[[ChaosVPN]]
 

ChaosVPN

ChaosVPN
founder: ruza
depends on: those internetz
interested:
software license:
hardware license:
status: active

The Agora Link is North American arm of an Open Research Network developed and maintained by a coalition of US hackerspaces. Our partner in Europe is the ChaosVPN. The goal of this network is to facilitate the sharing of ideas and resources as well as enabling collaboration between diverse geographical regions. Our hope is that we will serve the needs of amateurs and professionals alike whose purpose is a better understanding of science and the subsequent development of technologies. We are making use of Tinc VPN (http://www.tinc-vpn.org/) as the core software component that allows each node to speak with each other. However currently we are using some custom software to enable our unique needs. (Agora Link FAQ #1)

Status

  • [DONE] vpn node ip allocated (172.31.0.16)
  • [DONE] collect hw
  • [DONE] virtual with Debian Lenny 6.0 and ChaosVPN/AgoraLink pkgs from debian.sdinet.de repo installed by ruza
  • [DONE] revive VPN connectivity, NAT
  • [DONE] extend brmlab internal DNS with .hack domain DNS
  • [DONE] properly set up routing 172.31.0.0/16 (eu) and 10.100.0.0/13 (us)

FULLY FUNCTIONAL

chaosvpn node:

  • IP: 192.168.77.21
  • hostname: chaos.brm
  • running and installed as Virtualbox Headless, 32bit Debian Lenny on brmko.brm 64bit Ubuntu Server 12.04 LTS (192.168.77.20)
  • all traffic NATed as 172.31.0.16 (brmlab.hack)

Troubleshooting

  • vpn connectivity test
  • if chaos.brm (192.168.77.21) not responding to ping
    • to start virtual router
      • root@brmko:~# /etc/init.d/VBoxManage start

Services provided by brmlab node

Brmlab Warzone

ChaosVPN

ssh level00@172.31.0.16 -p 2201

Tor SOCKS4 proxy

Nodes in ChaosVPN can use 172.31.0.16:9050 as Tor entry node.

Services provided by ChaosVPN network

Routing - brmlab internal access

you have access to chaosvpn resources being connected to brmLAN

192.168.77.1 (Asus AP) should reroute you through 192.168.77.21 (virtual chaosvpn gw). Otherwise add following static routes by yourself.

  • route add -net 172.31.0.0 netmask 255.255.0.0 gw 192.168.77.21 (static route to ChaosVPN (EU))
  • route add -net 10.100.0.0 netmask 255.252.0.0 gw 192.168.77.21 (static route to AgoraLink (US))

you can also use http squid proxy 192.168.77.24:3128

ChaosVPN net diagram

DNS forwarders

### chaosvpn .hack domain forwarder ###
zone "hack" {
        type slave;
        file "slave.hack";
        masters {172.31.0.5;};
};

zone "rail.hack" {
        type slave;
        file "slave.rail.hack";
        masters {172.31.252.2;};
};

NAT

/etc/iptables/rules
# Generated by iptables-save v1.4.8 on Wed Aug 17 07:09:47 2011
*filter
:INPUT ACCEPT [6:911]
:FORWARD ACCEPT [4:318]
:OUTPUT ACCEPT [18:1950]
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i chaos_vpn -p tcp -m tcp --dport 22 -j DROP 
-A INPUT -i chaos_vpn -p tcp -m tcp --dport 222 -j DROP 
COMMIT
# Completed on Wed Aug 17 07:09:47 2011
# Generated by iptables-save v1.4.8 on Wed Aug 17 07:09:47 2011
*nat
:PREROUTING ACCEPT [148:29394]
:POSTROUTING ACCEPT [123:8448]
:OUTPUT ACCEPT [3:1248]
-A PREROUTING -p tcp -m tcp --dport 9999 -j DNAT --to-destination 192.168.66.6:9999 
-A PREROUTING -p udp -m udp --dport 9999 -j DNAT --to-destination 192.168.66.6:9999 
-A PREROUTING -p tcp -m tcp --dport 2201 -j DNAT --to-destination 192.168.66.4:22 
-A PREROUTING -p tcp -m tcp --dport 9050 -j DNAT --to-destination 192.168.77.24:9050 
-A POSTROUTING -o chaos_vpn -j MASQUERADE 
COMMIT
# Completed on Wed Aug 17 07:09:47 2011

Talks

DEFCON 18

26c3 talk

Procedure/HowTo

 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki