How to Get Connected

From Cursed Silicons Wiki
Revision as of 17:17, 21 March 2026 by Snep (talk | contribs) (Add DNS information to the manually configured Wireguard section, include the sign-up page and remove the obsolete OPNsense admin part of the manual connection guide)
Jump to navigation Jump to search

This is a quick and dirty "how do I get on CGHMN"

Since the service is in "open beta" these steps are a bit vague and manual. But over time as we figure out what works we'll add more connection methods and better documentation

Step 1:

Let us know you'd like to connect!

(We'll need information from you such as your Wireguard Pubkey to let you connect to the network)

Example CGHMN Router Setup using a GL-AR300M and basic network switch

Hardware requirements

To connect your retro machine(s) to the CGHMN, you'll need the following:

  • An Ethernet connection on your retro device(s) of choice, with a TCP/IP (v4) stack for now! TrumpetWinSock, Microsoft TCP/IP, whatever. It all works.
  • Something with the ability to run Wireguard and forward IPv4 packets at the minimum and, for any non-IP packets, gretap and nftables. Personally we recommend something running OpenWRT, like the GL-AR300M which we have successfully tested to work. We're currently working on a pre-built image for some select routers to make the setup easier for new members. A script to configure already existing OpenWRT instances can be found below.
  • Alternatively, you can also run the CGHMN routing on any standard Linux box which has at least one Ethernet port and either a second one or WiFi for internet connectivity. A basic script to set up a Linux machine as a router is posted below (TODO!).
  • Optionally: A simple network switch, in case you want to add multiple machines to the network. You plug one end into the CGHMN Router box and then your clients can all access CGHMN. Super easy!

On the right is an example of what a CGHMN router setup could look like.

Get connected - With OpenWRT

If you chose to go with an OpenWRT compatible router or want to run OpenWRT on typical x86 hardware/in a VM, you can follow these steps to get yourself connected to the CGHMN:

  1. Update your OpenWRT install to the latest version to ensure all required packages are available and compatible.
  2. Download this script from GitHub to your OpenWRT router: wget https://cghmn.snep.zip/connect.sh
  3. Run the following commands on the router:
    1. ash setup-cghmn.sh install-pkgs
    2. Reboot the router, this step is necessary if you intend to use the web UI for any other configuration or see the status of the CGHMN connection, to make LuCI recognize Wireguard connections.
    3. ash setup-cghmn.sh init
    4. You will be asked what network port you'd like to use for the Retro LAN. This is where you will plug in your retro machines to be part of the CGHMN. Choose a port that is not assigned to any OpenWRT interface like lan or wan or which not already part of a bridge and enter the Linux interface name, e.g. eth1, then press [Enter] to continue. If your router only has two ports and you're using one for WAN, then you first have to enable the web UI and SSH access via the wan OpenWRT interface, remove the entire lan OpenWRT interface and the default br-lan or any other bridge the interface might belong to, to free the network port and continue the setup over the IP address your router got on its WAN side. If you only have a single Ethernet port, you're running on a router setup we can't really recommend, however you can configure VLANs and use a managed switch to both get a WAN DHCP address for internet access and have a separate VLAN for the Retro LAN bridge over a single port. This is commonly referred to as "router on a stick". Just enter the VLAN interface name here if you choose to go that route.
  4. Now you will be given some information on the console, including a Wireguard public key. Head over to https://signup.cghmn.org, fill out the form there with your details like an e-mail address we can reach you under and copy over the Wireguard public key from the script output into the appropriate field on the web page. Once your request has been approved, you'll receive an e-mail with your CGHMN Wireguard connections details. Note: If you cannot copy-paste, for example, because you're on a VM VNC console, you can run ash setup-cghmn.sh pubkey-qr to get a QR code with your public key, which can be scanned with a phone, tablet or software QR code parser to get the key as copy-pastable text.
  5. In the e-mail from your sign-up server post approval, you will receive a tunnel IPv4 address (100.65.x.x/32) and a routed IPv4 subnet (100.68.x.0/24 and up). These will be needed on the next step
  6. Run ash setup-cghmn.sh set-tunnel-ip, enter your new tunnel IP address with or without the /32 subnet mask, enter your routed subnet with the CIDR netmask and supply your pre-shared key from the e-mail.
  7. Once the script completed successfully, reboot the router to ensure all interfaces are up properly. After the reboot, your retro devices should receive an IP address in your routed IPv4 subnet on the Retro LAN port you chose above and be able to communicate with other machines on the CGHMN network.

