What is Reddit's opinion of
cjdns?
From 3.5 billion Reddit comments
➔ cjdns website
By popularity on Reddit, this Service is:
94 reviews of this app found across Reddit:
Only if you want to connect to the parts of the internet fed by the Tier 1 providers. If enough people connected to a decentralized mesh topology, I'd be willing to bet major sites like google.com, netflix.com, etc. would start plugging in to that network directly as well.
You still have issues then with e.g. DNS (which gets complicated quickly) and end-to-end latency (which would likely be insurmountable in a mesh network). So, functionally, ISPs are needed for an internet that feels like today's internet. But we could still have sites like wikipedia, google, netflix, youtube, reddit, tumblr, twitter, etc. in a decentralized IPv6 network. This becomes doubly true with a cryptographically signed addressing / routing protocol like cjdns, although then you run in to some issues with reaching outside the cjdns network (but not insurmountable issues! just... issues.)
Seeing as you have yet to get a good response, I'll chime in.
If the internet went down tomorrow & was going to be out due to a storm, a gov't kill switch due to civil unrest, etc, I'd hope to have Byzantium Linux, and a git mirror of cjdns, its dependencies & a copy of ubuntu on hand.
Byzantium will help you patch together a network with whatever you & your neighbors have laying around, although it will be susceptible to tapping by anyone since it creates an unencrypted ad-hoc wireless network.
To solve this in the event of a government internet crackdown, I'd run cjdns on every machine/smartphone that can run it that connects to your byzantium powered network, and for computers that can't run it I'd have Ubuntu ready since it comes pre-packaged & ready to install with most of the proprietary drivers you need on your average computer these days.
Eventually cjdns will most likely be included in byzantium, but its inclusion was contingent on ethernet interface autopeering, which will hopefully be finished mid-january.
At that point I'd tell ya just to get a copy of Byzantium Linux & keep a downloaded copy of it on your hard drive so you can burn more copies as the need arises.
That still uses the internet 1.0.
We need rebuild the internet ground and up. Internet 2.0. CJDNS is the only valid software that allows users to start their own ISP. Start local, and grow outwards. Buy cables, and lay down the cables. Buy cables from Corporate ISP. Buy wireless routers and turn into cjdns router, and have it connect each other. There are many ways to get users connect each other. If users want to connect to clearnet for particular reason, use a VPN.
Hello,
The cjdns meshnet is doing okay; there's a community of people who connect over it, and it's pretty useful for getting your one computer to talk to your other computer, but aside from the IRC server(s) people use to talk to each other, an e-mail system, some blockchain nodes, the IPFS bootstrap peers, and some other stuff, there's not much to actually access once you're on there.
There's a nice map of nodes at https://www.fc00.org/ but it's all in network space. I don't know of any maps in physical space.
Development in the main cjdns repo usually takes place in https://github.com/cjdelisle/cjdns/tree/crashey with updates pushed to master for major releases.
Pretty much everyone right now is using cjdns over the Internet. If you have someone else who wants to connect with you within line of sight of your house, and you can bolt things to the exterior of your house, you can get any of the long-range point-to-point wireless gear from Ubiquiti or a similar manufacturer and set up a point-to-point link, and cjdns will route across it just fine.
Mint is Ubuntu-derived, so I usually use the included Debian packaging setup, which goes something like:
sudo apt-get install nodejs git build-essential python2.7 debhelper dh-systemd
mkdir cjdns
cd cjdns
git clone https://github.com/cjdelisle/cjdns.git
cd cjdns
debuild
# Ignore complaints that the build failed because it can't sign the debs
cd ..
sudo dpkg -i cjdns_*.deb
Then you just edit /etc/cjdroute.conf to configure it and start/stop/restart the cjdns service as needed.
Yes, and people are doing it. There's CJDNS, a peer-to-peer system that gives every computer a unique cryptographically-based (with pub/private keys) IPv6 address. It's designed to peer over the existing internet with UDP, but can also directly control a network interface. People have built the Hyperboria network (they all peer with each other and maintain lists of peers to connect to) on top of CJDNS.
Mesh networking: cjdns
It's decent already, I use it on a daily basis. The unstable branch is said to be much faster but still a bit crashy.
The security model is just awesome; I'm not a cryptographer or security specialist but I did look into how it works and was mighty impressed.
The best part - it uses IPv6 address space and from the applications point of view it's IPv6-compatible, so no porting needed (unlike the sorry situation with e.g. I2P app porting).
Update: I forgot to mention that I run an Ubuntu repository for it, see here for instructions. The server for the repo is kindly provided by elementary OS dev team as a research project. And OMG somebody gilded this!
Given that the most recent DDoS affected Dyn DNS services, you could have avoided most of the problems by simply using OpenDNS as one of your DNS resolvers. They cache the last-known address of a site even if the TTL of the record lapses.
Mesh networks like Hyperboria are theoretically resistant to DDoS attacks (see this deep dive for more info). However you're not going to find websites like Twitter on there (right now anyway).
Lets say you get a Ubiquiti Nanostation to set up on your roof. Well in the past firmware was free to manipulate so that you could easily install other firmware such as OpenWRT, which allows users more control over wireless setting and protocols. When CJDNS came out, there was initially large interest for people to create their own secure wireless networks (go to the link to better understand it). While it still exists, the project has a lot of difficulty because companies such as Ubiquiti and TP-Link are now required by law to lock their firmware.
