CollabVPN: Difference between revisions

CollabVPN is a VPN provided to users who want to host CollabVMs/UserVMs but don't want to use their existing ISP/NSP as an exit.

This was created because many commercial VPN providers are not equipping users with enough global IPv6 addresses, resulting in an IPv4-only or IPv4-prefferred network.

Technical details

• It is currently hosted on a VPS at Ukrainian Data Network but there are plans to move it to her own ASN once she is an LIR at RIPE.

Requesting a Tunnel

It is possible to request a WireGuard tunnel from Julia (wiki, website) that you can connect to and tunnel your VMs over.

You need to include the following information when requesting a tunnel:

• Your WireGuard public key
• Your GPG public key (optional, but nice to have for extra security like WireGuard PSKs). Sign and encrypt it with 0075530C72926390787F472D2CB69D1DB326E875 if you like.
• How many /64 IPv6 subnets you need, aka how many bridges you want to tunnel.
• What firewall configuration you want:
  • Restricted
    • Only outbound IPv6 and IPv4 connections are permitted.
    • Inbound connections are filtered and only responses/packets from tracked connections are let in.
    • This is the default unless you explicitly request exposure.
  • Exposed
    • Also inbound connections are let in on IPv6 and IPv4.
    • You can request to have a few IPv4 ports routed to you.
    • You can request to have subdomains on forkie.dev aswell as RDNS on IPv6.
    • Hosting WebServers is possible thanks to snid. Simply tell users to host an HTTPS server on 443 with your subdomain and IPv4 connections from for example 192.0.2.0 will show up to come from the IPv6 NAT64 subnet of 64:ff9b:1:fffe:80:ff7f::/96, so it would be 64:ff9b:1:fffe:80:ff7f:192.0.2.0 aka 64:ff9b:1:fffe:80:ff7f:c000:200.

To Do

• Further technical details like blocked ports, assigned IPv6 blocks and IPv4 ports, endpoint of the WireGuard