Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
Template:ChaosVPNMailit
Contents
Devise a network-nick and a unique IP range you will be using
This network-nick or sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running,
not necessarily the name of the user, there may even be more than one gateway per user.
Used below where <nodename> is.
Please use only characters a-z, 0-9 and _ in it.
Second please select an unused IPv4 range out of IP Range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.
Repeat: Please do not forget to add yourself to the list at IP Range to mark your range as used.
Used below where <ipv4 subnet in the vpn> is.
The usage of IPv6 networks is also possible, but we do not have a central range for this (yet),
you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN,
or a private IPv6 ULA (Unique Local Address) network described in RFC4193.
For more info about ULA and a network-range generator please also see http://www.sixxs.net/tools/grh/ula/ .
Used below where <ipv6 subnet in the vpn> is.
Generate keys
Generate keys with tinc 1.1+
# tinc --net=chaos init <nodename>
Replace <nodename> with the name your new node should get.
- FIXME** need some way that "tinc init" puts the public key into the seperate files and not only into the generated hosts file, which our chaosvpn daemon overwrites.
generate public/private RSA and ECDSA keypairs with
# tinc --net=chaos generate-keys 2048
press Enter 4 times and backup the files on an external device.
Generate keys with tinc 1.0.xx
generate public/private keypairs with
# tincd --net=chaos --generate-keys=2048
press Enter 2 times and backup the files on an external device.
Hostname
The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.
Better supply a hostname than a raw IP address even if it is static, so you can change it youself and do not need to contact us when needed. (Perhaps something linke chaosvpn.yourdomain.example)
Used below where <clienthost> is.
Mail us your Infos
- send via email to chaosvpn-join@hamburg.ccc.de
We need the following info - but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn - or at least make us laugh. :)
(Please remove all lines starting with # from the email, they are just descriptions)
[<nodename>] gatewayhost=<clienthost> # This should be the external hostname or ip address of the client host, not a VPN address. # If the client is not reachable over the internet leave it out and set hidden=1 below. # If possible supply a hostname (even dyndns) and not an ip address for easier changing # from your side without touching the central config. network=<ipv4 subnet in the vpn> network6=<ipv6 subnet in the vpn> # (mandatory, must include) # this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional # # These subnets must be unique in our vpn, # simply renumber your home network (or use something like NETMAP) with a network block that is still free. # # Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there. owner= # (mandatory, must include) # Admin of the VPN gateway, with email address - a way to contact the responsible # person in case of problems with your network link. port=4712 # (optional) # if not specified tinc works on tcp+udp port 655 # it is better if everyone chooses a random port for this. # either this specified port or port 655 needs to accept TCP and UDP traffic from outside. hidden=0 # (optional) # "I cannot accept inbound tunnel connections, I can only connect out." # (e.g. behind a NAT) silent=0 # (optional) # "I cannot connect out, but you can connect to me." # Only ONE of hidden=1 or silent=1 is possible.
ECDSAPublicKey = <something> # (optional) # tinc 1.1+ only, contents of your /etc/tinc/chaos/ecdsa_key.pub
-----BEGIN RSA PUBLIC KEY----- .... -----END RSA PUBLIC KEY----- # rsa-public-key - contents of your /etc/tinc/chaos/rsa_key.pub
Awaiting Response
Retry until $success