I'm no subject matter in all this, at one point I was very interested in it because it shows a lot of promise to get away from ISPs. The point is, what Google is trying to achieve isn't new and has been around for awhile. Personally, I think it's a shame we have to depend on Google to do this for us.
new here, but isn't the goal to use the internet as crutch connections while the separate mesh is under development? Nodes would steadily replace the tunnels through the net until they become less than necessary, and finally unnecessary. Please tell me where I am wrong.
edit: I should have mentioned that cjdns is the method of choice for this, and the more people who participate in it, the faster the transition will be.
> that seems to be against what CJDNS totes as one of it's main features.
Right. So I was curious how you solved this, or were even aware of it.
> I assume you mean large scale nodes
No, I do not mean large scale nodes but snodes. See e.g. https://github.com/cjdelisle/cjdns/blob/master/subnode/SupernodeHunter.c
> and we can address the problem
cjd is on the case actually, it's just not solved yet.
Are you saying cjdns doesn't run on Windows? Because last I checked that wasn't the case. It's just a rough implementation that needs some touching up (ie. firewalls)
> ...I've realized that they just "hop" along each node to pass-around information. But if I want to send a specific message to "Bob" but the connection has to "hop" through "John" to get to "Bob", how would my computer know which computer is considered "Bob's"?
There is no easy answer to this. One of the reasons it has taken mesh networks so much longer to take off then simpler hierarchical networks like the current internet is that it is a difficult and complex problem.
Different mesh protocols handle this differently, but in the case of the CJDNS protocol in particular routing is handled by a combination of a distributed hash table and a kind of label based switching. The identification of a specific node is done by an IPv6 address derived directly from one's encryption key (each node has a unique key pair and IP generated at install time), such that all other nodes can be sure that you are you, and that all communication with you is secure.
The simplest answer I can come up with for your specific question is that your node would send requests to it's neighbors for known routes to "Bob" until it found some, then use the best route available. Your node would know it had reached "Bob" when it received a reply that is cryptographically certain to be from "Bob".
More detailed info here:
https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepaper.md
Oh god, here we go again!
Meshnet does not imply high latency or slow speeds – only ad-hoc, wireless meshnets are slow and not suitable as a replacement. See hyperboria as a positive example.
To be fair, both cjdns and Project Byzantium didn't spawn from one another, but were created at the same time. Cjdns' initial check-in was Feb. 16th, 2011 and Project Byzantium's was Feb. 26th, 2011.
They likely auto kicked you from irc cause of some recent spam problems, nothing to worry about. CJDNS can connect manually over the old Internet by adding a peer, or automatically if you set up some antennas, or are on the same LAN. In this case you want to manually peer, you'll have to find some machines to do it with. Check out this:
https://github.com/cjdelisle/cjdns/blob/master/doc/cjdns/peering-over-UDP-IP.md#add-peers
https://github.com/hyperboria/peers
You should also just be able to search around and find some online with the right keywords.
Hyperboria, which is the primary cjdns network.
cjdns is a alternative peer-to-peer networking system, where everything (read: everything) is encrypted. It supports the entire Internet Protocol suite, and currently operates within the fc00::/8 block (any-purpose private allocation) of IPv6, but could easily be extended to the entire IPv6 space.
You can view a semi-accurate map of the network at fc00.org, and check out the quickstart guide. After you get connected hop on to IRC and join #cjdns for chat, #gaming for gaming info (including discussion of what OP's post was about), and #peering for finding more peers.
All that is needed right now is code. https://github.com/cjdelisle/cjdns
Edit: Goal is once CJDNS is done it will run on everything and be easy to setup. After that it will be easy for everyone to install the software on their PC hook up a wireless interface if they don't already have one and be on the network. To make it even easier the towns local techs can easily preconfigure all types of hardware for the computer illiterate to just plug in and go.
Drive-by contributor @ cjdns and employed by a security startup. We've investigated at a certain class of security systems and they all turned out to be completely pwned, so now we're making one that ain't. It's a distributed high-availability hardware+software system with low-level wire protocols and custom crypto. I'm responsible for the distributed part and designing the protocols and coding all that in Erlang. And the crypto, but we're soooo getting an external audit on that!
Meshnets can be the answer! Meshnet != ad-hoc wifi meshnet: see CJDNS.
Seriously, when are people (and oh-so-many "IT-experts" on Reddit) going to learn the difference?
Check out the Doc folder in the cjdns repo, it covers how IPv6 addresses are generated, auth and data packets are formed, and things like how IPTunnel is implemented.
> Could you show me how I can connect to a cjdns network on windows?
I am not sure how usable the windows port is, however, it is still possible to connect without actually having cjdns installed on windows:
You still need to have a secondary machine running linux, this can be your router but doesn't have to be.
Here's a guide for if you have a linux machine connected to your network somewhere: https://github.com/cjdelisle/cjdns/blob/master/doc/nat-gateway.md
It looks like there's a few guides on building it for openwrt, but they might be out of date. One of them said it won't build on openwrt currently.
> I don't want to pay for internet from a provider.
No, you read that wrong. By non-hierarchical, it means that addresses aren't assigned by range.
In the current internet infrastructure, you have huge ranges that are assigned regionally, and each region assigns thousands to millions of addresses to each ISP, and each ISP assigns you an address.
