Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

ChaosVPN:DebianHowto: Unterschied zwischen den Versionen

Aus CCCHHWiki
Wechseln zu: Navigation, Suche
K (The easiest way: Using our ChaosVPN Debian-Repository)
 
(75 dazwischenliegende Versionen von 8 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
 
[[ChaosVPN|Back]]
 
[[ChaosVPN|Back]]
  
<div style="border:3px solid black; text-align:center; color:red;"><b>THIS DOCUMENTATION NEEDS TO BE UPDATED FOR CHAOSVPN 2.0!</b></div>
+
{{Template:ChaosVPNBanner}}
  
= QUICK HOWTO FUER DEBIAN USER =
+
= QUICK HOWTO FOR DEBIAN USER =
  
== 0. noetige perl module und helper-programme installieren ==
+
== Install Software ==
  
# apt-get install libwww-perl
+
== Install necessary helper programs ==
# apt-get install libcrypt-ssleay-perl
 
  
geht natuerlich auch von hand oder per CPAN, aber die beiden
+
needed to use the chaosvpn client:
obigen module brauchen noch selbst weiter diverse andere
 
  
  # apt-get install iproute
+
  # apt-get install tinc iproute2
  
== 1. tinc instalieren ==
+
needed to compile the chaosvpn-client if not using a precreated debian package for it:
  
  # apt-get install tinc
+
  # apt-get install build-essential git bison flex libssl-dev zlib1g-dev debhelper devscripts
  
entweder das Packet aus Debian Unstable, oder meinen Sarge Backport von [http://debian.sdinet.de/sarge/sdinet/tinc/ http://debian.sdinet.de/sarge/sdinet/tinc/]
+
(see below for downloadable pre-created packages)
  
es sollte mindestens Version 1.0.4 sein, zum Erreichen einiger der verwendeten Subnetze ist wegen eines Tinc-Fehlers mindestens SVN Rev 1450 nötig, oder 1.0.5 wenn es denn mal released ist.
+
=== Install tinc ===
  
oder halt von [http://tinc.nl.linux.org/ http://tinc.nl.linux.org/] downloaden und
+
# apt-get install tinc
selber compilieren - dort solltet ihr beim ./configure
 
nur mindestens den parameter --sysconfdir=/etc mit angeben,
 
und im script (unten) muss der pfad zum binary gecheckt
 
werden
 
  
wenn bei der tinc-installation folgende Fehlermeldung kommt:
+
You need either the package from Debian squeeze/unstable, or a backport like from [http://debian.sdinet.de/squeeze/sdinet/tinc/ http://debian.sdinet.de/squeeze/sdinet/tinc/] or http://backports.debian.org/
  
> ./MAKEDEV: don't know how to make device "tun"
+
Preferred for better security is tinc 1.1+, but may work with 1.0.10 or later.
  
dann das Device von Hand anlegen
+
Or visit [http://tinc-vpn.org/ http://tinc-vpn.org/], download and build yourself -
 
+
at a minimum ./configure, specify the parameter --sysconfdir=/etc, and check the binary in the script
# mkdir -p /dev/net
+
# mknod /dev/net/tun c 10 200
+
== Install our ChaosVPN program ==
# chown root:root /dev/net/tun
 
# chmod 600 /dev/net/tun
 
 
 
 
 
== 2. config verzeichnis anlegen ==
 
 
 
# mkdir -p /etc/tinc/chaos
 
 
 
== 3. keys erzeugen ==
 
 
 
# tincd -n chaos --generate-keys=2048
 
 
 
und ein paar mal return druecken
 
 
 
== 4. netz-nick ausdenken ==
 
 
 
dies ist der name des netz-teils/gateways, nicht unbedingt
 
der name des users - es kann ja mehr gateways pro user geben
 
 
 
immer dort einsetzen wo im foldenden text <nodename> steht
 
 
 
== 5. gateway-rechner mit dyndns-hostname versehen ==
 
 
 
oder halt bei statischer ip den festen hostname/die feste ip
 
verwenden
 
 
 
immer dort einsetzen wo im foldenden text <clienthost> steht
 
 
 
