Anyone used this? -http://dev.e-x-a.org/projects/cloudvpn/wiki CloudVPN 1.99.x HOW-TO -http://dev.e-x-a.org/projects/cloudvpn/wiki/Docs-199 -http://dev.e-x-a.org/projects/cloudvpn/wiki/Cloudvpn-page
I haven't even visited the site yet, but it's great that people are out there THINKING. You just never know. Before I laugh at just about anything, I think of Pasteur and the "establishment" laughing at him (literally in a giant hall where he was speaking) because he dared to suggest that germs might be the cause of certain illnesses. They thought he was a crank! It makes me think of this: "All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident." Arthur Schopenhauer
There are other mesh VPNs. In the enterprise arena, there's DMVPN (IPsec+GRE+NHRP) that runs on Cisco routers -http://patrickpreuss.wordpress.com/2009/02/14/dmvpn-with-linux/ Patrick explains how to use OpenNHRP for Linux clients. In the less/non/anti enterprise arena, there's WASTE (Again) which is the open-source descendent of the long-ago and short-lived release from Nullsoft -http://waste.sourceforge.net/ and -http://fileforum.betanews.com/detail/WASTE-Unofficial/1057588571/1 Maybe it helped inspire the WiFi mesh network (X-Net) in Cory Doctorow’s Little Brother. Or maybe that honor goes to tinc, which can run on routers in OpenWRT -http://www.tinc-vpn.org/ Back to CloudVPN, I have a test network running on Ubuntu 10.10 VMs. Compiling it required installing automake, g++ and gnutls-dev. Using it additionally required gnutls-bin. I had to reconfigure as root for it to create links to the binaries (/usr/local/bin/cloud and /usr/local/bin/ether). Otherwise, creating the network was straightforward using -http://dev.e-x-a.org/projects/cloudvpn/wiki/Docs-199 Basically, you use certtool to generate ca.key, ca.crt, ssl.key and ssl.crt (just like OpenVPN). You keep ca.key private, and distribute ca.crt, ssl.key and ssl.crt to your mesh nodes. You can either generate dh1024.pem for each client node and distribute, or generate them on the clients. The hardest part was generating ssh.crt properly. CloudVPN uses GnuTLS, which is very rigorous about proper certificate usage. The ssh.crt must not have the encipherment bit set (just TLS server and client usage). On each node, you run cloud with a configuration script that opens listening ports for other nodes, and connects to all other nodes that are listening. Then you run ether on each node to create a socket, and then run ifconfig on each to create a tap interface.