Under cjdns, each IP address is a hash of a public key, there is no "region" that you're in (a side effect of this is completely breaking geoip).
Mesh networking is unrelated, and is certainly something cjdns can do, but so can IPv4 and IPv6. Cjdns is an internet-layer protocol, which many people don't seem to get. It is an alternative to IPv4 and IPv6, it does not specifically support mesh networking or ISP models. It is just capable of those things.
CJDNS definitely has issues but I don't see where you are actually pointing out what you think makes it a "piece of shit"? What don't you like about it, currently? (By the way, those of us who use it - we complain all the time. Caleb listens, too, and often pushes fixes in a day or two. He's super active in development as are a lot of us who use the software.)
As for piping arbitrary commands in to your shell - you're absolutely right, it's insane and anyone doing it should have their Linux Operator licenses revoked. Luckily that page and that install procedure has nothing to do with the CJDNS project, it's just some (I'm sure) well-intention'ed third party trying to make it easier to install.
A much better build guide exists in the README file of the project page, which you can find here: https://github.com/cjdelisle/cjdns. I would advise everyone to avoid any other install instructions.
CJDNS is a routing and peering system that uses an unused chunk of IPv6 and cryptography to route data between peers. It can handle data over UDP (for existing networks) and via raw Ethernet frames (for dedicated peer-to-peer cables or wireless links). Wikipedia page.
Is OpenVPN maxing out its CPU when your transferring at 8Mbps? It may be that with OpenVPN the CPU is being maxed out, in which case I'd get another box to run OpenVPN on or look at alternate VPN/routing software like cjdns to see if newer elliptic curve crypto can get you more throughput.
An older Kirkwood based board gets 39Mbps of throughput (after optimization, prior they were doing 7.9Mbps), so perhaps you can get some improvement that way. Those optimizations have been mainlined in cjdns, so you shouldn't need to do anything special.
I'm a very active member of the cjdns community. Reddit is pretty much the worst place you can possibly go to find information about us.
I only see a small number of names here that I recognize as belonging to people who know what they're talking about.
Your best bet is to read the documentation which is included in the github repository (https://github.com/cjdelisle/cjdns) and jump on irc #fc00 on Freenode or #cjdns on EFNet.
You have a choice to pick an isp. If you don't like it, then start your own isp. oh wait... regulations. Actually, it doesn't matter because you can (start one)[https://github.com/cjdelisle/cjdns/ ] regardless of fcc ruling.
It would be nice, but the Tor network might not handle massive influx of relays too gracefully, as can be seen when a botnet was let loose on the network. It managed, but whilst it was happening the network was fairly poor. Perhaps this wouldn't be a problem if there was time to prepare.
If Mozilla were seriously determined to bring about an encrypted network then something like cjdns would be a better alternative.
cjdns is not about DNS: https://github.com/cjdelisle/cjdns
> Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues that plague existing networks.
Encryption.
EDIT: To elaborate, in some mesh protocols (such as cjdns), all messages are encrypted from the source to the destination. This prevents third parties from snooping on the data. Not all mesh protocols do this though, and some don't encrypt or make any effort to protect your data.
You probably want to use OpenVPN; it's a very popular, free, open-source VPN system.
If you want to learn fun and exciting and dubiously practical things, set up a VPN using the tunnel-over-mesh-network feature of cjdns.
Real answer: it is not meant for end users. CJDNS is meant to replace the backbone internet, utilizing land lines and powerful routers. And those don't run windows...
EDIT: I don't have a 100% source, but you can get the gist of it by reading the readme.
For the most part the protocol is being developed with the implementation, hence the need for the hyperboria test network. The closest thing to what you want is the whitepaper https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepaper.md
> Cjdns implements an encrypted IPv6 network using public key cryptography for address allocation and a distributed hash table for routing. This provides near zero-configuration networking without many of the security and robustness issues that regular IPv4 and IPv6 networks have.
So ISP or higher can break anonymity through traffic analysis. Direct peers can also make educated guesses. This level of anonymity is acceptable for many purposes.
>> CJDNS provides this (cryptographic verification of layer 1 and 2 data). Your argument is in valid.
> No, no it does not. Please RTFM and understand the OSI model before trying to sound smart.
>> Excuse me, I'd like to introduce you to all of the existing community ad-hoc wireless networks.
> Like...?
Seattle wireless, that one in Perth, the list (a few of these are still in planning) goes on and on.
Most of what your talking about is routing issues, which is what CJDs Networking Suite is here to solve. It treats censorship by a node as damage & routes around it, and it defends against the DoS attack you mentioned since the government would only receive a stream of encrypted session initiation packets that were encrypted with the real nodes publickey. CJDNS will then realize that node Z is an imposter & route around it as though it was damage, thus restoring connectivity to the proper node.
Did I mention that it is very low latency, with latency equal to what you would see on an IPv4 or IPv6 network? And it acts as a full IPv6 private network, allowing all your normal applications (that are IPv6 compatible) to work like normal through the use of a Tun adapter.
There is also CJDNS, its an encrypted Networking Suite that a good chunk of /r/DarkNetPlan is using to build secure networks over the internet & locally. It also uses the NaCl cryptography library, hence why I replied to this in particular.
> That's what #cjdns made.
FTFY!