== 6. infos an haegar@ccc.de mailen ==
 
 
 
ich brauche folgende infos:
 
 
 
nodename=<nodename>
 
gatewayhost=<clienthost>
 
network=<ipv4 subnetzrange im vpn>
 
network6=<ipv6 subnetzrange im vpn>
 
  kann auch mehr als eins sein, ipv4 und/oder ipv6
 
 
 
  dieses subnetz muss in unserem vpn eindeutig sein,
 
  schlagt einfach euer wunsch-netz/das bisher zuhause
 
  verwendete netz vor, und mit glueck ists noch frei
 
  
  *.23.*, *.42.*, *.0.* und *.1.* sind schlechte
+
=== The easiest way: Using our ChaosVPN Debian-Repository ===
  kanditaten ;)
 
  
  bisher gibts noch keine abfragbare liste der schon
+
Add the following lines to your /etc/apt/sources.list:
  zugeordneten subnetze
 
  
owner=
+
  deb http://debian.sdinet.de/ stable chaosvpn
   admin des vpn-teils, mit email-adresse
+
   deb-src http://debian.sdinet.de/ stable chaosvpn
  
key
+
Instead of "stable" you should directly choose your distribution with "stretch", "jessie" or "wheezy" and so on. (Because there is no guarantee that stable/unstable points to the current stable/unstable release.)
  rsa-public-key - inhalt von /etc/tinc/chaos/rsa_key.pub
 
  
optional sind noch folgende angaben moeglich:
+
Make the Repository-Key known:
  
use-tcp-only=1
+
  apt-get update
   "ich kann kein udp machen, beschraenken wir uns auf das
+
   apt-get install debian-sdinet-keyring
  fuer tunnel suboptimale tcp"
 
  
hidden=1
+
Answer "y" to the one warning about unauthenticated content.
  "zu mir koennen keine verbindungen aufgemacht werden, ich
 
  kann nur rausconnecten"
 
  (z.b. hinter nat)
 
  
silent=1
+
Run apt-get update a second time to associate the packages with the new key:
  "ich kann nicht rausconnecten, aber ihr koennt zu mir
 
  connections aufbauen"
 
  
== 7. auf reaktion warten ==
+
  apt-get update
  
== 8. goto 6 unless $success ==
+
Finally install the ChaosVPN software:
 
== 9. chaos-client downloaden: ==
 
  
# cd /usr/local/bin
+
  apt-get install chaosvpn
# wget -nd [https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl]
 
  
mit neueren wget Versionen ist evtl auch folgendes noetig:
+
Install Done, proceed to next step some pages below.
  
# cd /usr/local/bin
+
PS: The repositories may also be usable for Ubuntu, but that has not been tested at all.
# wget -nd --no-check-certificate [https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl]
 
  
Datei executable machen und Permissions setzen:
+
PPS: The repositories are available for i386 (Intel+AMD x86 32bit) and amd64 (Intel+AMD x86 64bit) - users of other architectures will have to compile the chaosvpn client on their own.
  
# chmod 700 /usr/local/bin/chaosvpn-client.pl
+
=== The alternate easy way: Use a pre-compiled Debian package. ===
# chown root.root /usr/local/bin/chaosvpn-client.pl
 
  
== 10. config-template downloaden: ==
+
Download the pre-compiled Debian package from
  
  # cd /etc/tinc
+
  For Debian Unstable / Sid:      http://debian.sdinet.de/sid/sdinet/chaosvpn/
# wget -nd [https://www.vpn.hamburg.ccc.de/chaosvpn.conf https://www.vpn.hamburg.ccc.de/chaosvpn.conf]
+
For Debian Stable / Wheezy:    http://debian.sdinet.de/stable/sdinet/chaosvpn/
  
mit neueren wget Versionen ist evtl auch folgendes noetig:
+
Fetch the newest *.deb file for your architecture from the correct directory above.
 +
The files ending in _i386.deb are for 32bit installs, the files ending in _amd64.deb are for 64bit installs (both intel and amd).
  
