
Fonera 2.0n 2.3.5 firmware with chaosvpn 2.0 and tinc 1.0.13, tested. No clobber of configs using upgrade script.
Grab here: http://www.agoralink.org/20100417_FON2303_2.3.5.0_DEV.tgz
For the fonera 2.0n http://www.aculei.net/~mjoyce/chaosvpn/
Included are Packages for ChaosVPN, and TINC There are source code packages as well.
Packages go in /openwrt/packages/ Source goes in /openwrt/dl/
.config is a sample config for fonera2n. It is not minimalist in any way. Vyrus has a minimal config I will hunt down.
The chaosvpn version is not reflected in the name of the package... that is just there because I was too lazy to update the chaosvpn package for the current version.
ArchLinux
helios maintains an AUR-package: http://aur.archlinux.org/packages.php?ID=33307
sources
The source code repository is available at: http://github.com/ryd/chaosvpn
You can download the source with git
git clone git://github.com/ryd/chaosvpn.git
IP Ranges and Participants:
Please see IPRanges for more Infos.
dns
See ChaosVPN:DNS
wanted changes
short term
- clients don't have to authentificate themself - everybody can see the config.
- if admins are lazy and don't rebuild the config file properly we will have old routes in the network that don't dissapear (at least until the tinc is reconfigured and restarted) (not a problem anymore with a current .git snapshot, the problem will only affect the non-updating participant with it)
long term
tinc does have some problems. That is the reason why we want to replace that in the forseable future. That will be ChaosVPN 3.0
- Participants can fake network ranges my intention or mistake. (control informations inside tinc are not proper authentificated) (not true anymore with latest chaosvpn.git where we do not import infos from the tinc-network anymore (TunnelServer=yes))
- http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
ChaosVPN 3.0
ChaosVPN 1.0 (historic)
ChaosVPN 1.0 is obsolete, please see above for the next implementation.