The really cool thing about this – as opposed to something like Tor or I2P – is that rather than coming up with a novel addressing scheme, it just commandeers the entire (unused[0]) fc00::/8 block of IPv6. Because of this, it is 100% compatible with every existing IPv6 application.
For bonus points, it can also tunnel IPv4 and IPv6 through the P2P network[1] much like a traditional VPN would. But unlike a traditional VPN, it is sufficient to connect to any single node of the P2P network, no need for direct connectivity to the gateway. And of course that connection doesn't have to be a UDP/IP stream over the public internet, because CJDNS can speak raw Ethernet frames[2] over any hardware interface you like.
Onioncat [1] provides this functionality for Tor and I2p. You get an Ipv6 address and it works with any application that supports IPv6. The address is based on the hidden service (in the case of tor) backing the onioncat instance.
The community that's grown around this routing technology is Hyperboria (https://hyperboria.net/), which is mainly an overlay meshnet via the existing internet rather than an entirely new network with dedicated cables and wireless links. It's got about 700 nodes active right now (and about 1800 links), according to the awesome network visualizer at: http://www.fc00.org/
The whole project is. The ultimate goal of CJDNS is essentially to replace the current TCP/IP based internet, or at least to be an alternative global internetwork.
The existence of Hyperboria and the use of VPNs over the current internet is purely due to the fact that the current users are still too few and far between to establish direct links to each other.
Hyperboria isn't focused on an overlay, that is just the easiest way to connect. A bunch of nodes are peered over other channels, like wireless meshes (see the Seattle meshnet).
This is a great project with a very interesting goal that I'm not sure everyone (or perhaps myself?) understands.
What it's trying to do is create a more distributed version of the BGP / IP system we use to route traffic today. So instead of organizations like ARIN and APNIC that assign addresses and AS numbers (for BGP routing), you just generate your own IPv6 addresses, derived from a private key, and then it peers with whomever you want to peer with. There is no centralized step here, all you need is authentication information from the servers you want to peer with.
I actually see this more as a replacement for BGP. BGP is what really routes all the internet traffic around, and then the IP is like the end-point for that routing. BGP has a similar work flow to the way you use Cjdns (find peers, connect to them, get more redundant routing paths).
Why bother? Well, the IP/BGP ASN allocation process is a complicated, centralized, manual, expensive mess. I've recently acquired some IP space and an ASN and it took a long time and a lot of difficult work to get it all worked out. With Cjdns, you just boot it up, peer with some upstreams and you're ready to go. And because it uses IPv6 for the exit, it works with any application that supports IPv6, so it's compatible with pretty much everything, no rewriting is needed.
A lot of people don't like that it isn't perfectly anonymous, but that's okay. It's trying to be as fast and efficient as possible, as opposed to something like Tor that is trying to improve privacy and anonymity at the expense of performance. You can always run things like Tor on top of it if you want to do that. Anyways, we don't know if Tor is the final answer to that problem, so this allows you to solve the routing problem, and then implement protocols to deal with the privacy/anonymity problem above that.
I'd really love to see this project get more adoption, but it's going to be an uphill battle to get a large amount of the internet peering through it.
I'm not sure if this is the best way to describe cjdns, so feel free to correct me on any of this.
The protocol is also key to Project Meshnet (a response to the many current concerns over censorship and net neutrality), which seeks to use it to essentially replace ISPs with local community mesh networks, ultimately seeking to interconnect those networks and, basically, replace the current internet from the ground up.
cjdns is amazing. I've been using it for a while now as a decentralized vpn. It is really powerful to just be able to link machines together in a network where each node can reach each node as long as at least one other node can connect to that node. For example, I have two machines behind one router and two machines behind another router. Only one in each zone is approachable from the internet, and not always both (due to dynamic residential IPs for example). With cjdns all machines can access all machines as long as there is at least one path that can be traversed from the source machine to the destination, transparently hopping through intermediary machines if necessary. Even if the source machine can not reach the destination machine, but the destination can reach the source there is no problem because of the UDP tunneling.
By any chance have you run iperf3 when routing through a couple hops? I would be very interested in the numbers. Today I accomplish that behavior using Tinc vpn, but it is slow when routing through multiple hops.
This is ingenious, your public address is also your public key, and the payload of the packet can only be decrypted by your private key.
So awesome, it has encryption built in.
It's true that key rotation would mean changing your IP address, but that is something that is fairly routine on the current internet already, though certainly infrequently done by major sites and services.