# cd /etc/tinc
+
If there are no pre-existing files for your Debian Release and/or Architecture you need to skip to the alternative of self compiling below.
# wget -nd --no-check-certificate [https://www.vpn.hamburg.ccc.de/chaosvpn.conf https://www.vpn.hamburg.ccc.de/chaosvpn.conf]
 
  
== 11. configfile anpassen ==
+
# wget http://debian.sdinet.de/lenny/sdinet/chaosvpn/chaosvpn_2.0~rc9-0.0~deb50_i386.deb
 +
(Replace link with correct file, the above is outdated and the correct changes from time to time as new packages get released)
  
im oberen teil befinden sich die configurations-variablen
+
Make sure the dependencies are already installed (most likely they are, the required library version numbers are most likely different):
  
== 12. script in /etc/ppp/ip-up o.ae. integrieren, oder von zeit-zu-zeit per cron restarten ==
+
# apt-get install tinc libssl0.9.8 zlib1g perl-base
  
und mit glueck funktioniert das dann sogar schon ;)
+
Install the newly downloaded package:
  
 +
# dpkg -i chaosvpn_2*.deb
  
todo:
+
The software should now be installed, continue with step 10 below.
massig ;)
 
vor allem testen, anpassen und anleitung schreiben mit anderen
 
linux-varianten, und vielleicht sogar mit *bsd
 
  
= QUICK HOWTO FOR DEBIAN USER (English) =
+
=== Alternative: compile yourself from our git repository ===
  
== 0. Install necessary perl modules and helper programs ==
+
Always needed to compile:
  
  # apt-get install libwww-perl
+
  # git clone git://github.com/ryd/chaosvpn.git
  # apt-get install libcrypt-ssleay-perl
+
  # cd chaosvpn
  
Alternatively these may be installed via CPAN, but of course these each have many prerequisite modules.
+
==== way 1: create a git snapshot debian package ====
  
  # apt-get install iproute
+
  # make deb
 +
  perhaps it throws an error about missing build dependencies, install these and retry.
 +
# sudo dpkg -i ../chaosvpn_2.0*.deb
 +
  install the generated package file, replace filename above with real name.
 +
  it is also possible to copy the generated .deb package to a different machine of the same
 +
  architecture and install it there - no need to have a full compile environment
 +
  on your router/firewall.
 +
 
 +
==== way 2: create debian package and install this ====
  
== 1. Install tinc ==
+
# debuild
 +
  Answer the "This package has a Debian revision number but there does not seem to be
 +
  an appropriate original tar file or .orig directory in the parent directory" with "y"
 +
# sudo dpkg -i ../chaosvpn_2.0*.deb
 +
  install the generated package file, replace filename above with real name.
  
# apt-get install tinc
+
==== way 3: just compile and install the raw binary ====
  
Either the package from Debian unstable, or my sarge backport of [http://debian.sdinet.de/sarge/sdinet/tinc/ http://debian.sdinet.de/sarge/sdinet/tinc/]
+
# make
 +
# sudo make install
  
This should be at least version 1.0.4, but to reach some subnets (due to an error) tincd SVN r1450 or 1.0.5 (when released)
+
== Create config directory ==
 
 
Or visit [http://tinc.nl.linux.org/ http://tinc.nl.linux.org/], download and build yourself -
 
at a minimum ./configure, specify the parameter --sysconfdir=/etc, and check the binary in the script
 
 
If the tinc installation gives the following error:
 
 
 
> ./MAKEDEV: don't know how to make device "tun"
 
 
 
Then create the device by hand:
 
 
 
# mkdir -p /dev/net
 
# mknod /dev/net/tun c 10 200
 
# chown root:root /dev/net/tun
 
# chmod 600 /dev/net/tun
 
 
 
== 2. Create config directory ==
 
  
 
  # mkdir -p /etc/tinc/chaos
 
  # mkdir -p /etc/tinc/chaos
  
== 3. Generate keys ==
+
== Get your new node added to the central configuration ==
  
# tincd -n chaos --generate-keys=2048
+
{{Template:ChaosVPNMailit}}
 +
 +
== Customize configfile ==
  
and press return a few times...
+
<b>FIXME</b> to be expanded
  
== 4. Devise a network-nick ==
+
/etc/tinc/chaosvpn.conf
  
This is the name of the network endpoints/gatewways, not necessarily the users,
+
In the top part are the variables.
it may even be more gateways per user.
 
