From owner-freebsd-net@freebsd.org Mon Jul 4 23:05:11 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 96D81B91B97 for ; Mon, 4 Jul 2016 23:05:11 +0000 (UTC) (envelope-from yuri@rawbw.com) Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42]) by mx1.freebsd.org (Postfix) with ESMTP id 88F9A2FED for ; Mon, 4 Jul 2016 23:05:11 +0000 (UTC) (envelope-from yuri@rawbw.com) Received: from yuri.doctorlan.com (c-24-5-143-190.hsd1.ca.comcast.net [24.5.143.190]) (authenticated bits=0) by shell1.rawbw.com (8.15.1/8.15.1) with ESMTPSA id u64N55xc017221 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Mon, 4 Jul 2016 16:05:05 -0700 (PDT) (envelope-from yuri@rawbw.com) X-Authentication-Warning: shell1.rawbw.com: Host c-24-5-143-190.hsd1.ca.comcast.net [24.5.143.190] claimed to be yuri.doctorlan.com To: freebsd-net@freebsd.org From: Yuri Subject: CJDNS - a very useful network router program Message-ID: Date: Mon, 4 Jul 2016 16:05:03 -0700 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2016 23:05:11 -0000 Hi, I came across CJDNS (https://github.com/cjdelisle/cjdns), the IPv6 software router that uses the public-key encryption to secure the transmitted packets. It is interesting because IMO it implements the new approach to networking, a significant improvement over how networks work today. There is no need for routers, there is no centralization in the network, there is no need for providers controlling the up-link channel at every point like it happens today in the residential Internet, for example. MITM attacks and surveillance are also much less likely because intruders can't decrypt the traffic without the receiver's private key. You can just add nodes, connect them in some way with almost random topology, and the network will just work. Mesh networks can be built this way, connecting households or business units. Additionally, one can easily use CJDNS as a VPN. Server key should just be shared with the client, UDP port should be opened, and routing table on the client should be adjusted. I think CJDNS is actually the easiest and most lightweight way to set up VPN that exists today. CJDNS can tunnel IPv4 over IPv6. CJDNS also has a lot of similarities to the Tor network, because it allows to create an encrypted network with access to both internal net and clearnet hosts. In fact, such test network exists and is operational: https://www.fc00.org/ I created ports for CJDNS: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210730 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210767 Sorry if this is off-topic because it isn't directly related to the networking in FreeBSD. But I thought many will also find CJDNS interesting, and wanted to share. Yuri