Hyperboria is the first CJDNS powered decentralized network. It has been an ongoing effort made possible by cjd and a bunch of contributors. CJD isn't a redditor for instance, and was made aware of /r/darknetplan by another #cjdns dev back in December. A lot of awareness of the CJDNS project have been made possible by the exposure of this sub and Project Meshnet.
Correct, and the README is here, though you can read it with proper formatting on the main github page.
If you're running linux, follow the installation instructions at the bottom of the github page. If you don't have a linux machine, you can download VMplayer (for free) and install cjdns on a virtual linux machine.
If you run into any problems, jump on IRC (link in sidebar) and ask questions. Everyone there is very willing to help. You'll need to jump on there once you're done installing anyway so that you can get the info you need to connect to the existing mesh.
You may be interested in CJDNS. It is decentralized, works with current hardware and can be used over the internet we have right now (which makes transitioning a lot easier).
/r/darknetplan is about CJDNS as well as other similar protocols.
Are you familiar with cjdns?
> Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues that plague existing networks.
If you want to learn to use cjdns, you can join us at irc://irc.efnet.org/#cjdns
Then you somehow install this thing, and then when you run cjdroute you'll get instructions to add a peer and fire it up. You can find public peers by typing ? peers in the IRC channel, or maybe ask one of the friendly people there if you can peer up with them.
Also, there isn't a better IRC client that exists other than Weechat.
Yeah, the cheap ARM machines tend to have low throughput. There are some benchmarks here.
Why would you need 2 antennas for each thing? Why not one for local (or just ethernet into your existing LAN, if you have one) and one for each physical peering link?
You're going to lose speed no matter what you do if you have to push cjdns traffic over many hops. Rather than going house to house to house, and touching cjdns at each hop, you can do something like 802.11s, or have longer-range links to improve throughput.
CJDNS is the solution to all your problems. Transport agnostic internet network with DHT routing and your IP address is the SHA256(SHA256) of your RSA public key, so every packet is end to end encrypted by default, regardless of protocol. You own your static IP address cryptographically.
https://github.com/cjdelisle/cjdns
EDIT: Also, you should probably use NaCL as your crypto library.
Thanks for keeping up the interest GrimKriegor!
Besides the lack of critical mass to start the Lisbon MeshLocal plan, there are also limitations on the hardware required by CJDNS. It needs at least 32 MB of RAM, which rules out several OpenWrt capable routers.
Thus, from all the hardware people were willing to donate, we can only use the 2x USB Wi-Fi adapters + 2x Bifferboards and the 1x TP-LINK TL-MR3020 (only 3 nodes total ...).
If you are willing to put in some of your spare time and get some friends to join in we can give this a second try. Our plan can be something like:
Build a small community of people willing to set up stray nodes and connect them between each other through Internet tunnels.
Get them to convince neighbours and slowly build the mesh.
We can bootstrap this with a Meetup where people would bring in their hardware and install CJDNS while helping each other. Later they could get back home, connect to Hyperboria and to everyone they met.
We should focus our attention on those who have single-board computers (SBC) lying around (Raspberry Pi, BeagleBoard, Bifferboard, ...). People usually have such hardware available for experiments like this, unlike CJDNS capable routers. Also, those owning a SBC usually have the needed skills to quickly set up CJDNS.
Yes, and it currently fails to do this job. Dictators can shut down the internet of a whole country. We all depend on ISPs for internet access. Peering is a privilege of the mighty telecoms. A central organization assigns IP addresses. And heck, the default is: unencrypted!
This is not the internet I have asked for. Let's rebuild it.
https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepaper.md
https://github.com/cjdelisle/cjdns/blob/master/doc/projectGoals.md
> Which key exchange algorithm are you using?
Take a look at the cjdns soure code: https://github.com/cjdelisle/cjdns/blob/master/crypto/CryptoAuth.c#L35-L40
> What is the source of randomness for RNG that produces keys?
The functionality of the cjdns random generator are described in detail here: https://github.com/cjdelisle/cjdns/blob/master/crypto/random/Random.c#L27-L89
> How do you prevent end-point compromise with exploiting vulnerabilities?
Depends on where you are attacking from.
- from the outside internet: all ports closed
- inside the LAN of the Enigmabox (home network): Asterisk, Exim and Lighttpd exposed
- inside the encrypted cjdns network: all ports closed
- your ipv6 is in the address book of the box you wanna attack: Asterisk and Exim exposed
- Attacking your browser by identifying traffic of your facebook login cookies: same risks as "Inside the LAN", malware on your computer connected to the Enigmabox could probably exploit the webinterface/services
> How do you prevent NSA from doing interdiction and switching the device while on transit?
(edited my answer, I misunderstood the question)
Rerouting a postal package to implant bugs manually - this is an effort that is taken when you are under targeted surveillance. This is a whole other story. What about bugs in your living room? Dedicated observation teams? There are always easier ways to find a way around encrypted network traffic if and when you are a target.
Protecting against targeted surveillance is not our goal in the first place, because then you would surely have to take some extra steps. We just provide a simple and secure way for communication, protection against untargeted mass surveillance, so that you don't become a target for targeted surveillance because you leave no cleartext traces.
That's great, but that's not the real problem.
The real problem has been unchanged for months now: lack of a user friendly interface. If CJDNS had a proper GUI interface for setup and management, we'd be golden.
There's a start on a node interface in the repository, interested parties should look in to improving it. ;)
Just let the mobile node send data through the next best (the new) route, and as soon as the first packet arrives on the other side, it'll discover the new route by looking at the reversed label of the incoming packet.