 
 
Used below where <nodename> is.
 
 
 
== 5. Hostname ==
 
 
 
The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.
 
 
 
Used below where <clienthost> is.
 
  
== 6. Mail haegar@ccc.de the info ==
+
change
  
I need the following info:
+
$my_peerid to the network nick from step 4
 +
$my_vpn_ip to an ip address in your network range, like 172.31.x.1
  
nodename=<nodename>
+
== Enable Starting of ChaosVPN ==
gatewayhost=<clienthost>
 
network=<ipv4 subnet in the vpn>
 
network6=<ipv6 subnet in the vpn>
 
  this may be more than one, IPv4 or IPv6
 
  
  These subnets must be unique in our vpn,
+
If you installed ChaosVPN through our Debian packages it is not started by default.
  simply renumber your home network with a network block that is still free.
 
  
  *.23.*, *.42.*, *.0.* and *.1.* are bad candidates ;)
+
To enable this edit the file /etc/default/chaosvpn and change the RUN= line to RUN="yes"
  
  Currently, there is no searchable list of assigned subnets.
+
After all changes (re-)start the chaosvpn client:
  
  owner=
+
  # /etc/init.d/chaosvpn start
  Admin of the VPN gateway, with email address.
 
  
key
+
If you made everything correct there should now be a tinc daemon running, and the output of 'route -n' should show lots of routes pointing to the new 'chaos_vpn' network interface.
  rsa-public-key - contents of /etc/tinc/chaos/rsa_key.pub
 
  
optional the following details:
+
== script automatic starting at boottime ==
  
use-tcp-only=1
+
if you built/installed a debian package and installed it the init.d part is already setup, if you installed it manually with "make install" you have to do it yourself. As a template for your own script you can use from inside your git checkout
  "I don't do udp, we only use suboptimal tcp"
 
  
  hidden=1
+
  # cp debian/init.d /etc/init.d/chaosvpn
  "I cannot accept inbound tunnel connections, I can only connect out."
+
# cp debian/default /etc/default/chaosvpn
  (e.g. behind a NAT)
+
# update-rc.d chaosvpn defaults
  
silent=1
 
  "I cannot connect out, but you can connect to me."
 
 
== 7. Awaiting Response ==
 
 
== 8. goto 6 unless $success ==
 
 
== 9. chaos-client download: ==
 
 
# cd /usr/local/bin
 
# wget -nd [https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl]
 
 
Newer wget versions may require:
 
 
# cd /usr/local/bin
 
# wget -nd --no-check-certificate [https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl https://www.vpn.hamburg.ccc.de/chaosvpn-client.pl]
 
 
Make executable, set ownership:
 
 
# chmod 700 /usr/local/bin/chaosvpn-client.pl
 
# chown root.root /usr/local/bin/chaosvpn-client.pl
 
 
== 10. config-template download: ==
 
 
# cd /etc/tinc
 
# wget -nd [https://www.vpn.hamburg.ccc.de/chaosvpn.conf https://www.vpn.hamburg.ccc.de/chaosvpn.conf]
 
 
Newer wget versions may require:
 
 
# cd /etc/tinc
 
# wget -nd --no-check-certificate [https://www.vpn.hamburg.ccc.de/chaosvpn.conf https://www.vpn.hamburg.ccc.de/chaosvpn.conf]
 
 
== 11. Customize configfile ==
 
 
In the top part are the variables.
 
 
== 12. script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron ==
 
  
 
and with luck, it will function beautifully! ;)
 
and with luck, it will function beautifully! ;)
Zeile 281: Zeile 165:
 
tons ;)
 
tons ;)
 
test in particular, and adjust docs for other linux distros, and perhaps even with *bsd
 
test in particular, and adjust docs for other linux distros, and perhaps even with *bsd
 +
 +
[[Category:ChaosVPN]]

Aktuelle Version vom 23. Januar 2018, 21:42 Uhr

Back

Note:
ChaosVPN is a VPN to connect Hackers and Hackerspaces - it does NOT provide anonymous internet access!
For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the "dark web".

