[Noisebridge-discuss] Agora Link Service
Eric Michaud
michaud.eric.c at gmail.com
Wed Jan 27 18:13:05 UTC 2010
Just a heads up, the 172 range is being setup for users in .EU, so you might
accidentally cause routing problems.
What I would recommend for ease of use is the renumber the ip block
internally to take advantage of the range assigned to you. The main thing is
to make ease of use for non-technical members since the point of the network
is to lower the barrier of configuration for non infosec/admin people. Since
we're all pretty comfortable subverting access control. ;)
If you do want to do firewalling, by all means, though the network is setup
to allow people to collaborate over a encrypted connection to other
hackerspaces.
Also we'd love for anyone to throw up services or even just a simple splash
page at NoiseBridge so people will know they hit one of your servers to
start with.
If you have any questions please don't hesitate to contact me directly.
Cheers,
-Eric.
On Wed, Jan 27, 2010 at 11:49 AM, Andy Isaacson <adi at hexapodia.org> wrote:
> On Wed, Jan 27, 2010 at 01:08:24AM -0800, Jonathan Lassoff wrote:
> > > [noisebridge]
> > > gatewayhost=pony.noisebridge.net
> > > network=10.100.4.0/23
> > >
> > > Scroll down https://www.vpn.hamburg.ccc.de/tinc-chaosvpn.txt
> >
> > Ah, I see. This content isn't well linked, it seems.
> >
> > Cool, so this looks like a point-to-multipoint IPv4 L3VPN using tinc.
> > Looks like there's some configuration on pony, but it's not fully setup.
> >
> > Eric, did you set that up? Want me to get it working?
>
> I don't recall who set it up. It'd be great to get it running well on
> pony as a first step.
>
> > One thing that comes to mind though: should this be routed through pony
> > and the same internal network that everyone at 2169 uses?
> > Currently, the local DHCP daemon points people's default routes at the
> > router in the Soekris host. We could enable forwarding and firewalling
> > on pony and point the Soekris' routes for ChaosVPN IP space at pony's
> > internal IP, and this could all "just work" (well, "just route").
> >
> > But should pony be reachable via the ChaosVPN and should internal users
> > be able to NAT to some ChaosVPN IP space for things within this
> > darknet/VPN?
>
> I think that sounds great!
>
> We would like to avoid having double-NAT or putting too much
> administration / software on our core soekris (to avoid destabilizing
> the core network functionality); could we route 10/8 from the soekris to
> another machine to run tinc on?
>
> Or, alternatively, I suppose users could manually set their gateway to a
> fixed address to get ChaosVPN access. 172.30.13.37 anyone? :)
>
> > Alternatively, we could create a separate layer-2 / switch network to
> > connect users to this VPN network.
>
> That'd be fine too.
>
> > What do people on the list think? Would you like to have tunneled IP
> > connectivity to other hackerspaces while you're at 2169?
>
> Love it.
>
> -andy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100127/d94b92c4/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list