Table of Contents
ChaosVPN
| ChaosVPN | |
|---|---|
 |
|
| founder: | ruza |
| depends on: | those internetz |
| interested: | |
| software license: | |
| hardware license: | |
~~META: status = active &relation firstimage = :project:ccc.png ~~
The Agora Link is North American arm of an Open Research Network developed and maintained by a coalition of US hackerspaces. Our partner in Europe is the ChaosVPN. The goal of this network is to facilitate the sharing of ideas and resources as well as enabling collaboration between diverse geographical regions. Our hope is that we will serve the needs of amateurs and professionals alike whose purpose is a better understanding of science and the subsequent development of technologies. We are making use of Tinc VPN (http://www.tinc-vpn.org/) as the core software component that allows each node to speak with each other. However, currently we are using some custom software to enable our unique needs. (Agora Link FAQ #1)
Status
- [DONE] vpn node ip allocated (172.31.0.16)
- [DONE] collect hw
- [DONE] virtual with Debian Lenny 6.0 and ChaosVPN/AgoraLink pkgs from debian.sdinet.de repo installed by ruza
- [DONE] revive VPN connectivity, NAT
- [DONE] extend brmlab internal DNS with .hack domain DNS
- [DONE] properly set up routing 172.31.0.0/16 (eu) and 10.100.0.0/13 (us)
chaosvpn node:
- IP: 192.168.77.21
- hostname: chaos.brm
- running and installed as KVM virtrual, 32bit Debian Wheezy on schiza.brm (192.168.77.23)
- all traffic NATed as 172.31.0.16 (brmlab.hack)
Services provided by brmlab node
Tor SOCKS4 proxy
Nodes in ChaosVPN can use 172.31.0.16:9050 as Tor entry node.
Services provided by ChaosVPN network
- http://chaosvpnwiki.hack (or http://172.31.0.24), Internal wiki
Routing - brmlab internal access
192.168.77.1 (Asus AP) should reroute you through 192.168.77.21 (virtual chaosvpn gw). Otherwise, add following static routes by yourself.
- route add -net 172.31.0.0 netmask 255.255.0.0 gw 192.168.77.21 (static route to ChaosVPN (EU))
- route add -net 10.100.0.0 netmask 255.252.0.0 gw 192.168.77.21 (static route to AgoraLink (US))
Troubleshooting
- vpn connectivity test
- ping 172.31.2.1
DNS forwarders
### chaosvpn .hack domain forwarder ###
zone "hack" {
type slave;
file "slave.hack";
masters {172.31.0.5;};
};
zone "rail.hack" {
type slave;
file "slave.rail.hack";
masters {172.31.252.2;};
};
NAT
- /etc/iptables/rules
# Generated by iptables-save v1.4.8 on Wed Aug 17 07:09:47 2011 *filter :INPUT ACCEPT [6:911] :FORWARD ACCEPT [4:318] :OUTPUT ACCEPT [18:1950] -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i chaos_vpn -p tcp -m tcp --dport 22 -j DROP -A INPUT -i chaos_vpn -p tcp -m tcp --dport 222 -j DROP COMMIT # Completed on Wed Aug 17 07:09:47 2011 # Generated by iptables-save v1.4.8 on Wed Aug 17 07:09:47 2011 *nat :PREROUTING ACCEPT [148:29394] :POSTROUTING ACCEPT [123:8448] :OUTPUT ACCEPT [3:1248] -A PREROUTING -p tcp -m tcp --dport 9999 -j DNAT --to-destination 192.168.66.6:9999 -A PREROUTING -p udp -m udp --dport 9999 -j DNAT --to-destination 192.168.66.6:9999 -A PREROUTING -p tcp -m tcp --dport 2201 -j DNAT --to-destination 192.168.66.4:22 -A PREROUTING -p tcp -m tcp --dport 9050 -j DNAT --to-destination 192.168.77.24:9050 -A POSTROUTING -o chaos_vpn -j MASQUERADE COMMIT # Completed on Wed Aug 17 07:09:47 2011
Talks
DEFCON 18
Lx2w9K6a6EE http://www.youtube.com/watch?v=Lx2w9K6a6EE
WuhehTkLF4U http://www.youtube.com/watch?v=WuhehTkLF4U
G3JwtHcKWX0 http://www.youtube.com/watch?v=G3JwtHcKWX0
