Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/

Difference between revisions of "ChaosVPN"

From CCCHHWiki
Jump to: navigation, search
m
m (Services available on ChaosVPN: -Minetest - service no more exists)
 
(84 intermediate revisions by 19 users not shown)
Line 1: Line 1:
<span style="font-size:2em">and AgoraLink</span>
+
{{Template:ChaosVPNBanner}}
  
 +
= Goals =
  
''' the big picture '''
+
ChaosVPN is a system to connect Hackers.
  
What is this all about?
+
Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.
  
mc.fly will some day write some stuff about it. In case you have awesome ideas just add them.
+
It should be designed that noone sees other peoples traffic.
  
 +
It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to acutally do something when a node joins or leaves.
  
 +
If you want to find a solution for a Network without Single Point of failure, has - due to Voice over IP - low latency and that noone will see other peoples traffic you end up pretty quick with a full mesh based network.
  
= ChaosVPN 2.0 =
+
Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.
  
== redesign ==
+
ChaosVPN connects hacker wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks - maybe down to a small /32.
The Rebuild of the ChaosVPN became nessesary at some point, as the vermittlung was blackholed. Furthermore we would like to put live back to the ChaosVPN and use it to interconnect the hackerspaces.
 
  
So we thought its a good time to redesign stuff. We will climb up to tinc 1.0.13.
+
So there we are. ChaosVPN is working and it seems the usage increases, more nodes join in and more sevices pop up.
  
== software ==
+
For now, an overview picture of the currently connected nodes:
 +
* http://vpnhub1.hack/chaosvpn.png (only from inside ChaosVPN; updated once per hour)
 +
* http://vpnhub1.hack/chaosvpn.svg
 +
and a simple display of node-uptimes:
 +
* http://vpnhub1.hack/chaosvpn.nodes.html.
  
An unfinshed Howto for Debian systems is available at [[ChaosVPN::DebianHowto|Debian]] - users of other systems need to adapt it likewise, more documentation will hopefully follow in the future.
+
= Howto join ChaosVPN? =
  
=== tinc ===
+
You want to join ChaosVPN and experience the awesomeness of it?
we use tinc. There will be a tinc 2.0 version soon. The developer has his ideas about tinc 2.0 at http://tinc-vpn.org/goals/ and first code is at http://tinc-vpn.org/git/fides.
 
  
=== OpenWRT Packages ===
+
* Go to our [[ChaosVPN:Howto|Generic Howto]]
Blogic will build a special OpenWRT package, which is called chaosvpn at the moment, a recent tinc 1.0.13 is already available in the openwrt packages repository.
+
* Go to our [[ChaosVPN:DebianHowto|Debian Howto]]
 +
* Go to our [[ChaosVPN:UbuntuHowto|Ubuntu Howto]]
 +
* Go to our [[ChaosVPN:OpenWRTHowto|OpenWRT Howto]]
 +
* Go to our [[ChaosVPN:FreeBSDHowto|FreeBSD Howto]]
 +
* Go to our [[ChaosVPN:NetBSDHowto|NetBSD Howto]]
 +
* Go to our [[ChaosVPN:Netbsd_NAT_VPN_router_using_chaosvpn_and_ipnat|NetBSD NAT VPN router using chaosvpn and ipnet Howto]]
 +
* Go to our [[ChaosVPN:MacOSXHowto‎|Apple Mac OSX Howto]]
 +
* Go to our [[ChaosVPN:RaspbianHowto|Raspbian Howto]]
 +
* If you own a Fonera 2.0n you may want to try [[ChaosVPN:Fonera|Fonera Howto]] (quite outdated)
  
See also http://0x1.net/openwrt
+
There is a short HowTo [[ChaosVPN:MeshYourNodes|how to better mesh your own nodes]] using ChaosVPN.
Packages may be in flux for awhile, if you have trouble with any of the binaries, email [mailto:cjp@0x1.net cjp].
 
