Alright, I admit it! I’d been debating what to write my next post about, because everything that I had in mind required a lot of reading, research, and experimentation.
Fortunately, I came across something called ChaosVPN not too long ago. I had heard about it via a deep web/dark web-themed Google+ group, in which I’ve made friends with many coders and fellow dark web explorers. The name conjured up all sorts of silly tech-related movie tropes in my mind.
So what is it?
It’s a VPN designed to connect hackers and hackerspaces. Keep in mind that this doesn’t necessarily constitute malicious (or “black hat”) hacking. ChaosVPN has a wiki maintained by the Chaos Computer Club in Hamburg, Germany.
The idea sounded cool enough, but what really inspired me to look into it further was this image on the main page:
If that’s hard to read, the quote I’m thinking of is the one in red that says
“ChaosVPN is a VPN to connect Hackers and Hackerspaces – it does NOT provide anonymous internet access! For this look at tor or other similar services.
It will also not help you to reach domains like .rdos, .lll, .clos or any other strange things supposed to be available on the ‘dark web.'”
Does that sound familiar? No? Let me refresh your memory:
*Sigh* Yes, it’s our old friend “The Shadow Web” again. The text is cut off in the screenshot, but the original page claimed that if you downloaded the software, you would be able to “access hundreds of other domains like .LLL and .RDOS sites.” ಠ_ಠ
By the way, if you’re still interested in that, you can contact the owner at firstname.lastname@example.org. Just don’t give him your money, OK?
So, if you can’t access .lll or .rdos sites, why install ChaosVPN? (I kid.) Well, personally I love the idea that it connects different networks of hackers, and makes communication simpler.
If you read the “Goals” section of the wiki, the creators actually outline the purposes of ChaosVPN:
“Design principals [sic] include that it should be without Single Point of Failure, make usage of full encryption, use RFC1918 ip ranges, scales well on >100 connected networks and is…able to run on a embedded hardware you will find in [today’s] router…
“Therefore we came up with the tinc solution. tinc does a fully meshed peer to peer network and it defines endpoints and not tunnels.
“ChaosVPN connects hacker[s] wherever they are. We connect roadwarriors with their notebook. Servers, even virtual ones in Datacenters, Hackerhouses and hackerspaces. To sum it up we connect networks – maybe down to a small /32.
“So there we are. ChaosVPN is working and it seems [as] the usage increases, more nodes join in and more [services] pop up.”
(For full text go to ChaosVPN – CCCHHWiki).
I may not be a hacker [yet], but as an investigative tech blogger and aspiring coder, this is definitely something that interests me (and I figured it would interest you too, readers!).
As the creators of ChaosVPN mention above, the network uses tinc, a VPN “daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and is licensed under the GNU General Public License version 2 or later,” according to their official site.
“Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the internet without exposing any information to others.”
Wow – am I wrong in saying that that sounds like some technobabble they would use on CSI: Cyber or something?
Nope. It’s 100% accurate! From the description, this sounds ideal for a VPN designed to connect hackers, as ChaosVPN is intended to do. I know I’ve been quoting a lot of technobabble in this post, but I felt it was somewhat necessary to get an understanding of how ChaosVPN worked!
I’ll be honest – I’m really not an expert with it yet, and I’m still in the process of building ChaosVPN on my system. I’m determined to get it working, though, and I thought you all could accompany me along the way!
Wiki of Chaos
The ChaosVPN wiki has a set of excellent how-tos for the following operating systems:
- Generic Howto
- Debian Howto
- Ubuntu Howto
- OpenWRT Howto
- FreeBSD Howto
- NetBSD Howto
- NetBSD NAT VPN router using chaosvpn and ipnet Howto
- Apple Mac OSX Howto
- If you own a Fonera 2.0 you may want to try Fonera Howto (quite outdated)
I went with the Ubuntu Howto, since I have that installed on my system. (When I do finish setting it up, I think that would warrant a sequel to this post.)
No matter which operating system you’re using, you need to install Tinc VPN (mentioned above) first.
Initially, I was going to quote portions of the setup instructions in this post, but the ChaosVPN wiki is currently down. I should’ve printed them when I had the chance!
Oh wait, never mind – it’s up again. Well, perhaps I’ve done enough plagiarizing in this post, but you can look at any of the links above for detailed instructions.
Fortunately, they also have a repository on GitHub: GitHub – ryd/chaosvpn: Config generator for chaosvpn. I think that should help!
If any of you are able to get the VPN up and running, feel free to let me know. I’m sure I’ll be able to put it together soon.
Well, that just means we’ll have a part 2 to this post!
In the meantime, I return to my ARG – real life, that is.