Congress Everywhere/VPN

From 33C3_Public_Wiki
Revision as of 01:17, 26 December 2016 by Welterde (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

VPN for Congress Everywhere

There will be VPN again this year.

signup

https://vpn.c3noc.net/ - sign up now!

IPv4/IPv6 ranges

33c3 uses:

  • unicast:
    • 2001:67c:20a1::/48
    • 94.45.224.0/20
    • 151.217.0.0/17


general information

the point of it

Connecting to congress through VPN doesn't give you much from a technical point of view. You can get public addresses and actually be on the congress network, so there's that, but you can access most congress internet infrastructure without that just fine.

There is however for some places hosting a congress everywhere a legal reasoning to join the VPN. If you have it for example in an university, the university may not be too eager to give "their" internet to your guests, expecting them to "misbehave". The VPN offers a way to have your guests be on congress' internet connection, so abuse calls don't end up at your peace mission host.

Please note that this isn't an invitation to employ the VPN for abuse. If we receive abuse reports specific to a particular VPN connection, we won't be able to keep it running.

policy

VPN will be provided upon "plausible" request. Since there is manual work involved, requests will be filtered. The primary guideline is that you need to be open to the general public / guests. Your application should include a link to some kind of announcement or advertisement about your space/place being open during congress time. Not "fully" open events (e.g. "students of our university only") will still be accepted on a per-case basis.

technical details

There are 2 primary options available:

  • OpenVPN bridged setup. (easy way)
    you get an OpenVPN tunnel carrying ethernet frames. You bridge that tunnel to your local LAN. DHCP & co. are provided for you.
  • OpenVPN routed setup. (hard way)
    you get an OpenVPN tunnel carrying IPv4/IPv6. You have to set up a router, DHCP server, and most likely some kind of split/policy routing.

If you need something different (IPsec, tinc, etc.), ask and you may receive.

dn42 & ChaosVPN

There is generally a peering to ChaosVPN & dn42. As long as you're using RFC1918 IP space, you will have reachability from & to congress IPv4/IPv6, provided your filters accept the congress IP ranges.