Posted on Mi 28 Mai 2008

After the trouble with debian fucking up most of our tinc keys and the need to change a lot of keys, basically to rebuild the vpn nearly from scratch, i had a look for some vpn which are doing things more "ad-hoc".

Sure, tinc is nice, tinc is peer2peer, but without an efficient key distribution system, it eats too much workpower for maintainance.

I found ELA, "A Fully Distributed VPN System over Peer-to-Peer Network", but it is from 2005 and written for linux 2.4.20.

I also found n2n, which looks quite promising, as it is quite new, runs in userspace, has not many dependencies and is quite small, so it should be able to run on our linksys based nodes.

One could argue, a shared key is nno security at all, if you have a big group, but security is not the main issue, it is about connectivity. without all that key exchange hassle, it could be easy to install and to configure and spread the use of vpn technology in freifunk and other wireless community networks.

I still did not find out how to run the network with more then one supernode, as stated in the paper, but it looks like it is going to be implemented soon.

I will keep playing with it and would be happy about anybody sharing his experiences with n2n as vpn backend for interconnecting meshclouds.

Update: Frithjof did an kamikaze ipkg.