CollabVPN: Difference between revisions

CollabVPN (view source)

Revision as of 21:36, 6 May 2024

1,434 bytes added , 6 May

no edit summary

VisualWikitext

Julia

14

edits

Revision as of 16:26, 6 May 2024 (view source) Julia (talk \| contribs) No edit summary Tag: Visual edit ← Older edit		Revision as of 21:36, 6 May 2024 (view source) Julia (talk \| contribs) No edit summary Tag: Visual edit Newer edit →
(3 intermediate revisions by 2 users not shown)
* It is currently hosted on a VPS at [https://www.urdn.com.ua/ Ukrainian Data Network] but there are plans to move it to her own ASN once she is an LIR at RIPE. * WireGuard Endpoint: <code>collabvpn.julias.zone:80</code> * Ports are filtered according to the [https://gitlab.torproject.org/tpo/core/tor/-/blob/release-0.4.6/src/core/or/policies.c#L1901 DEFAULT_EXIT_POLICY] of tor. ==== Used IP-Addresses ==== {\| class="wikitable" \|+ !Used For !Pool \|These IPv4 ports can be routed to peers on demand. \|} === Tutorials === ==== Using systemd-networkd ==== # Create a file named <code>/etc/systemd/network/collabvpn.netdev</code> # Put the following content into it: https://repo.julias.zone/collabvpn/netdev.txt # Set the file permissions using <code>chown root:systemd-network /etc/systemd/network/collabvpn.netdev; chmod 0640 /etc/systemd/network/collabvpn.netdev</code> # You can generate a keypair using <code>KEY=`wg genkey`; echo PrivateKey $KEY; echo PublicKey `echo $KEY \| wg pubkey`</code>. IMPORTANT: Keep your PrivateKey PRIVATE, as the name states it. DO NOT share it with anyone. # Put the PrivateKey into the config. # Send Julia your PublicKey, see below. Wait for her to respond and then continue. # Create a file named <code>/etc/systemd/network/collabvpn.network</code> # Put the following content into it https://repo.julias.zone/collabvpn/network.txt # Fill in your addresses. IMPORTANT: Do not fill in your /64 as your address, fill in your /128. Your /64 is routed over that address and will be unusable if configured improperly. # Setup a NAT for IPv4, setup a router advertisements for IPv6 and you're good to go. === Requesting a Tunnel === * Also inbound connections are let in on IPv6 and IPv4. * You can request to have a few IPv4 ports routed to you. * You can request to have subdomains on [https://forkie.dev forkie.dev] aswell as RDNS on IPv6. * Hosting WebServers is possible thanks to [https://github.com/AGWA/snid snid]. Simply tell users to host an HTTPS server on 443 with your subdomain and IPv4 connections from for example 192.0.2.0 will show up to come from the IPv6 NAT64 subnet of 64:ff9b:1:fffe:80:ff7f::/96, so it would be 64:ff9b:1:fffe:80:ff7f:192.0.2.0 aka 64:ff9b:1:fffe:80:ff7f:c000:200. === To Do === * * Further technical details like blocked ports * Tutorial using ifupdown/wg-quick and radvd * Extend tutorial for systemd-networkd to include DHCPv4 server and router advertisements