Cjdns: a secure non-anonymous P2P network

The really cool thing about this – as opposed to something like Tor or I2P – is that rather than coming up with a novel addressing scheme, it just commandeers the entire (unused[0]) fc00::&#x2F;8 block of IPv6. Because of this, it is 100% compatible with every existing IPv6 application.<p>For bonus points, it can also tunnel IPv4 and IPv6 through the P2P network[1] much like a traditional VPN would. But unlike a traditional VPN, it is sufficient to connect to any single node of the P2P network, no need for direct connectivity to the gateway. And of course that connection doesn&#x27;t have to be a UDP&#x2F;IP stream over the public internet, because CJDNS can speak raw Ethernet frames[2] over any hardware interface you like.<p>[0] <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Unique_local_address" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Unique_local_address</a> [1] <a href="https:&#x2F;&#x2F;github.com&#x2F;cjdelisle&#x2F;cjdns&#x2F;tree&#x2F;master&#x2F;tunnel" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;cjdelisle&#x2F;cjdns&#x2F;tree&#x2F;master&#x2F;tunnel</a> [2] <a href="https:&#x2F;&#x2F;github.com&#x2F;cjdelisle&#x2F;cjdns&#x2F;blob&#x2F;master&#x2F;doc&#x2F;configure.md#connection-interfaces" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;cjdelisle&#x2F;cjdns&#x2F;blob&#x2F;master&#x2F;doc&#x2F;configure...</a>

The community that&#x27;s grown around this routing technology is Hyperboria (<a href="https:&#x2F;&#x2F;hyperboria.net&#x2F;" rel="nofollow">https:&#x2F;&#x2F;hyperboria.net&#x2F;</a>), which is mainly an overlay meshnet via the existing internet rather than an entirely new network with dedicated cables and wireless links. It&#x27;s got about 700 nodes active right now (and about 1800 links), according to the awesome network visualizer at: <a href="http:&#x2F;&#x2F;www.fc00.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;www.fc00.org&#x2F;</a>

This is a great project with a very interesting goal that I&#x27;m not sure everyone (or perhaps myself?) understands.<p>What it&#x27;s trying to do is create a more distributed version of the BGP &#x2F; IP system we use to route traffic today. So instead of organizations like ARIN and APNIC that assign addresses and AS numbers (for BGP routing), you just generate your own IPv6 addresses, derived from a private key, and then it peers with whomever you want to peer with. There is no centralized step here, all you need is authentication information from the servers you want to peer with.<p>I actually see this more as a replacement for BGP. BGP is what really routes all the internet traffic around, and then the IP is like the end-point for that routing. BGP has a similar work flow to the way you use Cjdns (find peers, connect to them, get more redundant routing paths).<p>Why bother? Well, the IP&#x2F;BGP ASN allocation process is a complicated, centralized, manual, expensive mess. I&#x27;ve recently acquired some IP space and an ASN and it took a long time and a lot of difficult work to get it all worked out. With Cjdns, you just boot it up, peer with some upstreams and you&#x27;re ready to go. And because it uses IPv6 for the exit, it works with any application that supports IPv6, so it&#x27;s compatible with pretty much everything, no rewriting is needed.<p>A lot of people don&#x27;t like that it isn&#x27;t perfectly anonymous, but that&#x27;s okay. It&#x27;s trying to be as fast and efficient as possible, as opposed to something like Tor that is trying to improve privacy and anonymity at the expense of performance. You can always run things like Tor on top of it if you want to do that. Anyways, we don&#x27;t know if Tor is the final answer to that problem, so this allows you to solve the routing problem, and then implement protocols to deal with the privacy&#x2F;anonymity problem above that.<p>I&#x27;d really love to see this project get more adoption, but it&#x27;s going to be an uphill battle to get a large amount of the internet peering through it.<p>I&#x27;m not sure if this is the best way to describe cjdns, so feel free to correct me on any of this.

cjdns is amazing. I&#x27;ve been using it for a while now as a decentralized vpn. It is really powerful to just be able to link machines together in a network where each node can reach each node as long as at least one other node can connect to that node. For example, I have two machines behind one router and two machines behind another router. Only one in each zone is approachable from the internet, and not always both (due to dynamic residential IPs for example). With cjdns all machines can access all machines as long as there is at least one path that can be traversed from the source machine to the destination, transparently hopping through intermediary machines if necessary. Even if the source machine can not reach the destination machine, but the destination can reach the source there is no problem because of the UDP tunneling.

This is ingenious, your public address is also your public key, and the payload of the packet can only be decrypted by your private key. So awesome, it has encryption built in.

cjdns is excellent, I&#x27;ve been using it for quite some time now for all sorts of things. If anyone is interested in peering in the NY metro area, let me know, I&#x27;ve got bandwidth to spare.

How is this different from <a href="http:&#x2F;&#x2F;netsukuku.freaknet.org&#x2F;" rel="nofollow">http:&#x2F;&#x2F;netsukuku.freaknet.org&#x2F;</a> ?

After seeing enough of these &quot;alternative internets&quot; to make your eyes water, I have to wonder; at this point, is it even possible to implement these at scale? As well designed as the technologies may be, how could these be possible marketed to the layperson, who is happy with the current infrastructure?<p>The only recent&#x2F;ongoing shifts in internet technology are IPv6 and the https push, and they are both built on top of existing technology, and have been extremely logistically challenging to implement. How could a total revamp possibly fare?

I&#x27;ve been using this for a while, and it&#x27;s really cool. I&#x27;ve not found a huge number of &quot;public&quot; services on the network, but I&#x27;ve used it for IP tunnelling and also to access my machines without having to worry about dynamic DNS.

Do I need https when using cjdns or http is fine ?