This is Howto for setting up an independent Box providing ChaosVPN

0. Fulfil Requirements

• Buy Hardware [WNDR3800] or some equivalent
• You must have read the basic Howto precisely
• generate your keys, choose nodename and subnet and send pubkey to ChaosVPN team

1. Preparations

In five steps. Really.

1. Get Started

• Unpack your Router and power on
• Connect wired or wireless (use information provided with your router)
• Go directly to your routers Webinterface (192.168.1.1 or 192.168.178.1) and search for sth like System -> Firmware Upgrade
• (There is no need to change any of the configuration)

2. Install OpenWRT

• Download [OpenWRT for WNDR3800] and upload the Image in your Webinterface
• Press Start
• DO NOT REBOOT, POWEROFF OR ELSE
• Wait until done (Power LED should not flash)

3. Start and Setup OpenWRT

• Restart the network connection between PC <-> Router

• telnet 192.168.1.1

• passwd #set a root password 

• REMEMBER IT
• Connect the yellow (WAN) port on your router to current infrastructure

• Go to Webinterface at 192.168.1.1
• Go to Network -> Interfaces and activate WAN Connection with DHCP or your custom internet configuration
• Navigate to System -> Software and press Update Lists
• Press Available Software tab and select C
• Search for ChaosVPN and press install

(I did also install screen at this point)

4. Prepare for launch

• ssh root@192.168.1.1 # telnet won't work anymore

• edit the top part of

• /etc/tinc/chaosvpn.conf

$my_peerid = <nodename>
$my_vpn_ip = 172.31.<your Subnet>.[1-255]

• Copy over your keys to OpenWRT Box

 
# scp /etc/tinc/chaos/rsa_key.p* root@192.168.1.1:/etc/tinc/chaos
# rm /etc/tinc/chaos/rsa_key.p*

5. Lift off

• start chaosvpn

• /etc/init.de/chaosvpn start

...be prepared for 150 new route entries

2. Configure a Moonlander

While building a ChaosVPN-only access node, use either Webclient or [| Console Backup] continously

1. Add Interface for ChaosVPN

• Go to Network -> Interfaces
• Klick Add new interface.. Button at the bottom of the page
• Type ChaosVPN into name field
• Select Unmanaged
• Select Ethernet Adapter: "chaos_vpn"
• Save

2. Add Zone for ChaosVPN

• Go to Network -> Firewall
• In the Zones Tab, klick Add
• Type ChaosVPN into name field
• At Covered Networks select ChaosVPN

3. Make WLAN an ChaosVPN only AP

Caution! Pozor!

1. The following is varies with your persional use case - please post your configuration with an short description if you like
2. The default WAN will be still reachable via wired network.
3. The wireless network will have no access to WAN - ChaosVPN only.
4. At any state you can use the IP 192.168.1.1 to reach your router.
5. Pressing save will only cache the setting - press apply to make sure settings are set

• Go to Network -> Interfaces
• Klick Add new interface
• Type wlan into name field
• Select Static address
• Check Create a bridge if you like to bridge 2.4GhZ and 5GhZ
• Select (both) wlan devices

• In Edit mask

•  IPv4 Address: 172.31.<your subnet>.[1-255] //this must not be the ip of chaosvpn device!

• Netmask: 255.255.255.0

• Add a DHCP Server to server some addresses in range 100-150
• Advanced Settings to propagate internal nameservers

• DHCP Options: 6,172.31.116.1,195.24.78.86,172.22.228.6

• Go to Network -> Firewall
• In the Zones Tab, klick Add
• Type wlan into name field
• At Covered Networks select wlan device
• Check Allow forward to destination zones: ChaosVPN

4. Save & Apply & ReConnect & ReBoot | ReTry

... to be continued