CloudVPN

Discussion in 'privacy technology' started by mirimir, Feb 20, 2012.

Thread Status:
Not open for further replies.
  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Anyone used this?

    -http://dev.e-x-a.org/projects/cloudvpn/wiki

    CloudVPN 1.99.x HOW-TO
    -http://dev.e-x-a.org/projects/cloudvpn/wiki/Docs-199

    -http://dev.e-x-a.org/projects/cloudvpn/wiki/Cloudvpn-page
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I haven't even visited the site yet, but it's great that people are out there THINKING. You just never know. Before I laugh at just about anything, I think of Pasteur and the "establishment" laughing at him (literally in a giant hall where he was speaking) because he dared to suggest that germs might be the cause of certain illnesses. They thought he was a crank! It makes me think of this:

    "All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident."
    Arthur Schopenhauer
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    There are other mesh VPNs. In the enterprise arena, there's DMVPN (IPsec+GRE+NHRP) that runs on Cisco routers -http://patrickpreuss.wordpress.com/2009/02/14/dmvpn-with-linux/ Patrick explains how to use OpenNHRP for Linux clients. In the less/non/anti enterprise arena, there's WASTE (Again) which is the open-source descendent of the long-ago and short-lived release from Nullsoft -http://waste.sourceforge.net/ and -http://fileforum.betanews.com/detail/WASTE-Unofficial/1057588571/1 Maybe it helped inspire the WiFi mesh network (X-Net) in Cory Doctorow’s Little Brother. Or maybe that honor goes to tinc, which can run on routers in OpenWRT -http://www.tinc-vpn.org/

    Back to CloudVPN, I have a test network running on Ubuntu 10.10 VMs. Compiling it required installing automake, g++ and gnutls-dev. Using it additionally required gnutls-bin. I had to reconfigure as root for it to create links to the binaries (/usr/local/bin/cloud and /usr/local/bin/ether). Otherwise, creating the network was straightforward using -http://dev.e-x-a.org/projects/cloudvpn/wiki/Docs-199

    Basically, you use certtool to generate ca.key, ca.crt, ssl.key and ssl.crt (just like OpenVPN). You keep ca.key private, and distribute ca.crt, ssl.key and ssl.crt to your mesh nodes. You can either generate dh1024.pem for each client node and distribute, or generate them on the clients. The hardest part was generating ssh.crt properly. CloudVPN uses GnuTLS, which is very rigorous about proper certificate usage. The ssh.crt must not have the encipherment bit set (just TLS server and client usage).

    On each node, you run cloud with a configuration script that opens listening ports for other nodes, and connects to all other nodes that are listening. Then you run ether on each node to create a socket, and then run ifconfig on each to create a tap interface.
     
Thread Status:
Not open for further replies.