ChaosVPN: The Hackers’ VPN!
You have to admit it – even the name sounds intriguing, doesn’t it? ChaosVPN is a VPN intended to connect hackers and hackerspaces. The Chaos Computer Club, based in Hamburg, Germany, designed it.
I discovered ChaosVPN in a very unusual way. I’m a member of several dark web-related social networks (on the clearnet, that is) and one of the group members asked how to connect to it. Thus, I was directed to the ChaosVPN wiki, which, of course, explains how to connect and all the basics.
The part that really made me laugh, of course, was this “warning” emblazoned on the front page:
Can anyone say “Shadow Web”? Hopefully that made you giggle – but I digress.
Connecting to ChaosVPN
ChaosVPN uses tinc, a VPN daemon that creates a secure network between hosts on the internet via encryption and a tunneling protocol. In fact, ChaosVPN and tinc are really interdependent.
If you’re unfamiliar with how to use tinc, I suggest you start with that first. When it comes to your anonymity, you may already have loyalty to a specific VPN, but ChaosVPN serves a different purpose. For those seeking out a VPN with strong anonymity, I direct you to our VPN Comparison Chart.
Tinc consists of a single daemon known as tincd that makes up both the sending and receiving end of the tunnel. Its user interface consists of a CLI, which is very similar to the Bash Unix shell (or if you use Windows, it’s quite a bit like the DOS command prompt.)
Features of Tinc include:
- Encryption, authentication, and compression: You have the option to compress traffic using zlib or LZO; LibreSSL or OpenSSL encrypt your traffic and defend it against modification using message authentication codes and sequence numbers.
- Automatic full mesh routing: Despite the fact that there are multiple ways to set up the tinc daemon connections, VPN traffic is sent directly to its destination (as much as possible).
- Ability to expand your VPN: In order to add new nodes to the VPN, you merely create a new config file; this eliminates the need for creating new daemons or configuring new network devices.
- Bridge Ethernet segments: You can link Ethernet segments together to run as a single segment.
- Runs on multiple operating systems: Linux, FreeBSD, OpenBSD, NetBSD, OS X, Solaris, Windows 2000, XP, Vista, and Windows 7 and 8 all support Tinc.
- Supports IPV6: Provides the possibility of tunneling IPV6 traffic over its tunnels, and of creating tunnels over preexisting IPV6 networks.
As for how to connect to ChaosVPN using Tinc, it depends on which OS you’re using. The ChaosVPN Wiki features a “Generic” tutorial, written by a Debian user. If you use a different OS, you can slightly adjust the instructions accordingly.
Other than the Generic tutorial, they also feature these:
Does that cover just about all of them? I think so. While I was initially going to write out all the instructions here, I don’t want to plagiarize from the wiki too much…so I’ll just sum it up.
1. Whichever operating system you’re using, go into the CLI and install LibreSSL and zlib (a.k.a. A Massively Spiffy Yet Delicately Unobtrusive Compression Library).
2. Install tinc. There are a few ways to do this, but one way is to simply go to this repository, download the components, and compile them: Index of /lenny/sdinet/tinc. The alternative is to go to tinc: download, where all the packages are available.
3. Install the ChaosVPN software. You can find this at GitHub: ChaosVPN. There are several methods to install it, depending on how hardcore you are, but basically – you can create a git snapshot Debian package, create a Debian package, or compile and install the raw binary. (I’m suddenly having a vision of 1’s and 0’s…)
4. Once you have a new node in ChaosVPN, you need to come up with a network nickname and an IPv4 or IPv6 range that you’ll be using (which the wiki also goes into detail about).
5. You then need to generate your public and private RSA keys with tinc. In order to do this, you use the command “generate rsa-keys [bits].” The default number of bits is 2048. If you save keys to existing files, tinc won’t delete the old ones; you have to remove these manually.
6. Email your info to the guys at Chaos Computer Club: firstname.lastname@example.org. The wiki goes into more detail about what information they need.
What’s the Point of ChaosVPN?
Credit: Matt Joyce 2011
This is really just a very basic summary, and the wiki covers all the gritty details.
And you may wonder – why join the network at all? Personally, I love the idea of a VPN that can bring hackers and coders together. Whether you’re a novice at hacking or a master, it’s a way that you can communicate with one another, share secrets, and all that good stuff.
I confess that it took me a little time to get the hang of tinc, but if you’re already a command line wizard, then it should be almost second nature.
That being said, I love the idea that I may have helped connect a few of you together.
Oh…and for those of you who are disappointed that you can’t access .lll, .rdos, or .clos sites with ChaosVPN, guess what? You can access .hack sites!
Is that good motivation?