More info on route labels: https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepaper.md#operation
GSM should have been updated in recent years to have PPK, TNO infrastructure, with operators such as Vodafone acting just as a phonenumber:publickey signed lookup server. Your phone would save the public keys of your contacts and in order to ensure the key's authenticity you would compare in person public keys with people you want fully encrypted calls with.
This would make it a lot more difficult for L.E. to plant public keys, and besides, Vodafone etc. would lose credibility if they allowed false records to be signed by their public key.
For a more practical Trust-Absolutely-No-One system, see the cjdns whitepaper, which basically stores public keys in a distributed hash table. Your IPv6 address is simply the hash of your public key, which means users can get the public key for an IPv6 address from the DHT and confirm by hashing it that it is the correct key. It's a pretty cool concept.
In fact cjdns, the software projectmeshnet uses, is secure with end-to-end encryption and without requiring to trust any third parties. Also virtually uncensorable. It's freaking ingenious! Docs on how it works can be found in the official repository: https://github.com/cjdelisle/cjdns/
Here is the link to set-up cjdns. Once you're done ill PM you my details so that you can connect. However I think at-least one of us needs to connect to a local Meshnet for our peer - peer connection to be of any use. If the PHX Meshnet isn't active anymore we could probably create our own/ join another one. https://github.com/cjdelisle/cjdns#how-to-install-cjdns
For all intents and purposes cjdns is just IPv6. So any application that works with IPv6 will also work with cjdns.
There is also an API for communicating with cjdns.
https://github.com/cjdelisle/cjdns/blob/master/admin/README.md
What ARM board were you running it on? I've only ever run into serious performance issues with old MIPS/ARM boards, even a pentium 4 can move 427mbps. The latency increase from cjdns is also fairly imperceptible, I've found it to be around 0.271 to 0.180ms, which is small enough that virtually nothing will be affected by latency.
If you were using say a Raspi, recent optimizations have gotten speeds up to around 8mbps, and you can check out more benchmarks, look at this line for the throughput that you are likely to get IRL.
>This is the switch configuration so this indicates expected switch throughput:
Overall, there is still a lot of optimizations that can be done on ARM & MIPS for performance, but if your looking to make high bandwidth nodes, an old laptop (say a P2 or a P3) with some wireless NICs is going to be a better node than a raspi, especially since it has some battery backup built in.
You can test and submit bugs via the project's bugtracker on github. As thefinn93 mentioned, please do use our updated automatic setup script instead.
I'd appreciate it if you tried building on ARM (ubuntu?) again. Between last night and this morning, my patch for osx was merged in and it might fix the ARM NaCL issues as a side effect.
If it doesn't fix it, please open up a new issue ticket on github with the error output.
Thanks!
I don't know much about this world, but this may hit what you're looking for:
"Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues that plague existing networks."
Hyperboria is the largest cjdns network.
r/darknetplan (50,000 subscribers) is a reddit community dedicated to discussing and organizing mesh networking, especially including cjdns. However, it is very quiet.
Sure you can! Hyperboria is built on CJDNS and often their terms are used interchangeably.
CJDNS/Hyperboria are built with the idea that peering with people you know and trust over a direct connection will build out a mesh network.
However, this isn't currently practical for many, but since the mesh can be run over almost any network connection, it can also be run on the regular internet. There are people who run servers big enough for public access, and you can find lists (by continent, country, etc) here: https://github.com/hyperboria/peers
All this and more is explained in the README here: https://github.com/cjdelisle/cjdns/blob/master/README.md
Best of luck!
There's some really good work gone into mesh networks with radios over Wi-Fi. CJDNS comes to mind and there was a post a while back on here.
Either piggy backing off of that or having some sort of a fork might work. Bandwidth and legal issues around encryption become a problem, though.
Thinking about it, encryption is only an issue on the ham side, though. So you'd use packet radio to get into the BBS/remote system, all transactions within that network go through the encrypted layer, but when it comes back out to the packet connection, everything is in clear text. The mesh network would be the system used for syncing up all of the BBS'. CJDNS works access point to access point and also over the web as well, bridging areas where it just isn't possible to get a long range connection going, where the world wide syncing up of services would work.
Problem is that this requires another technology to rely upon and it seems hard enough to get someone into packet radio, never mind a mesh network. A person can but dream, haha.
Definitely an area of interest. I only know little bits I've read, not technically proficient enough to actually get something like that up and running!
why would you need blockchain for a p2p message passing network? nobody but the two endpoints needs to verify or care that a message happens, and having a permanent record of messages & senders is not a good thing.
These are more replacements or co-existant with current routing technology. See cjdns as an example
Hyperbolic mapping https://www.nature.com/articles/ncomms1063 is a way to work around having to have entire routing table being held in expensive associative memory.
In terms of distance computing, see e.g. https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepaper.md
...
> The "address space distance" between any two given addresses is defined as the result of the two addresses XOR'd against one another, rotated 64 bits, then interpreted as a big endian integer. The so called "XOR metric" was pioneered in the work on Kademlia DHT system and is used to forward a packet to someone who probably knows the whole route to the destination. The 64 bit rotation of the result is used to improve performance where the first bits of the address is fixed to avoid collisions in the IPv6 space.
Briar seems great to me, but here's the question I haven't been able to figure out the answer to:
It says it can work over bluetooth or wifi, but what exactly does that mean? In what way?
