diff options
author | dvn <git@dvn.me> | 2018-08-02 15:01:41 +0200 |
---|---|---|
committer | dvn <git@dvn.me> | 2018-08-02 15:01:41 +0200 |
commit | dc76b749974a4c9dc44b4e6def578e6859f879ff (patch) | |
tree | ead5a0160119daf712b6faf1de8a6b580256d687 /README.md | |
parent | d837b84241ed01cf42e95c95948224cdbf285e18 (diff) | |
download | gnunet-dc76b749974a4c9dc44b4e6def578e6859f879ff.tar.gz gnunet-dc76b749974a4c9dc44b4e6def578e6859f879ff.zip |
README.md: add section on VPN usage
This section and filesharing are almost verbatim copies of a tutorial
wldhx made half-a-year ago.
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 66 |
1 files changed, 60 insertions, 6 deletions
@@ -71,7 +71,6 @@ guix package -f guix-env.scm:notest | |||
71 | ### 2. Docker | 71 | ### 2. Docker |
72 | 72 | ||
73 | ``` | 73 | ``` |
74 | cd docker | ||
75 | docker build -t gnunet . | 74 | docker build -t gnunet . |
76 | ``` | 75 | ``` |
77 | 76 | ||
@@ -176,7 +175,64 @@ The URI you get is what you can use to retrieve the file with `gnunet-download`. | |||
176 | 175 | ||
177 | ### VPN | 176 | ### VPN |
178 | 177 | ||
179 | *coming soon* | 178 | #### "Half-hidden" services |
179 | |||
180 | You can tunnel IP traffic through GNUnet allowing you to offer web, SSH, messaging or other servers without revealing your IP address. | ||
181 | |||
182 | This is similar to Tor's Hidden (aka Onion) services, but currently does not provide as much privacy as onion routing isn't yet implemented; on the other hand, you can tunnel UDP, unlike Tor. | ||
183 | |||
184 | #### Configuring server | ||
185 | |||
186 | First, set up access from GNUnet to IP with `exit`: | ||
187 | |||
188 | `gnunet.conf`: | ||
189 | ``` | ||
190 | [exit] | ||
191 | FORCESTART = YES | ||
192 | EXIT_IPV4 = YES | ||
193 | EXIT_RANGE_IPV4_POLICY = 169.254.86.1; | ||
194 | ``` | ||
195 | |||
196 | Exit, by the way can also be used as a general-purpose IP proxy i.e. exit relay but here we restrict IPs to be accessed to those we'll be serving stuff on only. | ||
197 | |||
198 | Then, start up a server to be shared. For the sake of example, | ||
199 | |||
200 | ```sh | ||
201 | python3 -m http.server 8080 | ||
202 | ``` | ||
203 | |||
204 | Now to configure the actual "half-hidden service". The config syntax is as follows: | ||
205 | |||
206 | ```sh | ||
207 | [<shared secret>.gnunet.] | ||
208 | TCP_REDIRECTS = <exposed port>:<local IP>:<local port> | ||
209 | ``` | ||
210 | |||
211 | ...which for our example would be | ||
212 | |||
213 | ```sh | ||
214 | [myhttptest.gnunet.] | ||
215 | TCP_REDIRECTS = 80:169.254.86.1:8080 | ||
216 | ``` | ||
217 | |||
218 | Local IP can be anything (if allowed by other configuration) but a localhost address (in other words, you can't bind a hidden service to the loopback interface and say 127.0.0.1 in `TCP_REDIRECTS`). The packets will appear as coming from the exit TUN interface to whatever address is configured in `TCP_REDIRECTS` (unlike SSH local forwarding, where the packets appear as coming from the loopback interface) and so they will not be forwarded to 127.0.0.1. | ||
219 | |||
220 | You can share access to this service with a peer id, shared secret and IP port numbler: here `gnunet-peerinfo -s`, `myhttptest` and `80` respectively. | ||
221 | |||
222 | #### Connecting | ||
223 | |||
224 | `gnunet-vpn` gives you ephemeral IPs to connect to if you tell it a peer id and a shared secret, like so: | ||
225 | |||
226 | ```sh | ||
227 | $ gnunet-vpn -p N7R25J8ADR553EPW0NFWNCXK9V80RVCP69QJ47XMT82VKAR7Y300 -t -s myhttptest | ||
228 | 10.11.139.20 | ||
229 | |||
230 | # And just connect to the given IP | ||
231 | $ wget 10.11.139.20 | ||
232 | Connecting to 10.11.139.20:80... connected. | ||
233 | ``` | ||
234 | |||
235 | (You can try it out with your browser too.) | ||
180 | 236 | ||
181 | ### Running a Hostlist Server | 237 | ### Running a Hostlist Server |
182 | 238 | ||
@@ -203,12 +259,10 @@ TODO: *explain what this does and add more* | |||
203 | Philosophy | 259 | Philosophy |
204 | ------------------------- | 260 | ------------------------- |
205 | 261 | ||
262 | GNUnet is made for an open society: It's a self-organizing network and it's [http://www.gnu.org/philosophy/free-sw.html](free software) as in freedom. GNUnet puts you in control of your data. You determine which data to share with whom, and you're not pressured to accept compromises. | ||
263 | |||
206 | 264 | ||
207 | Related Projects | 265 | Related Projects |
208 | ------------------------- | 266 | ------------------------- |
209 | 267 | ||
210 | |||
211 | |||
212 | <a href="https://pep.foundation"><img src="https://pep.foundation/static/media/uploads/peplogo.svg" alt="pep.foundation" width="80px"/></a> <a href="https://secushare.org"><img src="https://secushare.org/img/secushare-0444.png" alt="Secushare" width="80px"/></a> | 268 | <a href="https://pep.foundation"><img src="https://pep.foundation/static/media/uploads/peplogo.svg" alt="pep.foundation" width="80px"/></a> <a href="https://secushare.org"><img src="https://secushare.org/img/secushare-0444.png" alt="Secushare" width="80px"/></a> |
213 | |||
214 | |||