From MCH2022 wiki
Jump to navigation Jump to search

Rules of Conduct

  • Be fair! Do not do to others what you do not wish done to yourself!🌈
  • Protect your computer! We cannot be held responsible for any damage your computer may face due to attachment to our network. Be reminded that both internet access and the local network are unfirewalled and unfiltered. Even well-maintained systems can be attacked and get hacked, even more so at a hacker event.
  • Do not run your own DHCP server! Doing so is harmful.
  • Do not send IPv6 Router Advertisements.
  • Do not ARP spoof or otherwise impede the operation of the network!
  • While we are generally quite able to find and disconnect you in case of network misuse if necessary, we still prefer to not have to do so and that everybody respects the other visitors.
  • Think twice before you do something that affects others! If you hack someone, you might be prosecuted. Be aware that we cannot prevent law enforcement from acting within or related to our network.👮🚨🚔
  • Do not connect S/FTP or F/FTP (so called shielded cables) to a Datenklo; this is to prevent ground-loops.
  • See also Rules for wireless equipment.


There will be wired 100BASE-TX/1000BASE-T/10GBASE-T ethernet on the camping grounds and in the caravan area by means of so-called "Data Toilets" or "Datenklos". Look for construction toilets with tin foil wrapped around them.

You can lay your own cables, but please do so in a tidy manner. You must not cross any roads, paths or borders between camping grounds. Always lay your cable from the Datenklo towards your tent to keep any slack close to your tent. Leave 5m of slack cable at the Datenklo. You can simply leave the end of your cable at the Datenklo, it will be connected by helpers at regular intervals (during reasonable work hours). If you want your cable back, make a proper spool of it and leave that at the Datenklo or mark it accordingly. It will be disconnected for you to pick up.

The maximum line-of-sight distance to the next Datenklo will be approximately 50 meters. Cables will not be provided. A length of 50 meters is recommended. If that is insufficient, you will find someone within this range who has a switch and can plug you in. But bringing 60 or 75 meters won't hurt if you want to be sure. Do not bring SFTP or other shielded cables, this can cause harm you your and our equipment, we will not connect them (this is to prevent ground loops).

Optionally, bring & connect a small ethernet switch when connecting multiple devices. Please disable Spanning-Tree Protocol if you would connect a managed switch.

Wired connections are unfiltered. If you have (older) devices that cannot be trusted with unrestricted incoming connections, bring a router or firewall (and disable the wifi!).


You can't live without wireless access, so we've built an awesome wireless network again.

🤔 TL;DR, use our easy setup tools for Android Apple or Windows for secure WiFi connectivity, also see: Network/802.1X client settings.


Network Name (SSID)

The following SSIDs are provided:

  • MCH2022 (WPA2 802.1X (see below), 2.4GHz+5GHz) ✅ noc recommended ✅
  • MCH2022-open (open/OWE, 2.4GHz+5GHz)
  • spacenet (WPA2 802.1X, 2.4GHz+5GHz) - you can connect with a valid account if your hackerspace offers it.
  • eduroam (WPA2 802.1X, 2.4GHz+5GHz) - you can connect with a valid account if your university/college/school is offering eduroam.

WPA2 802.1X, encryption

Due to popular demand (and with security in mind) we provide WPA2 802.1X. This will encrypt your traffic, preventing attackers from sniffing your data. Keep in mind that this won't protect you from other network attacks and you should still be aware that you are at a hacker conference! Your link layer should be secure if you do certificate checking (see below).

You might think: "WTF!? Do I need to register a user and password blah, blah". Fortunately not. You can use any username/password combination using EAP-TTLS with PAP to login (example: "user: fbhfbhiaf pass: bgufwbnkqo" is valid), because we don't care who logs in and who you are. We just want to encrypt your data.

Users which use MSCHAPv2 (like Windows users with default 802.1X supplicant) should use a fixed username and password. You can use "mch/mch" or "guest/guest" as "username/password".

Client Settings

Also see Network/802.1X client settings for a list of OS-specific client settings.



Phase 1: EAP-TTLS
Phase 2: PAP


Phase 1: PEAP
Phase 2: MSCHAPv2 or EAP-MSCHAPv2 or PAP

CN =
CA = ISRG Root X1

SHA256 Fingerprint = 49:5E:92:97:C3:6F:2B:69:9E:31:EE:CF:1C:AA:B0:ED:CC:8A:B7:22:E4:DA:C1:91:33:CC:E7:35:0C:97:AA:11

Make sure you check the certificate in order to know you are connecting to the correct network (you should check on both the CN and the CA). Check here for the complete certificate.

Services VLANs

We're using WPA2 802.1X to push your client in the correct VLAN. The reason we are doing this is to keep the number of SSID's per wireless band to a minimum; this way we are saving airtime by not wasting it too much with 802.11 beacons/mgmt-frames. Use the following user/password combinations:

Username Password Result
mch mch Filtered connection with public IP address. Inbound connections from the rest of the campsite are possible, inbound connections from the Internet are blocked.
allowany allowany Unfiltered connection with public IP address
outboundonly outboundonly Filtered connection with public IP address. Inbound connections from the Internet or camp-site are not possible.

Please note the username AND password are case-sensitive.


To keep the wireless working for you, keep a few things in mind:

  • We're aware you can break the WiFi infrastructure. We're hoping that you won't and don't want to be chased by 3500 hackers through the Camp.
  • If you want to download terabytes of data, you might be better off connecting to the wired network
  • Don't set up your own accesspoint. However, if you have no other choice (for running experiments and such), please be nice and consider these rules:
    • Please do not operate non-WiFi/analog equipment in these frequencies.
    • 2.4GHz: use channels 1, 5, 9 or 13 @ 20MHz. Disable 802.11b.
    • 5GHz: use channels 36 or 140 @ 20MHz.
    • Minimum data-rate = 12Mbit/s, also for beacon-rate. Beacon interval 100ms or higher.
    • Limit the number of broadcasted BSSID's per radio to 1 or 2. No SSID spamming etc is allowed.
    • Do not prefix your broadcasted ESSID(s) with "MCH". Do not use "MCH2022" as your ESSID. Do not use other well-known ESSIDs.
    • Do not use high-gain antennas.
    • Limit your transmit-power for example to 6dBm or 4mW.


There will unfortunately be no co-location service at Camp. You are welcome to host a server in your tent/village and you can get a 10-gigabit copper uplink from one of the nearby datenklos. If you have any special requests regarding bandwidth please contact the NOC at noc *DOT* Please send your requests in English.

Also you might be interested in Village:YoloCation


We'd like to extend our immense gratitude to the following people and organisations who have been instrumental in making the MCH2022 network and uplink happen through their donations and sponsorship:

Hardware/material sponsors:

  • BIT ; UTP cable
  • Juniper ; core/edge-routers
  • FlexOptix ; optical transceivers
  • Tallgrass ; CWDM Optical Add-drop Multiplexers
  • EventInfra ; Access network (wired+wireless) and fibers
  • ; DWDM equipment for uplink, co-location and upstream connectivity (IP-transit)
  • Babiel ; Servers

Connectivity sponsors:

Other connected Internet Exchanges are: Asteroid, SPEED-IX and Frys-IX.


The MCH2022 NOC team has a Twitter account: @mch2022noc.


The MCH2022 network is operated under AS64404 (EventInfra): PeeringDB