Alternative: If you prefer BGP, you can also connect via https://dn42.net/, we are interconnected.

QUICK HOWTO FOR DEBIAN USER

Install Software

Install necessary helper programs

needed to use the chaosvpn client:

# apt-get install tinc iproute2

needed to compile the chaosvpn-client if not using a precreated debian package for it:

# apt-get install build-essential git bison flex libssl-dev zlib1g-dev debhelper devscripts

(see below for downloadable pre-created packages)

Install tinc

# apt-get install tinc

You need either the package from Debian squeeze/unstable, or a backport like from http://debian.sdinet.de/squeeze/sdinet/tinc/ or http://backports.debian.org/

Preferred for better security is tinc 1.1+, but may work with 1.0.10 or later.

Or visit http://tinc-vpn.org/, download and build yourself - at a minimum ./configure, specify the parameter --sysconfdir=/etc, and check the binary in the script

Install our ChaosVPN program

The easiest way: Using our ChaosVPN Debian-Repository

Add the following lines to your /etc/apt/sources.list:

 deb http://debian.sdinet.de/ stable chaosvpn
 deb-src http://debian.sdinet.de/ stable chaosvpn

Instead of "stable" you should directly choose your distribution with "stretch", "jessie" or "wheezy" and so on. (Because there is no guarantee that stable/unstable points to the current stable/unstable release.)

Make the Repository-Key known:

 apt-get update
 apt-get install debian-sdinet-keyring

Answer "y" to the one warning about unauthenticated content.

Run apt-get update a second time to associate the packages with the new key:

 apt-get update

Finally install the ChaosVPN software:

 apt-get install chaosvpn

Install Done, proceed to next step some pages below.

PS: The repositories may also be usable for Ubuntu, but that has not been tested at all.

PPS: The repositories are available for i386 (Intel+AMD x86 32bit) and amd64 (Intel+AMD x86 64bit) - users of other architectures will have to compile the chaosvpn client on their own.

The alternate easy way: Use a pre-compiled Debian package.

Download the pre-compiled Debian package from

For Debian Unstable / Sid:      http://debian.sdinet.de/sid/sdinet/chaosvpn/
For Debian Stable / Wheezy:     http://debian.sdinet.de/stable/sdinet/chaosvpn/

Fetch the newest *.deb file for your architecture from the correct directory above. The files ending in _i386.deb are for 32bit installs, the files ending in _amd64.deb are for 64bit installs (both intel and amd).

If there are no pre-existing files for your Debian Release and/or Architecture you need to skip to the alternative of self compiling below.

# wget http://debian.sdinet.de/lenny/sdinet/chaosvpn/chaosvpn_2.0~rc9-0.0~deb50_i386.deb
(Replace link with correct file, the above is outdated and the correct changes from time to time as new packages get released)

Make sure the dependencies are already installed (most likely they are, the required library version numbers are most likely different):

# apt-get install tinc libssl0.9.8 zlib1g perl-base

Install the newly downloaded package:

# dpkg -i chaosvpn_2*.deb

The software should now be installed, continue with step 10 below.

Alternative: compile yourself from our git repository

Always needed to compile:

# git clone git://github.com/ryd/chaosvpn.git
# cd chaosvpn

way 1: create a git snapshot debian package

# make deb
 perhaps it throws an error about missing build dependencies, install these and retry.
# sudo dpkg -i ../chaosvpn_2.0*.deb
 install the generated package file, replace filename above with real name.
 it is also possible to copy the generated .deb package to a different machine of the same
 architecture and install it there - no need to have a full compile environment
 on your router/firewall.
 

way 2: create debian package and install this

# debuild
 Answer the "This package has a Debian revision number but there does not seem to be
 an appropriate original tar file or .orig directory in the parent directory" with "y"
# sudo dpkg -i ../chaosvpn_2.0*.deb
 install the generated package file, replace filename above with real name.

way 3: just compile and install the raw binary

# make
# sudo make install

Create config directory

# mkdir -p /etc/tinc/chaos

Get your new node added to the central configuration

Devise a network-nick and a unique IP range you will be using

This network-nick or sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running,
not necessarily the name of the user, there may even be more than one gateway per user.