E.g., if you had a cjdns network, would it work over that?
A quick note for the privacy section: CJDNS does some multi-layer encryption similar to that of Tor, if I'm not mistaken (link)
Thanks! By the way, where on the github page is there documentation for how masquerade worked? A quick search doesn't seem to help much.
Edit: Just tried installing over v16. I made sure to stop the cjdns service first. At one point, I got an error message about Windows not being able to write to cjdroute.exe, with the options abort, retry, ignore. I hit ignore, and the rest of the installation seemed to go fine. However, I'm not sure if I'm now running v17 (can I find my version number anywhere?). Explorer tells me the only file that was modified was uninstall.exe, and according to fc00, I'm still running v16.
Also, my config file seems to be missing some of the default parts, like the ETHInterface section. I'm not sure If I can the missing sections manually (not sure if they apply to v16). Right now, I'm considering un/reinstalling, then copying over my old key, address, and peer list. Is there any better way I might go about this?
- yes 802.11. Should support 2.4GHz and 5Ghz.
- This subreddit supports the use of the cjdns networking protocol. This is because it implements encrypted IPv6. The cjdns whitepaper might answer more of your questions in regard to this.
- This is a tough question, because ultimately we are trying to start from scratch. Right now, it's all being done wirelessly. For outdoor options, I suggest using a Ubiquiti NSM2/NSM5 or LocoM2/LocoM5 if you want to broadcast in a general direction. For a single link grab an airGrid M5. For omni directional, the most cost effective outdoor solution I know is the Ubiquiti Picostation. There maybe better choices, I just know from reading that Ubiquiti equipment seems to work.
- This is not connected to the internet. This will run parallel to our current infrastructure, not on top of.
Apologize for late response. I have been trying to edit/update this sub to show updated information and links.
There is work ongoing to decentralize ISPs.
Very doable once we have a breakthrough in home wireless networking (think something like wifi at 1Gbps speeds with a range of 1-2 street blocks around on every home/office out there) + new p2p IPv6 internet routing technology with privacy/encription built-in is on its way.
I recommend installing on something like ubuntu first. Follow the steps in the readme: https://github.com/cjdelisle/cjdns#how-to-install-cjdns
Once you've gone through the steps, and you understand how it works, then see about installing it on something else, if that's what you want to do.
When people struggle with the installation process, it's generally not a cjdns issue, but rather:
- a firewall issue (they've configured iptables in such a way that it prevents cjdns from forming connections)
- a compiler issue (trying to build the software on a device with 256mb ram can take a while, and that delay makes build errors really frustrating)
- an OS issue (they're running some obscure OS that nobody in the community has heard of before, we want to encourage you to experiment, but you should get comfortable with the basics first)
Otherwise, as largepanda answered, install cjdns, use a public peer from the repository I linked above, join our hyperboria-only irc network (irc.hypeirc.net), and introduce yourself in our #peering channel. If at any point you run into problems, ask for help on our EFNet irc channels.
> is there any prior art to what you're doing? any projects that inspired you or that you took ideas from? what were their problems and benefits
I started out programming in C since I really wanted to contribute to CJDNS and their Meshnet Project but got distracted with Processing since it was way simpler and gave immediate, visual feedback at every stage of the learning process. Here are some of the interactive art apps I made with it.
> Once the code is open source, watching changes made to the code base for malicious activity. > The bests bet would be a hardware device that sits between the router /modem and your internal network that acts as a message server etc that handles encryption for P2P connections. All data to and from the nodes of the network are encrypted, rendering passive listening worthless. This type of tool could be set up as a local proxy for email (1 extension or setting away, and fairly easy to do) and handle encryption through something like PGP - Proven and reliable.
Just FYI: you described CJDNS which is used to run Hyperboria, a "private" secure p2p fully encrypted internet. Solutions exist, now they must come into usage. As of right now CJDNS runs mostly on top of the internet but it can fully replace it.
An implementation of a box that sits between your devices and the internet is the Enigmabox. It also serves as an email and phone server, all via CJDNS.
^^^And ^^^before ^^^start ^^^attacking ^^^it ^^^again ^^^because ^^^"wireless ^^^sucks ^^^/ ^^^too ^^^many ^^^hops", ^^^CJDNS ^^^is ^^^meant ^^^to ^^^run ^^^on ^^^routers ^^^and ^^^switches ^^^via ^^^the ^^^normal ^^^backbone. ^^^It ^^^can ^^^run ^^^wireless ^^^but ^^^then ^^^lacks ^^^the ^^^usual ^^^speed, ^^^etc. ^^^It ^^^is ^^^NOT ^^^a ^^^wireless ^^^meshnet!
Well I would suggest https://github.com/cjdelisle/cjdns but cjd seems to have disabled the issue tracker, apparently not wanting to deal with anything that doesn't come with an attached fix.
So I would recommend https://github.com/hyperboria/cjdns/issues
Hey there /u/twignewton, a meshnet is a network where most users of the network are connected to multiple other users of said network. By connecting to multiple other users, mesh networks increase connection reliability, reduce latency and (depending on how you set it up) enable increased network speed.
For a meshnet to work, you should connect to other users who are already on the network and are ideally close by. CJDNS supports connecting over raw ethernet frames over ethernet cables, wireless links, etc.
