The Promised LAN

Summary

🖧 The Promised LAN The Promised LAN is a closed, membership only network of friends that operate a 24/7 always-on LAN party, running since 2021. The vast majority of documentation is maintained on the LAN, but this website serves to give interested folks, prospective members or friends an idea of what the Promised LAN is, and how it works. A Manifesto for The Promised LAN For background on why we started the lan, what we hope to achieve, and how we approach the social-technical dynamics, we have posted a Manifesto to encourage more similarly structured LANs. It is worth reading this before moving on. The social and technical aspects are intertwined here. Backbone Network Each Promised LAN segment connects to the Backbone network, since each LAN connecting to every other LAN quickly becomes unmaintainable, even with a small number of segments -- individual dynamic IPs change, keying material exchanges, negotiating a cipher suite; it gets hard! As a result, we have all LANs connect to the closest backbone node, and traffic is routed through the backbone network. The network is made up of independently operated and heterogeneous nodes (currently three nodes, a mix of Debian using strongSwan and OpenBSD using iked), which peer over IPSec links. We've decided on a set of common algorithms which appear to be the best tradeoff of speed, security and support for our existing backbone nodes. Algorithms IKE SA Auth HMAC SHA2 512 IKE SA Encryption AES 256 IKE SA DH Curve25519 Child SA Encryption ChaCha20 Poly1305 Child SA DH Curve25519 The Backbone network operates in a dedicated /24 allocation, where individual backbones are issued an IP based on its "Node ID". Each backbone is only hardcoded with the routes for each directly connected backbone via its IPSec connection. This network of nodes operates as The Promised LAN's Default Free Zone (DFZ). Once the IP links are established, backbones communicate using BGP (currently bird on Debian and bgpd on OpenBSD) in order to adver...