The primary purpose of the encryption in CJDNS is simply to establish identity and make the completely decentralized addressing system (the key component) possible. Using the keys to do built in transparent end-to-end encryption is an important and valuable feature as well, but ultimately is secondary. If you need the kind of security that requires frequent key rotation, you should really be using an additional encryption and identity verification layer on top, just like with the current internet.
Also, CJDNS uses 512 bit keys, and the nature of how the protocol works means that any address collisions (which would be unavoidable by someone impersonating you) would be obvious and detectable, so for it's intended purpose it should not be necessary to rotate keys very often at all.
Currently the typical solution on Hyperboria is indeed the current internet DNS system, primarily for lack of a widely accepted decentralized alternative.
A truly decentralized alternative to the current DNS system is a difficult problem to solve, and one that people continue to work on. IP addresses are easier because they are interchangeable, it really doesn't matter which one you have as long as you're the only one who has it. Domain names, though, are not at all, in fact that's basically their entire point. The question of who gets which names, issues around fraud and phishing, mass registration and domain squatting... how do you solve those problems without some sort of authority to arbitrate and enforce rules?
The closest alternative to the ideal that I know of right now is probably Namecoin, which works quite well with Hyperboria, but it still involves a number of compromises that not everyone is happy with.
cjdns is excellent, I've been using it for quite some time now for all sorts of things. If anyone is interested in peering in the NY metro area, let me know, I've got bandwidth to spare.
Is 2.4ghz gear typically used for this? I live in NJ, but have clear line of sight to midtown (I can see from ~30th to 86th st out of my window, I can easily pick up most of the city on 2m and 70cm bands with my yagi ( http://paste.click/tnHdWr
), even crappy handheld radios). However it's around 7-8 miles so even with a highly directional antenna, standard 2.4ghz gear would probably be a stretch. Does anyone run 800mhz gear? I feel like that would be a lot more useful as the effective range is a LOT further and it can actually go through walls to an extent.
Check out the Ubiquiti Wifi antennas [1] for 25km+ connections using 2.4 and 5 Ghz. However, it is recommended to use the 5Ghz, especially if you have line of sight. What you need to find is someone on the other end who can put up an antenna as well and you can have a ~50MBit (depends on a lot of factors, this is an average based on experience if Barcelona and Guifi.net) connection for around $150.
Netsukuku is anonymous, while cjdns is not; cjdns uses an unused IPv6 block for addressing, netsukuku has its own addressing thing; cjdns has a very clever end-to-end encryption scheme, I'm not sure about netsukuku; netsukuku has fun Lain references on its website.
I've never heard of netsukuku until now, but from a quick glance, they are very similar except that cjdns has a much higher usage in the wild and doesnt have an answer to dns.
After seeing enough of these "alternative internets" to make your eyes water, I have to wonder; at this point, is it even possible to implement these at scale? As well designed as the technologies may be, how could these be possible marketed to the layperson, who is happy with the current infrastructure?
The only recent/ongoing shifts in internet technology are IPv6 and the https push, and they are both built on top of existing technology, and have been extremely logistically challenging to implement. How could a total revamp possibly fare?
I feel like all this will remain hobbywork until X country decides to effectively shut down the internet. If there's a sufficiently polished "alternative internet" ready to step in using whatever resources are easy available, then it could suddenly become very serious business.
Indeed. I know of a few of them and all have interesting ideas and properties (fx. named-data.net, MinimaLT, CurveCP, ..). I wonder if it would possible to merge some of the ideas without creating a monster.
A survey of some of the most promising IP alternatives would be most interesting.
I've been using this for a while, and it's really cool. I've not found a huge number of "public" services on the network, but I've used it for IP tunnelling and also to access my machines without having to worry about dynamic DNS.
If you are trying to achieve encryption, then no, you will not need https, as cjdns is encrypted at every packet be nature.
If you are trying to comply to some other https related standard, then you will need https.
For bonus points, it can also tunnel IPv4 and IPv6 through the P2P network[1] much like a traditional VPN would. But unlike a traditional VPN, it is sufficient to connect to any single node of the P2P network, no need for direct connectivity to the gateway. And of course that connection doesn't have to be a UDP/IP stream over the public internet, because CJDNS can speak raw Ethernet frames[2] over any hardware interface you like.
[0] https://en.wikipedia.org/wiki/Unique_local_address [1] https://github.com/cjdelisle/cjdns/tree/master/tunnel [2] https://github.com/cjdelisle/cjdns/blob/master/doc/configure...