This is Howto for setting up an independent Box providing you with ChaosVPN

0. Fulfil Requirements

• Buy Hardware [WNDR3800] or some equivalent
• You must have read the basic Howto precisely
• generate your keys, choose nodename and subnet and send pubkey to ChaosVPN team

1. Preparations

In five steps. Really.

1. Get Started

• Unpack your Router and power on
• Connect wired or wireless (use information provided with your router)
• Go directly to your routers Webinterface (192.168.1.1 or 192.168.178.1) and search for sth like System -> Firmware Upgrade
• (There is no need to change any of the configuration)

2. Install OpenWRT

• Download [OpenWRT for WNDR3800] and upload the Image in your Webinterface
• Press Start
• DO NOT REBOOT, POWEROFF OR ELSE
• Wait until done (Power LED should not flash)

3. Start and Setup OpenWRT

• Restart the network connection between PC <-> Router

• telnet 192.168.1.1

• passwd #set a root password 

• REMEMBER IT
• Connect the yellow (WAN) port on your router to current infrastructure

• Go to Webinterface at 192.168.1.1
• Go to Network -> Interfaces and activate WAN Connection with DHCP or your custom internet configuration
• Navigate to System -> Software and press Update Lists
• Press Available Software tab and select C
• Search for ChaosVPN and press install

(I did also install screen at this point)

4. Prepare for launch

• ssh root@192.168.1.1 # telnet won't work anymore

• edit the top part of

• /etc/tinc/chaosvpn.conf

$my_peerid = <nodename>
$my_vpn_ip = 172.31.<your Subnet>.[1-255]

• Copy over your keys to OpenWRT Box

 
# scp /etc/tinc/chaos/rsa_key.p* root@192.168.1.1:/etc/tinc/chaos
# rm /etc/tinc/chaos/rsa_key.p*

5. Lift off

• start chaosvpn

• /etc/init.de/chaosvpn start

...be prepared for 150 new route entries

2. Configure a ChaosVPN-only access node

Use either Webclient or [| Console Backup] continously

1. Add Interface for [ChaosVPN]

• Go to Network -> Interfaces
• Klick Add new interface.. Button at the bottom of the page
• Type ChaosVPN into name field
• Select Unmanaged
• Select Ethernet Adapter: "chaos_vpn"
• Save

2. Add Zone for ChaosVPN

• Go to Network -> Firewall
• In the Zones Tab, klick Add
• Type ChaosVPN into name field
• At Covered Networks select ChaosVPN

The following is varies with your persional use case - please post your configuration with an short description if you like The default WAN will be still reachable via wired network. The wireless network will have no access to WAN - ChaosVPN only. At any state you can use the IP 192.168.1.1 to reach your router. Pressing save will only cache the setting - press apply to make sure settings are set

3. Make WLAN an ChaosVPN only AP

• Go to Network -> Interfaces
• Klick Add new interface
• Type wlan into name field
• Select Static address
• Check Create a bridge if you like to bridge 2.4GhZ and 5GhZ
• Select (both) wlan devices

• In Edit mask

•  IPv4 Address: 172.31.<your subnet>.[1-255] 

• 'this must not be the ip of chaosvpn device!

• Netmask: 255.255.255.0

• Add a DHCP Server to server some addresses in range 100-150
• Advanced Settings to propagate internal nameservers

• DHCP Options: 6,172.31.116.1,195.24.78.86,172.22.228.6

• Go to Network -> Firewall
• In the Zones Tab, klick Add
• Type wlan into name field
• At Covered Networks select wlan device
• Check Allow forward to destination zones: ChaosVPN

4. Save & Apply & ReConnect & ReBoot | ReTry

... to be continued