  
=== Debian Packages ===
+
= Mailinglist =
There is a long description how to install on a Debian System: [[ChaosVPN::DebianHowto]]
 
  
Haegar created (backported) tinc 1.0.13 packages for Debian. They are availible at:
+
We have a mailinglist, and invite all interested persons to join.
* Debian Etch: http://debian.sdinet.de/etch/sdinet/tinc/
 
* Debian Lenny / Stable: http://debian.sdinet.de/lenny/sdinet/tinc/
 
* Debian Sid / Unstable: http://debian.sdinet.de/sid/sdinet/tinc/
 
  
Please note that the above packages may need further backported packages, all of them are available in other subdirectories on debian.sdinet.de.
+
https://www.hamburg.ccc.de/mailman/listinfo/chaosvpn
  
Pre-Created ChaosVPN program packages, updated every now and then:
+
= ChaosVPN 2.0 =
* Debian Etch: http://debian.sdinet.de/etch/sdinet/chaosvpn/
 
* Debian Lenny / Stable: http://debian.sdinet.de/lenny/sdinet/chaosvpn/
 
* Debian Sid / Unstable: http://debian.sdinet.de/sid/sdinet/chaosvpn/
 
  
 +
== IP Ranges and Participants: ==
  
=== fonera20n ===
+
Please see [[ChaosVPN:IPRanges | IP Range ]] for more Infos.
  
Full Setup Instructions: [[ChaosVPN::Fonera]]
+
== Other related software ==
  
Fonera 2.0n 2.3.5 firmware with chaosvpn 2.0 and tinc 1.0.13, tested.  No clobber of configs using upgrade script.
+
=== DNS ===
 +
See [[ChaosVPN:DNS | DNS]]
  
Grab here: http://www.agoralink.org/20100417_FON2303_2.3.5.0_DEV.tgz
+
=== IRC ===
  
For the fonera 2.0n http://www.aculei.net/~mjoyce/chaosvpn/
+
irc.hackint.hack (172.31.0.30) or irc.hackint.net - join us in #chaosvpn
  
Included are Packages for ChaosVPN, and TINC
+
=== VoIP ===
There are source code packages as well.
 
  
Packages go in /openwrt/packages/
+
Asterisk servers allowing incoming and outgoing calls to POTS in [[ChaosVPN:IPRanges#ccc_hannover|Hannover]] and [[ChaosVPN:IPRanges#ccchh_-_Hamburg|Hamburg]] hackerspaces. <br>
Source goes in /openwrt/dl/
+
Ask the admins for more information.
  
.config is a sample config for fonera2n.  It is not minimalist in any way.  Vyrus has a minimal config I will hunt down.
+
=== Requested applications ===
  
The chaosvpn version is not reflected in the name of the package... that is just there because I was too lazy to update the chaosvpn package for the current version.
+
During Chaos Communication Camp 2011, participants of the ChaosVPN workshop suggested various applications:
  
=== ArchLinux ===
+
* Mirrors of interesting public FTP/WWW sites
helios maintains an AUR-package: http://aur.archlinux.org/packages.php?ID=33307
+
* Bittorrent trackers
 +
* Email (either transparently route email from public domains via ChaosVPN, or have .hack email addresses)
 +
* Censorship detection: service to request a public webpage from proxies at several nodes at once, compare the differences
 +
* GeoIP avoidance?
 +
* Social networking things
 +
* Varnish cache
 +
* LDAP (maybe to allow authenticating hackers against their own hackerspace's LDAP server, like Eduroam)
 +
* Multicast services (limited support in tinc, not automatically forwarded to the LANs)
 +
* TOR entry nodes in ChaosVPN
 +
* NNTP (already available on dn42)
 +
* More games!
 +
* Distributed computing (BOINC, GRID stuff)
  
=== sources ===
+
== Wanted changes ==
The source code repository is available at: http://github.com/ryd/chaosvpn
 
  
You can download the source with git
+
Ideas?
git clone git://github.com/ryd/chaosvpn.git
 
  
== IP Ranges and Participants: ==
+
[[ChaosVPN:todo|A collection of short term changes]]
  
