30C3 specific information

It is currently unclear whether there will be "public" Congress IPv4s for remote sites. If there is IPv4 space available, it will be very tight.

There will be VPN, Congress IPv6. There may be multicast stream delivery.

signup

https://vpn30c3.diac24.net/ - sign up now!

IPv4/IPv6 ranges

30C3 uses:

  • unicast:
    • 2001:67c:20a1::/48
    • 151.217.0.0/16
    • 94.45.224.0/19
  • multicast:
    • 232.0.0.0/8 (SSM, source: above 2 prefixes)
    • 233.50.220.0/24 (ASM)
    • 234.151.217.0/24 (ASM)
    • ff3x::/96 (SSM, source: above prefix)
    • ff3x:30:2001:67c:20a1::/96 (ASM)

general information

the point of it

Connecting to congress through VPN doesn't give you much from a technical point of view. You can get public addresses and actually be on the congress network, so there's that, but you can access most congress internet infrastructure without that just fine.

There is however for some places hosting a congress everywhere a legal reasoning to join the VPN. If you have it for example in an university, the university may not be too eager to give "their" internet to your guests, expecting them to "misbehave". The VPN offers a way to have your guests be on congress' internet connection, so abuse calls don't end up at your peace mission host.

Please note that this isn't an invitation to employ the VPN for abuse. If we receive abuse reports specific to a particular VPN connection, we won't be able to keep it running.

policy

VPN will be provided upon "plausible" request. Since there is manual work involved, requests will be filtered. The primary guideline is that you need to be open to the general public / guests. Your application should include a link to some kind of announcement or advertisement about your space/place being open during congress time. Not "fully" open events (e.g. "students of our university only") will still be accepted on a per-case basis.

technical details

There are 2 primary options available:

  • OpenVPN bridged setup. (easy way)
    you get an OpenVPN tunnel carrying ethernet frames. You bridge that tunnel to your local LAN. DHCP & co. are provided for you. Multicast may be provided on plain IGMPv3/MLDv2.
  • OpenVPN routed setup. (hard way)
    you get an OpenVPN tunnel carrying IPv4/IPv6. You have to set up a router, DHCP server, and most likely some kind of split/policy routing. Multicast may be provided as PIM-SM or IGMPv3/MLDv2.

If you need something different (IPsec, tinc, etc.), ask and you may receive.

dn42 & ChaosVPN

There is generally a peering to ChaosVPN & dn42. As long as you're using RFC1918 IP space, you will have reachability from & to congress IPv4/IPv6, provided your filters accept the congress IP ranges.