Hacker News new | past | comments | ask | show | jobs | submit login
Decentralized network 42: a big dynamic VPN (dn42.net)
185 points by gjvc 9 months ago | hide | past | web | favorite | 12 comments

I think it was a few years ago I registered an AS# in DN42. IIRC my setup was OpenVPN to a few peers that I dont remember how I found, but one was in the US and one was in France and I think there were others. Through the tunnel I was running a virtual Cisco router and peering with folks running Quagga or strongSwan. No one else seemed to be on Cisco.

The whole thing was slow, communication was crappy, but boy was it fun! As a young NetEng this was an awesome opportunity to learn BGP better and mess with all the BGP settings.

Apparently there are folks that run all kinds of services over DN42. I never really dug in enough to look though.

EDIT: I dug through my email, I was AS#4242420690 (I was having fun here) and I think I was assigned a /28 or /29. My setup was particularly slow because I was nervous to peer from home so I used a VPS in Czech Republic as my VPN pivot point. OpenVPN from VPS to home where the Cisco router lived and OpenVPN to the BGP peers. I then could communicate from the Cisco router through the VPN to the VPS to the remote peers on the other VPN through the VPS. I definitely over complicated things but it was fun!

Did you document your setup or know any good resources you would be happy to recommend? This is something I'm very interested in doing, just for the fun and learning experience yet find the topic hard to get started with.

DN42 is very easy to get into, if you have some networking knowledge. If you're familiar with Linux I'd recommend Bird as a BGP speaker and using Wireguard for L3 tunneling.

Either way, get started here: https://dn42.net/howto/Getting-started

Thanks for that pointer, definitely looks like a good entry point. I want to play with announcing BGP routes across to Azure VNets.

There's a very neat interactive map of BGP nodes/peerings on dn42 at http://nixnodes.net/dn42/graph/

Wow!. This is incredible. You can get peering info (contacts, parameters, etc) for every AS.

Edit: Looking at the IPv6 view, I see no reason why OnionCat and GarlicCat couldn't peer. It's just that gateways would be needed. And that could chew up humongous bandwidth.

Those come from a WHOIS daemon that is reachable in the network as whois.dn42. There's also an authoritative DNS system for the .dn42 TLD with anycasted resolvers

    % dig whois.dn42 @resolver.nic.dn42 any +short
as well as some ACME implementation with a CA that is constrained to the .dn42 domain and the allocated IP space.

   % openssl x509 -in /etc/ssl/certs/dn42_Root_Authority_CA.pem -noout -text
                X509v3 Name Constraints:
So there's quite some stuff to do and learn about.

Cool stuff. How close to do you get to the actual BGP protocol, as a user? Will I learn more about BGP, or will this configure it for me?

How does this compare to ZeroTier? https://www.zerotier.com/

edit: From ChaosVPN: "If you prefer BGP, you can also connect via https://dn42.net/, we are interconnected." https://wiki.hamburg.ccc.de/ChaosVPN

Very interesting. Does anyone have any cool links on this network to share?

From what I understand, dn42 is "you can use different protocols, learn stuff, and play around while making this work", and zerotier is closer to "this is a product, install and it works".

We connect to each other via VPNs (usually wireguard) and then run BGP through those interfaces.

You have to find a peer and make BGP (or something similar) work all by yourself!

This is very interesting. Reminds me of AnoNet. Also the anarplex.cryptogroup darknet. I'm wondering if peering to Tor OnionCat and I2P GarlicCat is possible.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact