====== ChaosVPN ====== {{template>:project:infobox| name=ChaosVPN| image=ccc.png?200| founder=[[user:ruza]]| depends=those internetz| status=active}} ~~META: status = active &relation firstimage = :project:ccc.png ~~ * http://wiki.hamburg.ccc.de/index.php/ChaosVPN * http://blog.hackerspaces.org/2010/05/17/open-research-network-for-hackerspaces/ The **Agora Link is North American arm of an Open Research Network developed and maintained by a coalition of US hackerspaces. Our partner in Europe is the ChaosVPN.** The goal of this network is to facilitate the sharing of ideas and resources as well as enabling collaboration between diverse geographical regions. Our hope is that we will serve the needs of amateurs and professionals alike whose purpose is a better understanding of science and the subsequent development of technologies. We are making use of Tinc VPN (http://www.tinc-vpn.org/) as the core software component that allows each node to speak with each other. However, currently we are using some custom software to enable our unique needs. ([[http://www.agoralink.org/?page_id=17|Agora Link FAQ #1]]) ===== Status ===== * [DONE] vpn node ip allocated ([[http://wiki.hamburg.ccc.de/index.php/ChaosVPN::IPRanges#ip_ranges|172.31.0.16]]) * [DONE] collect hw * [DONE] virtual with Debian Lenny 6.0 and ChaosVPN/AgoraLink pkgs from debian.sdinet.de repo installed by [[user:ruza]] * [DONE] revive VPN connectivity, NAT * [DONE] extend brmlab internal DNS with .hack domain [[http://wiki.hamburg.ccc.de/index.php/ChaosVPN:DNS|DNS]] * [DONE] properly set up routing 172.31.0.0/16 (eu) and 10.100.0.0/13 (us) **FULLY FUNCTIONAL** chaosvpn node: * IP: 192.168.77.21 * hostname: chaos.brm * running and installed as KVM virtrual, 32bit Debian Wheezy on schiza.brm (192.168.77.23) * all traffic NATed as 172.31.**0**.16 (brmlab.hack) ===== Services provided by brmlab node ===== * http://brmlab.hack ==== Tor SOCKS4 proxy ==== {{:project:brmtor.jpg?nolink&100 |}} Nodes in ChaosVPN can use **172.31.0.16:9050** as Tor entry node. ===== Services provided by ChaosVPN network ===== * http://chaosvpnwiki.hack (or http://172.31.0.24), Internal wiki * http://wiki.hamburg.ccc.de/index.php/Warzone * http://wiki.hamburg.ccc.de/index.php/ChaosVPN:CTF * http://wiki.hamburg.ccc.de/index.php/VoIP * [[http://www.awgh.org/archives/253|Jabbercracky: A Hash Cracking Web Service]] * [[http://wiki.hamburg.ccc.de/index.php/ChaosVPN#Services_available_on_ChaosVPN]] ===== Routing - brmlab internal access ===== you have access to chaosvpn resources being connected to brmLAN 192.168.77.1 (Asus AP) should reroute you through 192.168.77.21 (virtual chaosvpn gw). Otherwise, add following static routes by yourself. * route add -net 172.31.0.0 netmask 255.255.0.0 gw 192.168.77.21 (static route to ChaosVPN (EU)) * route add -net 10.100.0.0 netmask 255.252.0.0 gw 192.168.77.21 (static route to AgoraLink (US)) you can also use http squid proxy **192.168.77.24:3128** [[http://172.31.2.1/chaosvpn.png|ChaosVPN net diagram]] ===== Troubleshooting ===== * **vpn connectivity test** * ping 172.31.**2**.1 ===== DNS forwarders ===== ### chaosvpn .hack domain forwarder ### zone "hack" { type slave; file "slave.hack"; masters {172.31.0.5;}; }; zone "rail.hack" { type slave; file "slave.rail.hack"; masters {172.31.252.2;}; }; ===== NAT ===== # Generated by iptables-save v1.4.8 on Wed Aug 17 07:09:47 2011 *filter :INPUT ACCEPT [6:911] :FORWARD ACCEPT [4:318] :OUTPUT ACCEPT [18:1950] -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i chaos_vpn -p tcp -m tcp --dport 22 -j DROP -A INPUT -i chaos_vpn -p tcp -m tcp --dport 222 -j DROP COMMIT # Completed on Wed Aug 17 07:09:47 2011 # Generated by iptables-save v1.4.8 on Wed Aug 17 07:09:47 2011 *nat :PREROUTING ACCEPT [148:29394] :POSTROUTING ACCEPT [123:8448] :OUTPUT ACCEPT [3:1248] -A PREROUTING -p tcp -m tcp --dport 9999 -j DNAT --to-destination 192.168.66.6:9999 -A PREROUTING -p udp -m udp --dport 9999 -j DNAT --to-destination 192.168.66.6:9999 -A PREROUTING -p tcp -m tcp --dport 2201 -j DNAT --to-destination 192.168.66.4:22 -A PREROUTING -p tcp -m tcp --dport 9050 -j DNAT --to-destination 192.168.77.24:9050 -A POSTROUTING -o chaos_vpn -j MASQUERADE COMMIT # Completed on Wed Aug 17 07:09:47 2011 ===== Talks ===== ==== DEFCON 18 ==== {{youtube>Lx2w9K6a6EE}} http://www.youtube.com/watch?v=Lx2w9K6a6EE {{youtube>WuhehTkLF4U}} http://www.youtube.com/watch?v=WuhehTkLF4U {{youtube>G3JwtHcKWX0}} http://www.youtube.com/watch?v=G3JwtHcKWX0 === 26c3 talk === * http://events.ccc.de/congress/2009/Fahrplan/events/3504.en.html * http://mirror.fem-net.de/CCC/26C3/mp4/26c3-3504-en-our_darknet_and_its_bright_spots.mp4 ==== Procedure/HowTo ==== * [[http://wiki.hamburg.ccc.de/index.php/ChaosVPN::DebianHowto|DebianHowto]] {{http://www.agoralink.org/wp-content/uploads/2010/02/Chaos-Field.png}}