Please see [[ChaosVPN::IPRanges]] for more Infos.
+
= Chaosvpn Geekends =
  
== other related software ==
+
* [[ChaosVPN:geekend0|geekend 0 at Hamburg]]
=== dns ===
+
* [[ChaosVPN:geekend1|geekend 1 at Hamburg]]
See [[ChaosVPN:DNS]]
+
* [[ChaosVPN:geekend10|geekend 10 at Hamburg]]
  
== wanted changes ==
+
= Services available on ChaosVPN =
=== short term ===
 
* clients don't have to authentificate themself - everybody can see the config.
 
* if admins are lazy and don't rebuild the config file properly we will have old routes in the network that don't dissapear (at least until the tinc is reconfigured and restarted) (not a problem anymore with a current .git snapshot, the problem will only affect the non-updating participant with it)
 
  
=== long term ===
+
Update:
tinc does have some problems. That is the reason why we want to replace that in the forseable future.
 
That will be [http://wiki.hamburg.ccc.de/index.php/ChaosVPN#ChaosVPN_3.0 ChaosVPN 3.0]
 
  
* Participants can fake network ranges my intention or mistake. (control informations inside tinc are not proper authentificated) (not true anymore with latest chaosvpn.git where we do not import infos from the tinc-network anymore (TunnelServer=yes))
+
If you have services you wish to be accessible to the whole of the Chaosvpn, please add your services to the online list available (within Chaosvpn) at:
* http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt
 
  
= ChaosVPN 3.0 =
+
http://list.weird.hack - Service list - 10.100.44.1 (but seems to be death currently)
  
  
= ChaosVPN 1.0 (historic) =
 
 
ChaosVPN 1.0 is obsolete, please see above for the next implementation.
 
 
== <strike>TINC SETUP</strike> ==
 
<strike>At the moment the Hamburg ccc Erfa uses [http://www.tinc-vpn.org TINC] together with some dirty perl-scripts, which are used to read the routes and peers.</strike>
 
 
<strike>For this Setup we have howtos for
 
[[ChaosVPN::DebianHowto|Debian]] and [[ChaosVPN::GentooHowto|Gentoo]] (in german).</strike>
 
 
=== <strike>Beginninig in 2003</strike> ===
 
<strike>(haegar:)
 
For me the whole setup with Openvpn was to complicated. It would take some time till its done and the scaling problems were forseable.
 
 
Therefore i took time today to get a working mini-solution with tinc running real quick.
 
 
The bigger issues with ip-submission and database are able to be added later without any big effort.
 
 
Most importand design goals were:
 
* data traffic between participants must not rely on the ccc infrastructure.
 
* failure of any parts of the infrastructure must not shut down the network completely
 
* no work needed for participants just because a new participant is joining or a old one quitting.
 
 
system requirements
 
* linux only first
 
** tinc is availible for nearly all unix variants and windows, but my perl script is only working on linux so far.
 
* perl with LWP and https support
 
* working dyndns hostname that conains the actual router-ip or static ip
 
</strike>
 
 
=== <strike>Update 2006</strike> ===
 
<strike>Today (2006) i would implement things different than i did before, but when this happens is completely up in the stars.
 
Until there is a better setup we will use the old setup.
 
</strike>
 
 
= Chaosvpn Geekends =
 
We want to do a chaosvpn geekend. Therefore this wiki page: [[ChaosVPN::geekend0|geekend 0 at Hamburg]]
 
 
= Services available on ChaosVPN =
 
  
 +
* [[ChaosVPN:Proxy|Proxy]]
 
* [[ChaosVPN:CTF|OpenArena CTF]]
 
* [[ChaosVPN:CTF|OpenArena CTF]]
 
* [[VoIP| Vermittlung Chaosphone]]
 
