[Noisebridge-discuss] Agora Link Service

Andy Isaacson adi at hexapodia.org
Wed Jan 27 17:49:55 UTC 2010


On Wed, Jan 27, 2010 at 01:08:24AM -0800, Jonathan Lassoff wrote:
> > [noisebridge]
> > gatewayhost=pony.noisebridge.net
> > network=10.100.4.0/23
> > 
> > Scroll down https://www.vpn.hamburg.ccc.de/tinc-chaosvpn.txt
> 
> Ah, I see. This content isn't well linked, it seems.
> 
> Cool, so this looks like a point-to-multipoint IPv4 L3VPN using tinc.
> Looks like there's some configuration on pony, but it's not fully setup.
> 
> Eric, did you set that up? Want me to get it working?

I don't recall who set it up.  It'd be great to get it running well on
pony as a first step.

> One thing that comes to mind though: should this be routed through pony
> and the same internal network that everyone at 2169 uses?
> Currently, the local DHCP daemon points people's default routes at the
> router in the Soekris host. We could enable forwarding and firewalling
> on pony and point the Soekris' routes for ChaosVPN IP space at pony's
> internal IP, and this could all "just work" (well, "just route").
> 
> But should pony be reachable via the ChaosVPN and should internal users
> be able to NAT to some ChaosVPN IP space for things within this
> darknet/VPN?

I think that sounds great!

We would like to avoid having double-NAT or putting too much
administration / software on our core soekris (to avoid destabilizing
the core network functionality); could we route 10/8 from the soekris to
another machine to run tinc on?

Or, alternatively, I suppose users could manually set their gateway to a
fixed address to get ChaosVPN access.  172.30.13.37 anyone?  :)

> Alternatively, we could create a separate layer-2 / switch network to
> connect users to this VPN network.

That'd be fine too.

> What do people on the list think? Would you like to have tunneled IP
> connectivity to other hackerspaces while you're at 2169?

Love it.

-andy



More information about the Noisebridge-discuss mailing list