User Tools

Site Tools


project:chaosvpn:start

ChaosVPN

ChaosVPN
founder: ruza
depends on: those internetz
interested:
software license:
hardware license:

~~META: status = active &relation firstimage = :project:ccc.png ~~

The Agora Link is North American arm of an Open Research Network developed and maintained by a coalition of US hackerspaces. Our partner in Europe is the ChaosVPN. The goal of this network is to facilitate the sharing of ideas and resources as well as enabling collaboration between diverse geographical regions. Our hope is that we will serve the needs of amateurs and professionals alike whose purpose is a better understanding of science and the subsequent development of technologies. We are making use of Tinc VPN (http://www.tinc-vpn.org/) as the core software component that allows each node to speak with each other. However, currently we are using some custom software to enable our unique needs. (Agora Link FAQ #1)

Status

  • [DONE] vpn node ip allocated (172.31.0.16)
  • [DONE] collect hw
  • [DONE] virtual with Debian Lenny 6.0 and ChaosVPN/AgoraLink pkgs from debian.sdinet.de repo installed by ruza
  • [DONE] revive VPN connectivity, NAT
  • [DONE] extend brmlab internal DNS with .hack domain DNS
  • [DONE] properly set up routing 172.31.0.0/16 (eu) and 10.100.0.0/13 (us)
FULLY FUNCTIONAL

chaosvpn node:

  • IP: 192.168.77.21
  • hostname: chaos.brm
  • running and installed as KVM virtrual, 32bit Debian Wheezy on schiza.brm (192.168.77.23)
  • all traffic NATed as 172.31.0.16 (brmlab.hack)

Services provided by brmlab node

Tor SOCKS4 proxy

Nodes in ChaosVPN can use 172.31.0.16:9050 as Tor entry node.

Services provided by ChaosVPN network

Routing - brmlab internal access

you have access to chaosvpn resources being connected to brmLAN

192.168.77.1 (Asus AP) should reroute you through 192.168.77.21 (virtual chaosvpn gw). Otherwise, add following static routes by yourself.

  • route add -net 172.31.0.0 netmask 255.255.0.0 gw 192.168.77.21 (static route to ChaosVPN (EU))
  • route add -net 10.100.0.0 netmask 255.252.0.0 gw 192.168.77.21 (static route to AgoraLink (US))
you can also use http squid proxy 192.168.77.24:3128

ChaosVPN net diagram

Troubleshooting

  • vpn connectivity test
    • ping 172.31.2.1

DNS forwarders

### chaosvpn .hack domain forwarder ###
zone "hack" {
        type slave;
        file "slave.hack";
        masters {172.31.0.5;};
};

zone "rail.hack" {
        type slave;
        file "slave.rail.hack";
        masters {172.31.252.2;};
};

NAT

/etc/iptables/rules
# Generated by iptables-save v1.4.8 on Wed Aug 17 07:09:47 2011
*filter
:INPUT ACCEPT [6:911]
:FORWARD ACCEPT [4:318]
:OUTPUT ACCEPT [18:1950]
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -i chaos_vpn -p tcp -m tcp --dport 22 -j DROP 
-A INPUT -i chaos_vpn -p tcp -m tcp --dport 222 -j DROP 
COMMIT
# Completed on Wed Aug 17 07:09:47 2011
# Generated by iptables-save v1.4.8 on Wed Aug 17 07:09:47 2011
*nat
:PREROUTING ACCEPT [148:29394]
:POSTROUTING ACCEPT [123:8448]
:OUTPUT ACCEPT [3:1248]
-A PREROUTING -p tcp -m tcp --dport 9999 -j DNAT --to-destination 192.168.66.6:9999 
-A PREROUTING -p udp -m udp --dport 9999 -j DNAT --to-destination 192.168.66.6:9999 
-A PREROUTING -p tcp -m tcp --dport 2201 -j DNAT --to-destination 192.168.66.4:22 
-A PREROUTING -p tcp -m tcp --dport 9050 -j DNAT --to-destination 192.168.77.24:9050 
-A POSTROUTING -o chaos_vpn -j MASQUERADE 
COMMIT
# Completed on Wed Aug 17 07:09:47 2011

Talks

DEFCON 18

26c3 talk

Procedure/HowTo

project/chaosvpn/start.txt · Last modified: 2018/05/04 08:05 by ruza