Ubuntu can definitely run CJDNS, the CJDNS readme is a great walkthrough on how to get CJDNS and get it up and running.
Additionally, if there is no one close by who you can peer with, you can peer over the internet using the UDP interface in CJDNS once you locate a willing peer who is already on the network. This particular type of peering is a fallback device designed for helping you to start a meshnet locally, please make sure to search for local peers prior to UDP peering!
What if you sell a router preconfigured with CJDNS, running a https://github.com/cjdelisle/cjdns/blob/master/doc/nat-gateway.md
For clearnet access you could also run an IP tunnel: https://github.com/cjdelisle/cjdns/blob/master/tunnel/README.md
OpenLibernet
From OpenLibernet white paper:
> our protocol implements a LISP-like functionality, and assigns to each node two different addresses. One is the permanent Peer Address, the other a temporary IP address that is obtained automatically and organically changes as the shape of the mesh changes due to joining and parting nodes.
CJDNS
From CJDNS whitepaper:
> cjdns is built on the idea that the ISPs and hosting providers which exist now will never upgrade, not to LISP, not to DNSSEC, not even to IPv6 in any meaningful way. Building new systems to be compatible with old systems is catering to the audience you will never have. Asking existing ISPs to upgrade for the common good is asking them to take a risk with no immediate benefit. cjdns is about throwing out the book and redefining the specifications in a way that will be fast, secure, and most importantly, easy for the next generation of ISPs to deploy and use.
Sometimes setting up port forwarding isn't possible. I really like cjdns mesh networking but it requires that you have a VPS of some sort to be your "master" node.
> The reality is that unless you have a very specific group of people viewing some information who are already predisposed to investigate it, the initial description needs to be short and sweet.
Yeah I feel like it works here because it's meshnet users/enthusiasts seeing this so those concepts seem more natural/commonplace. I chose those adjectives because those are the three main attributes listed on the cjdns github readme, though I will keep looking because I want to get the diction correct here.
> although how anonymous is it?
looking at quotes on the github page's readme, not very anonymous.
< tester> man sites take so long to load on i2p < tester> i value speed over anonymity any day
The roll-your-own-server approach might be the easiest way.
But if the box is a Linux system and you enjoy experimental networking technology, this sounds like actually a fairly good usecase for cjdns. You could install the software on your computer behind the firewall and on your remote computer, and find some peoplein the SF area who also operate cjdns nodes, and peer them both in to the main meshnet. Then you can forward traffic through these other peoples' servers for free. Sort of like a Tor hidden service, but significantly faster because it isn't trying for anonymity.
The downside is that the meshnet is a shared VPN, so anyone else on it would be able to send packets to your node, too. But you can solve that with a firewall, and they can't forge source addresses because cryptography.
If you do decide to go this route, I can peer you in to the Santa Cruz Meshnet Project's main node.
EDIT: Actually read the part where it's a synology NAS. Are those ARM? You can probably make cjdns work, but you need gcc and nodejs installed to build it.
At least we DO have a backup plan in case if Anti-net neutrality really going to spirl out of control on the public internet. The Meshnet is one of those plan (it does NOT strictly works on WiFi, it can work across the internet, wifi, ethernet wires, laser, or whatnot.)
CJDNS - Moderate amount of anonymity, encrypt end to end, and so forth. It's faster than I2P/TOR in networking sense. There are builds that works on Windows, but it is not recommended since you need a Firewall aka Linux OS as a front.
If everyone adopt the CJDNS meshnet after Anti-Net Neutrality mob illegalizing everything on the internet, we would actually be able to rebuild the internet through the meshnet and Governments and Corporations pretty much lose out total power over the internet when everyone use the meshnet for daily activity which can encrypt everything they do and share whatever contents they want freely.
Thought I'd let you know that there are options if shit hit the fan.
There is a way to make a new Internet without the ISP, but you would still want the Meshnet to access the internet to connect with other meshnets. Look into CJDNS project. In a global Meshnet in Seattle, there is Uppit.us (Reddit clone for meshnet), Emailing services, private DNS, cloud platform, and 4Chan in the Meshnet. Coolest things about the CJDNS are... it encrypted end to end without much risk of man in the middle attack and it works across both the Network Interface Card and The IPv4/UDP (Public Internet.) You can work with Meshnet without needing an IP Address aka Network Interface, because CJDNS have a total disregard for OSI model of the internet. CJDNS also have semi-anonymity on the network and it's extremely flexible.
To start it off, standard centric ISP is going to become obsolete in all eventuality and meshnet would most likely be localized across city to city, because public internet is simply not secure, it's retardly overly censored, and too heavily centralized to a point that it might cost millions to have 100mbps internet connection at some point. Meshnet make it so that ISP cannot bottleneck/slow-lane/data-cap the connection and make it easier for small businesses to set up servers in the Meshnet in seperate cities and share/upload unlimited amount of data for free as opposed to costy retarded ISP bottlenecks.
As an added benefit of the Meshnet, some of the rules that ISP set up like you can't host a website on a customer internet is being disregarded in the Meshnet. However, it would require a sort of system in place for you to access the internet from inside the Meshnet. You can still use the public Internet while using Meshnet at the same time if you wish, but you need a system if you're purely on Meshnet and not accessing the public internet except from within the meshnet.