Used below where <nodename> is.

Please use only characters a-z, 0-9 and _ in it. Note that only lowercase letters are supported.

Second please select an unused IPv4 range out of IP Range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.

Repeat: Please do not forget to add yourself to the list at IP Range to mark your range as used.

Used below where <ipv4 subnet in the vpn> is.

The usage of IPv6 networks is also possible, but we do not have a central range for this (yet),
you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN,
or a private IPv6 ULA (Unique Local Address) network described in RFC4193.
For more info about ULA and a network-range generator please also see http://www.sixxs.net/tools/grh/ula/ .

Used below where <ipv6 subnet in the vpn> is.

Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Better supply a hostname than a raw IP address even if it is static, so you can change it youself and do not need to contact us when needed. (Perhaps something like chaosvpn.yourdomain.example)

Used below where <clienthost> is.

Generate keys

Generate keys with tinc 1.1+

# tinc --net=chaos init <nodename>

Replace <nodename> with the name your new node should get.

**FIXME** need some way that "tinc init" puts the public key into the seperate files and not only into the generated hosts file, which our chaosvpn daemon overwrites.

generate public/private RSA and ECDSA keypairs with

# tinc --net=chaos generate-keys 2048

press Enter 4 times and backup the files /etc/tinc/chaos/ecdsa_key.priv, ecdsa_key.pub, rsa_key.priv and rsa_key.pub on an external device.

Generate keys with tinc 1.0.xx

create chaos config folder with

# mkdir /etc/tinc/chaos/

generate public/private keypairs with

# tincd --net=chaos --generate-keys=2048

press Enter 2 times and backup the files /etc/tinc/chaos/rsa_key.priv and rsa_key.pub on an external device.

Mail us your Infos

  • send via email to chaosvpn-join@hamburg.ccc.de

We need the following info - but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn - or at least make us laugh. :)

(Please remove all lines starting with # from the email, they are just descriptions)

[<nodename>]

sponsor=
# Name a person/nickname/nodename or organisation/hackerspace already on ChaosVPN that will
# vouch for you getting access.

gatewayhost=<clienthost>
# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>
# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with  IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

owner=
# (mandatory, must include)
# Admin of the VPN gateway, with email address - a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0
# (optional)
# "I cannot accept inbound tunnel connections, I can only connect out."
# (e.g. behind a NAT)
silent=0
# (optional)
# "I cannot connect out, but you can connect to me."
# Only ONE of hidden=1 or silent=1 is possible. 

Ed25519PublicKey=<something>
# (optional)
# tinc 1.1pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub

-----BEGIN RSA PUBLIC KEY-----
....
-----END RSA PUBLIC KEY-----
# (mandatory)
# rsa-public-key - contents of your /etc/tinc/chaos/rsa_key.pub


Awaiting Response, give us some days, your request is processed manually

Retry until $success or $reject - but do not spam us.

Customize configfile

FIXME to be expanded

/etc/tinc/chaosvpn.conf

In the top part are the variables.

change

$my_peerid to the network nick from step 4
$my_vpn_ip to an ip address in your network range, like 172.31.x.1

Enable Starting of ChaosVPN

If you installed ChaosVPN through our Debian packages it is not started by default.

To enable this edit the file /etc/default/chaosvpn and change the RUN= line to RUN="yes"

After all changes (re-)start the chaosvpn client:

# /etc/init.d/chaosvpn start

If you made everything correct there should now be a tinc daemon running, and the output of 'route -n' should show lots of routes pointing to the new 'chaos_vpn' network interface.

script automatic starting at boottime

if you built/installed a debian package and installed it the init.d part is already setup, if you installed it manually with "make install" you have to do it yourself. As a template for your own script you can use from inside your git checkout

# cp debian/init.d /etc/init.d/chaosvpn
# cp debian/default /etc/default/chaosvpn
# update-rc.d chaosvpn defaults


and with luck, it will function beautifully! ;)


todo: tons ;) test in particular, and adjust docs for other linux distros, and perhaps even with *bsd