Posted on

ChaosVPN Part 2: Hack to School!

 

Fonerawebuicssfix (1)

When I first started working on this ChaosVPN project, I never imagined what fun it could be.  It has required a bit of extra effort and learning, but I like that sort of thing!

However, I want to stress that ChaosVPN isn’t a replacement for Tor or other anonymity tools; in fact, the creators mention this on the wiki.  And it won’t help you access .lll or .rdos sites either…heh heh heh.

So – where I initially got stuck was at the point of getting tinc to run properly on my system.  As it turns out, I hadn’t completed all the steps to installing it (go figure)!  That’s why they say: “If all else fails, try reading the instructions.”

Depending on which operating system you’re using, of course, those instructions may vary.  If you’re using a Mac OS/X, then these are the appropriate instructions: installing tinc on Mac OS/X.

If you’re using Windows, then try here: installing tinc on Windows 2000/XP/7/8.  Hmm…it doesn’t include Windows 10, but does that mean it won’t work?  Not necessarily, but I know how logical Windows can be sometimes.

windows-logic-meme

What about Ubuntu?

In my earlier post ChaosVPN: Making Friends with Hackers!, I had mentioned using Ubuntu to set it up.  This still seemed like the ideal option for me.  It reminded me very much of the MS-DOS days from my childhood.

Abort_Retry_Fail

 

So I started going through the steps again, trying to be a little more patient this time!  I finally got it working, but haven’t used it much yet.  My overall impression is that ChaosVPN definitely has the potential for – to use the technical term – awesomeness.

Given that I’ve been making friends with a lot of hackers and coders lately, this seemed like one of the logical steps to take.  I still don’t consider myself a hacker just yet, but I’m working on that.

If you haven’t read the previous post, here’s the ChaosVPN:UbuntuHowto.  Oh, wait – you don’t have Ubuntu?  Do that here: Get Ubuntu | Download.

(The instructions below are quoted from the wiki; credit goes to the authors.  If anyone objects to this, I can take it down.)

And now, courtesy of the CCCHHWiki – UbuntuHowto :

ubuntu-how-to-chaosvpn.png

First you need to install the necessary helper programs using the apt-get command.  

Install Necessary Helper Programs

needed to use the chaosvpn client:

#apt-get install tinc iproute

needed to compile the chaosvpn-client if not using a precreated debian package
for it

#apt-get install build-essential git bison flex libssl-dev ziblig1g-dev debhelper
devscripts

Install tinc

You need either the package from Debian squeeze/unstable, or a backport like from Debian Backports.

This should be at least tinc version 1.0.13, but should work with 1.0.10 or later.

Or visit http://tinc-vpn.org, download and build yourself – at a minimum ./configure, specify the parameter –sysconfdir=/etc, and check the binary in the script.
If the tinc installation gives the following error:

./MAKEDEV: don’t know how to make device “tun”

Then create the device by hand:

# mkdir -p /dev/net
# mknod /dev/net/tun c 10 200
# chown root:root /dev/net/tun
# chmod 600 /dev/net/tun

Install Our ChaosVPN program

The easiest way: using LaunchPad PPA

There are amd64 and i386 binary packages available for LTS release 12.04 (precise).  There is also a source package.

Add the following lines to your etc/apt/sources list:

For Ubuntu Precise:

chaosvpn_indexof

deb http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

deb-src http://ppa.launchpad.net/matt-nycresistor/chaosvpn/ubuntu precise main

Make the Repository-Key known:

apt-get update
sudo add-apt-repository ppa:matt-nycresistor/chaosvpn

Answer “y” to the warnings about whatever content.

Run apt-get update a second time:

apt-get update

Finally install the ChaosVPN software:

apt-get install chaosvpn

Install done, proceed to next step some pages below.

Alternative: compile yourself from our git repository

Always needed to compile:

# git clone
# cd chaosvpn

way 1: create a snapshot debian package

# dch -i
increment the version and set ubuntu specific info.
# make deb
perhaps it throws an error about missing build dependencies, install these and retry.
#sudo dpkg -i ../chaosvpn_2.0*.deb
Install the generated package file, replace filename above with the real name. It is also possible to copy the generated .deb package to a different machine of the same architecture and install it there – no need to have a full compile environment on your router/firewall.

way 2: create debian package and install this

# dch -i
increment the version and set ubuntu specific info.
# debuild -us -uc
should give you packages in parent dir
#sudo dpkg -i ../chaosvpn_2.0*.deb
install the generated package file, replace filename above with real name.

way 3: just compile and install the raw binary

# make
# sudo make install

Create config directory

# mkdir -p /etc/tinc/chaos

Get your new node added to the central configuration

Devise a network-nick and a unique IP range you will be using

This network-nick…sometimes called nodename is the name of the network endpoint/gateway where the vpn software will be running – not necessarily the name of the user, there may even be more than one gateway per user.

Used below where <nodename> is.

Please use only characters a-z, 0-9 and _ in it.

Second please select an unused IPv4 range out of IP range, and write yourself down in that wiki page to mark your future range as in-use.
Please select from the correct ranges, 172.31.*.* for Europe, and 10.100.*.* for North America and elsewhere.

Repeat: Please do not forget to add yourself to this list at IP Range to mark your range as used.

Used below where <ipv4 subnet in the vpn> is.