OK here are the first steps:
1- Get one of these devices: http://wiki.openwrt.org/toh/start
2- Build openwrt + cjdns https://github.com/cjdelisle/cjdns-openwrt/blob/master/README.md
3- Upload your build to your device using one of these methods: http://wiki.openwrt.org/doc/howto/generic.flashing
I'm working on it, I'll let you know about my progress in a couple of days.
Very few people can actually afford waiting 2-4 years to verify an ISO. Also it's bad key management practice to keep the same key around for so long. So we could provide signed sha256sums for sure, but I don't think it would make the download process any more secure.
We could probably tap into the existing X.509 certificate authority infrastructure... basically serve them over HTTPS. Which is pretty bad, but on the other hand that we can only deliver verification instructions using HTTPS, so we depend on it anyway - an attacker able to override X.509 could put a notice in the website that we've changed the key, or change the link to the key file, or something along those lines.
Also, the problem is we already depend on HTTPS security internally because that's how we access Launchpad. I monitor my connections of course, but I can't say a MitM attack by the NSA is completely impossible. And I'm afraid Ubuntu does too, although I have not really checked...
Deployment of something like cjdns sounds like the way to go, both in elementary website and in Launchpad.
Have you ever heard of cjdns? Its an end to end encrypted mesh networking protocol that uses public key generated IPv6 addressing and Scalable Source Routing. I personally think that it may be the future of your creation. Do you think mesh networks are a viable solution to the surveillance/censorship problem?
What do you think of Project Meshnet and its goal of building the next generation decentralized alternative to the internet using the cjdns software?
FWIW, most 5v FTDI cables can accept 3v input, and most 3v routers can tolarate 5v input. I was able to unbrick one ASUS router in a pinch by pulling the AVR chip out of an arduino.
The "correct'" way to build for openwrt is unfortunately very out-of-date.
If you want to try compiling it to install manually, first make sure you can build cjdns. Then you'll need to install the mips crosscompile toolchain, which varies depending on distro. Then you just export CROSS_COMPILE=mips-linux-gnu- and run cross-do to build cjdroute.
If you're on debian I can give you detailed instructions on how to install the mips crosscompile toolchain, or if you want I can just send you a binary.
EDIT: Actually, the new nodejs build system seems to have completely broken mips support, so you're stuck with stable-0.5.
Hey, first lets try & get your tun adapter up, but I'd recommend you try following the instructions in the main repository to update cjdns.
Run these commands to set up & debug your TUN device:
> sudo /sbin/ip addr add <your ipv6 address>/8 dev cjdroute0
> sudo /sbin/ip link set cjdroute0 up
If you could paste here what the results were, that'd be a big help in determining if its an issue with Tun adapter creation or if something else is going on.
Well, as a newcomer, did you do a little bit of looking before you posted? I believe there are guides, examples, etc, but I may be wrong about that (in which case someone really ought to go make some). We're also still in a pretty early stage, at least as far as software goes, so there's not a lot that just anyone can do. Admittedly anyone with pretty much any OS that isn't Windows can get connected, but like 80% of personal computers run Windows. Check the wiki for more guides, tutorials, etc. as well as the CJDNS Whitepaper for technical details (and don't forget the README if you wanna get connected!)
Last I checked, CJDNS was working on FreeBSD, OpenBSD, illumos (aka Solaris), Mac OSX, Ubuntu, Debian, Arch Linux, Fedora, Centos & more. I'm sure I'm missing a few there, but cjdns runs on most every server or desktop OS that is still maintained except Windows, React OS, Haiku OS & one or two other oses that aren't commonly used.
Drop by their IRC channel & they'll help you set it up, but even the normal build instructions (scroll down on that page) should work fine. I know that those instructions work on Mac OS X & Ubuntu at the very least.
Although I have a lot of respect for TOR, comparing it to a darknet makes me feel as though you're misunderstanding the point of either TOR or darknets. <3
TOR is great in that it helps to allow people to communicate with a better chance of preventing a third party from being able to trace the communication. It is a byproduct of this that users are also shielded by taking on the identity of another party.
darknets are typically restricted-access networks which allow groups of people to communicate with one another while preventing third parties from intercepting the communication. Contrast to bouncing packets around to obfuscate the origin of a transmission, darknets commonly have authentication methods and cryptographic encrypting/signing to accomplish two objectives:
- Verify the message is from the person claiming to have written it (Signature)
- Send information such that only the destination may read it (Encryption)
If you look into cjdns or WASTE you may understand more thoroughly.
An odd place to have this discussion? You should speak to Xertrov, the original maintainer of the CJDNS_OpenWRT, or CJD regarding the official port, which is here.
Installed Debian sid, worked fine.
Except nobody could connect.
I could connect fine if I used LAN IP, but nobody could connect, I checked port forwarding, it was fine.
I was mainly asking about the connection stuff because I want to run this on my cjdns node.
I'd be kind of cool to be the first guy to be running a full, proper, good game through the network.
Also, I'm no developer, but I'm fairly sure there's quite a lot of options to authenticating users without me needing to know their password.
It should be possible to have my server and the client connect to you to check if he's legit, in the case that the user does want to log in.
If the user does not want to log in as some known account, I see no issue. My server gives him some sort of session that's used from then on.
I've recently stumbled upon this little interesting project: https://github.com/cjdelisle/cjdns/blob/master/rfcs/Whitepaper.txt https://github.com/cjdelisle/cjdns
If even just half of it is true this will be seriously awesome.