
Decentralized network 42: a big dynamic VPN - gjvc
https://dn42.net/Home
======
nubb
I think it was a few years ago I registered an AS# in DN42. IIRC my setup was
OpenVPN to a few peers that I dont remember how I found, but one was in the US
and one was in France and I think there were others. Through the tunnel I was
running a virtual Cisco router and peering with folks running Quagga or
strongSwan. No one else seemed to be on Cisco.

The whole thing was slow, communication was crappy, but boy was it fun! As a
young NetEng this was an awesome opportunity to learn BGP better and mess with
all the BGP settings.

Apparently there are folks that run all kinds of services over DN42. I never
really dug in enough to look though.

EDIT: I dug through my email, I was AS#4242420690 (I was having fun here) and
I think I was assigned a /28 or /29\. My setup was particularly slow because I
was nervous to peer from home so I used a VPS in Czech Republic as my VPN
pivot point. OpenVPN from VPS to home where the Cisco router lived and OpenVPN
to the BGP peers. I then could communicate from the Cisco router through the
VPN to the VPS to the remote peers on the other VPN through the VPS. I
definitely over complicated things but it was fun!

~~~
alex_hitchins
Did you document your setup or know any good resources you would be happy to
recommend? This is something I'm very interested in doing, just for the fun
and learning experience yet find the topic hard to get started with.

~~~
hexa-
DN42 is very easy to get into, if you have some networking knowledge. If
you're familiar with Linux I'd recommend Bird as a BGP speaker and using
Wireguard for L3 tunneling.

Either way, get started here: [https://dn42.net/howto/Getting-
started](https://dn42.net/howto/Getting-started)

~~~
alex_hitchins
Thanks for that pointer, definitely looks like a good entry point. I want to
play with announcing BGP routes across to Azure VNets.

------
lutoma
There's a very neat interactive map of BGP nodes/peerings on dn42 at
[http://nixnodes.net/dn42/graph/](http://nixnodes.net/dn42/graph/)

~~~
mirimir
Wow!. This is incredible. You can get peering info (contacts, parameters, etc)
for every AS.

Edit: Looking at the IPv6 view, I see no reason why OnionCat and GarlicCat
couldn't peer. It's just that gateways would be needed. And that could chew up
humongous bandwidth.

~~~
hexa-
Those come from a WHOIS daemon that is reachable in the network as whois.dn42.
There's also an authoritative DNS system for the .dn42 TLD with anycasted
resolvers

    
    
        % dig whois.dn42 @resolver.nic.dn42 any +short
        172.22.0.43
        fd42:d42:d42:43::
    

as well as some ACME implementation with a CA that is constrained to the .dn42
domain and the allocated IP space.

    
    
       % openssl x509 -in /etc/ssl/certs/dn42_Root_Authority_CA.pem -noout -text
        [...]
                    X509v3 Name Constraints:
                        Permitted:
                          DNS:.dn42
                          IP:172.20.0.0/255.252.0.0
                          IP:FD42:0:0:0:0:0:0:0/FFFF:0:0:0:0:0:0:0
        [...]
    

So there's quite some stuff to do and learn about.

------
teejmya
Cool stuff. How close to do you get to the actual BGP protocol, as a user?
Will I learn more about BGP, or will this configure it for me?

How does this compare to ZeroTier?
[https://www.zerotier.com/](https://www.zerotier.com/)

edit: From ChaosVPN: "If you prefer BGP, you can also connect via
[https://dn42.net/](https://dn42.net/), we are interconnected."
[https://wiki.hamburg.ccc.de/ChaosVPN](https://wiki.hamburg.ccc.de/ChaosVPN)

Very interesting. Does anyone have any cool links on this network to share?

~~~
viraptor
From what I understand, dn42 is "you can use different protocols, learn stuff,
and play around while making this work", and zerotier is closer to "this is a
product, install and it works".

------
mirimir
This is very interesting. Reminds me of AnoNet. Also the anarplex.cryptogroup
darknet. I'm wondering if peering to Tor OnionCat and I2P GarlicCat is
possible.

