4310 Cjdns - Telecomix Crypto Munitions Bureau


From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

cjdns (CJDs Network Suite) is an experimental network overlay protocol that gives you end-to-end encrypted and authenticated communication with people that also have cjdns installed. It is a friend-to-friend VPN. You need to setup peering with at least one other friend in a network to be able to communicate with nodes in that network. Nodes that are not directly connected can talk with each others through their friends. Routing is done automatically through some DHT.

cjdns does not protect your communication with anyone that is not using cjdns.


[edit] Why is cjdns nice?

The cjdns networks are like ordinary internet, except that everything is always encrypted and authenticated end-to-end. It is like always having IPsec enabled transparently and without the need to configure anything.

No ISP controls the cjdns networks. You and the peers you choose control the network. It is not possible to perform traffic shaping analysis and deep packet inspection is not useful, since only you and the node you are communicating with can read the encrypted traffic between you, like a VPN.

You are pretty safe to share any information you like as long as you and your friends (as well as their friends) don't invite idiots or government agents. In large networks with lots of people that you do not know in person it might be a good idea to avoid hosting public services that provide way too much sensetive material. You should only allow trusted users access to your services and learn how to use ip6tables (not iptables, since cjdns is ipv6 not ipv4). The cjdns networks also protect hackers so be prudent with security updates.

Unless you peer with someone who peers with someone who peers with someone .. that peers with X, you will not be able to communicate with X, and vice versa. That is, others that wish to reach your cjdns address also need to have joined the same network. From your computers point of view, all nodes in the cjdns network you have joined will behave as if they are directly connected to the same LAN, through the TUN interface.

[edit] Security

  • Anonymity -- Low to medium. It does not use onion routing, but for an adversary to identify you, all nodes between you and the adversary need to cooperate with the adversary. Only social-friendship security is available, so you can not get away with absolutely everything, as with TOR/I2P. Do not host things your friends thinks is immoral!
  • Speed -- High, its like a VPN
  • Availability -- High, connections seldom goes down
  • Security -- High? Peer-to-peer and end-to-end authentication and encryption.

Since you will have a TUN interface, all kinds of packets can enter your computer. You might want to setup a firewall.

[edit] You want to install cjdns ?

Every thing is there. If you have any:

  • questions
  • problems

then ask for help in #tcxnet.

[edit] Network goal

The goal of Tcxnet, is to have a map the more looking like what's on the right part. Left part is really bad, because it's Tcxnet, not Minitel. Center is good, but right is better.

Personal tools
< 7 /html> 0