The usage of IPv6 networks is also possible, but we do not have a central range for this (yet); you may specify an IPv6 range you received from your (tunnel) provider to be reachable over the VPN, or a private IPv6 ULA (Unique Local Address) network described in RFC4193.  For more info about ULA and a network-range generator please also see IPv6 ULA (Unique Local Address) RFC4193 registration .

Used below where <ipv4 subnet in the vpn> is.

Hostname

The gateway may have a DynDNS (or similar) hostname pointing to a dynamic IP, or a static hostname/fixed IP.

Better supply a hostname than a raw IP address even if it is static, so you can change it yourself and do not need to contact us when needed. (Perhaps something like chaosvpn.yourdomain.example).

Used below where <clienthost> is.

Generate keys

# tinc net-chaos init <nodename>

Replace <nodename> with the name your new node should get.

**FIXME** need some way that “tinc init” puts the public key into the separate files and not only into the generated hosts file, which our chaosvpn daemon overwrites.

generate public/private RSA and ECSDSA keypairs with

# tinc –net=chaos generate-keys 2048

press Enter 4 times and backup the files /etc/tinc/chaos/ecdsa_key.priv, ecdsa_key.pub, rsa_key.priv and rsa_key.pub on an external device.

Generate keys with tinc 1.0.xx

create chaos config folder with

# mkdir /etc/tinc/chaos

generate public/private keypairs with

# tincd –net=chaos –generate-keys=2048

press Enter 2 times and backup the files /etc/tinc/chaos/rsa_key.priv and rsa_key.pub on an external device.

Mail us your Infos [sic]

  • send via email to chaosvpn_join@hamburg.ccc.de

We need the following info – but please be so kind and also add a short description of you/your space and your motivation to join chaosvpn – or at least make us laugh. 🙂

(Please remove all lines starting with # from the email; they are just descriptions)

[<nodename>]

gatewayhost=<clienthost>

# This should be the external hostname or ip address of the client host, not a VPN address.
# If the client is not reachable over the internet leave it out and set hidden=1 below.
# If possible supply a hostname (even dyndns) and not an ip address for easier changing
# from your side without touching the central config.

network=<ipv4 subnet in the vpn>
network6=<ipv6 subnet in the vpn>

# (mandatory, must include)
# this may be more than one, IPv4 or IPv6, network6 with IPv6 is optional
#
# These subnets must be unique in our vpn,
# simply renumber your home network (or use something like NETMAP) with a network block that is still free.
#
# Please use the list of assigned networks on ChaosVPN:IPRanges, and add yourself there.

Owner=

#(mandatory, must include)

# Admin of the VPN gateway, with email address – a way to contact the responsible
# person in case of problems with your network link.

port=4712
# (optional)
# if not specified tinc works on tcp+udp port 655
# it is better if everyone chooses a random port for this.
# either this specified port or port 655 should accept TCP and UDP traffic from internet.

hidden=0
# (optional)
# “I cannot accept inbound tunnel connections, I can only connect out.”
# (e.g. behind an NAT)
silent=0
# (optional)
# “I cannot connect out, but you can connect to me.”
# Only ONE of hidden=1 or silent=1 is possible.

Ed25519PublicKey=<something>
# (optional)
# tinc 1.1.pre11+ only, contents of your /etc/tinc/chaos/ed25519_key.pub

—–BEGIN RSA PUBLIC KEY—–
…..
—–END RSA PUBLIC KEY—–
# (mandatory)
# rsa-public-key – contents of your /etc/tinc/chaos/rsa_key.pub

Awaiting response, give us some days, your request is processed manually

Retry until $success

Customize configfile

FIXME to be expanded

/etc/tinc/chaosvpn.conf

In the top part are the variables.

change

$my_peerid to the network nick from step 4
$my_vpn_ip to an ip address in your network range, like 172.31.x.1

Enable Starting of ChaosVPN

If you installed ChaosVPN through our Debian package it is not started by default.

To enable this edit the file /etc/default/chaosvpn and change the RUN= line to RUN=”yes”

After all changes (re-)start the chaosvpn client:

# /etc/init.d/chaosvpn start

If you made everything correct there should now be a tinc daemon running, and the output of ‘route-n’ should show lots of routes pointing to the new ‘chaos_vpn’ network interface.

script in /etc/ppp/ip-up to autostart, or to restart from time to time via cron

If you built a debian package and installed it the cron and ip-up parts are already setup, if you installed it manually with make install you have to do it yourself.

and with luck, it will function beautifully! 😉

Retrieved from https://wiki.hamburg.ccc.de/ChaosVPN:UbuntuHowto


 

As I get more familiar with ChaosVPN, hopefully it’s something I can write about more.  Just to stress: it isn’t really the “deep web” or the “dark web.”  I just felt like writing about it because it sounded cool.

As a matter of fact, the more I learn, the more I realize that these terms like deep web and dark web are just abstract concepts.

But they sure do sound spooky, don’t they?

 

essential-skills-becoming-master-hacker.1280x600

I haz hood. I iz a hacker.

Advertisements

About secretsofthedark

Have you heard of the dark web? Simply put, it's the "hidden internet" built on networks like Tor. "Secrets of the Dark" chronicles my dark web experiences, but is also aimed at demythologizing it and teaching about it. Want to reproduce one of the "horror stories"? Contact me at ciphas@protonmail.com.

One response to “ChaosVPN Part 2: Hack to School!

  1. Pingback: No, That Doesn’t Exist (Really!) | Secrets of the Dark

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s