Get Connected - Manually (Linux, Wireguard/IP traffic only)

In case you want to setup a connection into the network manually, here are the required steps and information you should be needing:

  • Generate a Wireguard private key and public key, this command writes a fresh Wireguard private key to private-key and the corresponsing public key to public-key:
$ wg genkey | tee private-key | wg pubkey > public-key
  • NEVER share your private key, even with us! It should never be required outside of your own Wireguard setup!
  • You will, however, need to share your public key with us. Head over to https://signup.cghmn.org, fill out the forms with some details like an e-mail address we can reach you under and paste the newly generated public key into the public key field.
  • After submitting your request, we'll approve it as soon as possible and you'll get two IP addresses sent over to your specified e-mail: Your tunnel IP address, with which your router talks to our router, and a routed subnet, from which you can assign IPs to your own machines so they can talk to other CGHMN member devices on the network without NAT in the way.
  • In the e-mail, you will also find a full Wireguard configuration looking a little like this:
[Interface]
PrivateKey = xxx
Address = 100.65.0.xxx/32

[Peer]
PublicKey = k/QiJIbMakMKgTCHVt8/D+8k4DzRVM6U33F3gMZfRUg=
Endpoint = us.wg.cghmn.org:42070
AllowedIPs = 100.64.0.0/10
PersistentKeepalive = 15
PresharedKey = xxx
  • Copy this configuration to a file, wg-cghmn.conf, for example.
  • If you use wg-quick like below, you can also add the line DNS = 100.64.12.2 in the [Interface] section to make use of our DNS resolvers and access other CGHMN member's services through domain names, though be adviced that we cannot guarantee public internet address lookups, which means this might break internet access for the host you're opening this Wireguard tunnel from! Alternatively, for advanced users, one can setup dnsmasq to automatically pull any domains we offer within the CGHMN and forward them to our DNS resolvers with the help of this script from our GitHub and having it being run periodically through cron, systemd-timers or similar. See this Wiki article for more information.
  • Then, run wg-quick up ./wg-cghmn.conf, perhaps requiring doas/sudo, to bring the tunnel up and connect to the network!

This should bring whatever system you've set the tunnel up on onto the network and is now reachable for other members on the network, as long as the firewall on your device is congfigured accordingly, of course.

#TODO: Add example of routed subnet configuration, perhaps on a different Wiki site

But wait, what even is their routed subnet?

Each members routed subnet comes per default from the 100.96.0.0/13 IPv4 block and has a /24 mask. This subnet is their "Retro LAN", to which all their retro computers are hooked into via the router of their choosing. By default, NAT is enabled on the routers, so it wouldn't make a difference which subnet is used on the remote end for the retro machines. However, if someone wants to host servers in the CGHMN and doesn't want to do port forwading, they can disable NAT and let other membres directly connect to their machines via this routed subnet.

To get the routed subnet of a member, take the number from the last octet of the Wireguard tunnel IP of a member, say 100.89.128.6, and put it into the third octet of the 100.96.0.0/13 IP block and replace the /13 with /24, so you get 100.96.6.0/24. That is their routed subnet, simple as that!

After you get connected

There are a few optional things you might want to do.

Network mailing list

There is a mailing list you can subscribe to if you want to be notified about things that may affect CGHMN or core services. You can subscribe to the list here: https://berwick-upon-tweed.cobaltqu.be/postorius/lists/cghmn-announce.lists.cobaltqu.be/.


If you need to post to the list, you will need to subscribe before you can be added to the list of poster.

Explore things available on the network

There is a collection of services people are running - things like email/hosting/chat/search/etc.

Retrieved from "https://wiki.cursedsilicon.net/index.php?title=How_to_Get_Connected&oldid=346"