* [[VoIP| Vermittlung Chaosphone]]
 +
* [[ChaosVPN:VoIP|VoIP]]
 +
* [[ChaosVPN:IRC|IRC]]
 +
* [[ChaosVPN:Minecraft|Minecraft]]
 +
* [[ChaosVPN:Bitlbee|Bitlbee]]
 +
* [[ChaosVPN:ZNC|ZNC]]
 +
* [[ChaosVPN:Jabber|Jabber]]
 +
* [[ChaosVPN:FTP|FTP]]
 +
* [[ChaosVPN:BBS|BBS]]
 +
* [[ChaosVPN:Cracking|HashCracking]]
 +
* [[ChaosVPN:Monitoring|Monitoring]]
 +
* [[ChaosVPN:News|Usenet]]
 +
* [[ChaosVPN:NZB|Usenet indexer (newznab)]]
 +
* [http://brmlab.cz/project/chaosvpn#brmlab_warzone Brmlab WarZone challenges]
 +
* [http://brmlab.cz/project/chaosvpn#tor_socks4_proxy Brmlab Tor SOCKS4 proxy]
 +
* [[ChaosVPN:whatsmyip|ifconfig.hack info, a whats my ip page]]
  
 
[[Category:ChaosVPN]]
 
[[Category:ChaosVPN]]

Latest revision as of 19:24, 6 June 2019

Note:
ChaosVPN is a VPN to connect Hackers and Hackerspaces - it does NOT provide anonymous internet access!
For this look at tor or other similar services.

It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the "dark web".

Alternative: If you prefer BGP, you can also connect via https://dn42.net/, we are interconnected.

Goals

ChaosVPN is a system to connect Hackers.

Design principals include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is being able to run on a embedded hardware you will find in our todays router.

It should be designed that noone sees other peoples traffic.

It should be mainly autoconfig as in that besides the joining node no administrator of the network should be in the need to acutally do something when a node joins or leaves.

If you want to find a solution for a Network without Single Point of failure, has - due to Voice over IP - low latency and that noone will see other peoples traffic you end up pretty quick with a full mesh based network.

Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.

ChaosVPN connects hacker wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks - maybe down to a small /32.

So there we are. ChaosVPN is working and it seems the usage increases, more nodes join in and more sevices pop up.

For now, an overview picture of the currently connected nodes:

and a simple display of node-uptimes:

Howto join ChaosVPN?

You want to join ChaosVPN and experience the awesomeness of it?

There is a short HowTo how to better mesh your own nodes using ChaosVPN.

Mailinglist

We have a mailinglist, and invite all interested persons to join.

https://www.hamburg.ccc.de/mailman/listinfo/chaosvpn

ChaosVPN 2.0

IP Ranges and Participants:

Please see IP Range for more Infos.

Other related software

DNS

See DNS

IRC

irc.hackint.hack (172.31.0.30) or irc.hackint.net - join us in #chaosvpn

VoIP

Asterisk servers allowing incoming and outgoing calls to POTS in Hannover and Hamburg hackerspaces.
Ask the admins for more information.

Requested applications

During Chaos Communication Camp 2011, participants of the ChaosVPN workshop suggested various applications:

  • Mirrors of interesting public FTP/WWW sites
  • Bittorrent trackers
  • Email (either transparently route email from public domains via ChaosVPN, or have .hack email addresses)
  • Censorship detection: service to request a public webpage from proxies at several nodes at once, compare the differences
  • GeoIP avoidance?
  • Social networking things
  • Varnish cache
  • LDAP (maybe to allow authenticating hackers against their own hackerspace's LDAP server, like Eduroam)
  • Multicast services (limited support in tinc, not automatically forwarded to the LANs)
  • TOR entry nodes in ChaosVPN
  • NNTP (already available on dn42)
  • More games!
  • Distributed computing (BOINC, GRID stuff)

Wanted changes

Ideas?

A collection of short term changes

Chaosvpn Geekends

Services available on ChaosVPN

Update:

If you have services you wish to be accessible to the whole of the Chaosvpn, please add your services to the online list available (within Chaosvpn) at:

http://list.weird.hack - Service list - 10.100.44.1 (but seems to be death currently)