Building the Internet 2.0. Well, or VPN for myself. Hyperboria

Let us think about how the Internet should look like the future to be sufficiently safe and secure. That’s what I see in general terms:
1) traffic is encrypted between any two hosts. No one except the two hosts can not decrypt traffic
2) Each device on the network has its own unique ip-address (by itself, ipv6).
3) The network is built on the principle of peering with any other devices
4) peering can be deployed on top of the usual internet, over its own channel to the next building, on top of wifi-mesh network. Yes, all over anything
5) all this (the Internet, private networks, “illegal” channels, mesh-network) are combined into a single network in which there is no NAT-a. Where each device can communicate with everyone. And, of course, all traffic is encrypted.
6) locking impossible anything at any level. If the connection with some of China locked on the same route, the network will automatically find another route for this
7) Automatic remarshrutizatsiya Falling any channels without any additional adjustments
8) automatically use the fastest route to the desired host
9) lack of opportunity to intervene in the communication between hosts (see para. 1).
10) the lack of a network of regulators that determine the routing and can affect it to the downside or blocking network segments.
11) network is built not only corporations but also by ordinary users at all levels (including at border channels when wireless devices will drop enough to be able to organize the lte-channel point-to-point).

Interested? Let’s get acquainted, it Hyperboria. VPN network without control units, has all the qualities described above. You can build a small network over the existing Internet to build a second network, and then connect them to its own cable / radio channel / satellite Internet, and then plug it all (of course, if you wish) to the network, which now brings together peers from nearly all technically developed countries.

As I said, the traffic is encrypted to everyone except the sender and the recipient. As from the public networks, and from the intermediate peers in Hyperboria. The network does not set a task to hide the traffic itself. But the task is to “make the traffic is not clear to anyone, except those to whom it is” has already been successfully implemented. Of course, network traffic does not have any specific marks to effectively cut it in DPI (perhaps that will be used white lists) is not hurting corporate networks (ipsec, for example). Software router is not tied to any or ports, middleware technology and generally anything else. You can run on any port on the router and can connect to it. You can establish contact with their peers any way you want – via the public internet via a cable to a neighbor over a public wifi-mesh network through openvpn / gre / pptp / ipsec tunnels. Even hell through ssh tunnels.
Moreover, there is no need to have a router ipv4-address, although the setting in this case is not so trivial. You can run the Hype on two hosts in auto search of peers to join them cable or any other means, and they agree among themselves. And it may not be a host 2, and, for example, one thousand mesh-network.

The network is protected from politicians. By design, this network does not provide access to “lock” the resources in the network. It generally will not provide access, in addition to other hosts Hyperboria (which can and your Dev, which makes things necessary to you). The network does not make you anonymous in a pink coat, at least as long as it does not grow to be fairly large (millions of units). Hype does not provide access via public networks you anyone until you yourself do not do (do not raise publicly accessible on ipv6 squid without authorization, for example) – you can not be afraid of challenges in court for breaking the bank.

And, of course, you can build a small Hype to manage their servers / desktops within the company (between all its branches, data centers). And do not connect it to the network. If Hype will be used in the business, it will be even more protected from encroachment States.

What is it like today is Hype? It’s a small network (about 2k hosts), which has a small pack of domestic resources of varying degrees of utility. There is a tracker, there is a jabber (with access to the other servers), there is a bundle of sites. In a network, mostly hanging out technical elite and paranoid from different countries. No advertising, no nothing) there is a safe way to communicate and transfer data.

Of course, the network and would be nothing without users. Technically, it is ready to unite hundreds of thousands of Linux-geeks around the world. Client for other platforms (except BSD and Knicks) at this stage there =) The founder of the network will be pleased to see how the new network geeks, and separate hype-network. And all participants will be pleased to see new services. Client for other platforms is possible now, but without the services the network no one will come. Namely, we are the people who create and maintain interesting services.

How to get to Hyperboria? First you need to compile and run at a soft-router for hype (cjdroute). As long as you have a feast – you will not be on the router functions. Once you have become two of the feast – there are situations where you will have to pass through the transit traffic. Actually, I’m quite a big router (10 peers), and especially do not suffer – there is little traffic, yet.

Secondly you need to find peers to which you connect. Many ways. Those with whom I am familiar, the most logical locking ask me – I’m a single arc in Germany, the second – in Moscow. Those with whom I do not know – to take advantage of the public forum of the Russian-speaking hyperboria. There is a list of public peers (I’m not the public), it is possible to find peers closer to him.
If you want to know me and locking – write in the mail.

Well, let’s start to put the router. We need a linux-basin (with enough fresh distribution). It does not matter whether there is a dedicated address on it or not. Simply, if the selected address is not – then you no one will be able to lock said over the Internet, if he does not have a dedicated IP address (to connect themselves, you will be able to any number of peers to address allocation).
We put the necessary software for the assembly:
root @ server: ~ # apt-get -qq update; apt-get install git-core build-essential

Clone repository cjdns / cjdroute:
root @ server: ~ # git clone; cd cjdns

Then run the assembly:
root @ server: ~ # ./do

At the end we will see the inscription:
Build completed successfully, type ./cjdroute to begin setup.

If you do not see, write here, will collectively help.

Now create the config:
root @ server: ~ # ./cjdroute –genconf >> cjdroute.conf

If you throw out comments, configuration is as follows:
{// Our IDs in the network. They need to keep in a safe secure place. If they lose / change – then your ipv6 address within the network will be replaced.
“PrivateKey”: “…”,
“PublicKey”: “…”,
“Ipv6”: “…”,
// Password to connect to us. These passwords need to convey to those who want locking with you. Each feast – one password. When you want to lock said someone else – append here a new password.
{“Password”: “d68s1q6sbj24w …..”}
// Description of the administration interface of the router. Leave it to hang on lokalhoste to no one except you do not have access to it.

// Further description is peering over existing ipv4-networks. Including over the Internet. It is here that you need to enter your peers.
// Port and ip-address through which traffic will pass your installation cjdroute.
“Bind”: “”,
// Description of your peering (ie those to whom you are connected)
// Description of the first feast:
“Password”: “….”,
“PublicKey”: “….”,
“Location”: “country”,
“Admin”: “you_can_print_mail @ here”
// Description of the second feast:
“Password”: “….”,
“PublicKey”: “….”,
“Location”: “country”,
“Admin”: “you_can_print_mail @ here”
// After the last feast not put a comma
// Description of other options.
// We are at this stage not interesting.
/ *

In general, the entire configuration will be generated very well commented in English. I’ll have the main points that need to be addressed. Do not forget to save the config file in a safe place out of the car so as not to lose the feasts in the future.
Actually, now that you’ve entered those with whom you piritsya, you can run the router. If you have all occurred in the directory / root / cjdns, then run it:
root @ server: ~ # / root / cjdns / cjdroute