Welcome to Cormanet – Sicherhafen. A hardened network appliance that wraps you in a private, firewall-protected LAN while you roam insecure public networks. Support: 000000@pm.me
Sicherhafen means "safe harbor" in German. It is a dedicated network router that creates a hardened private LAN wherever you are — hotel, café, office — shielding up to 50 devices from the hostile public network outside.
iptables enforces strict ingress/egress policies. Unsolicited inbound connections are dropped before reaching any device on the LAN.
WAN and LAN interfaces are fully separated. Your private traffic never touches the untrusted upstream network directly.
The router is your gateway — it forwards requests through WireGuard VPN tunnels, masking your real IP and encrypting all traffic end-to-end.
The onboard DHCP server provisions up to 50 simultaneous devices. Every connected device inherits firewall and DNS protection automatically.
Pi-hole acts as DNS resolver and ad blocker for the whole network. Ads and trackers are killed at the DNS level — no extensions needed.
Traffic exits through 0000's multi-hop VPN chain: Spain → Switzerland → Iceland. Your ISP sees nothing but encrypted noise.
Sicherhafen intercepts all traffic before it can reach the hostile public network, processes it through several security layers, and delivers it cleanly to your device.
The WAN interface plugs into the insecure upstream (hotel Wi-Fi, café hotspot, ISP). All traffic arriving here is treated as hostile by default. The firewall drops everything that wasn't explicitly requested.
You join the router's private LAN via the marked RJ-45 port or its own Wi-Fi access point. DHCP hands you an IP, sets Pi-hole as your DNS, and places you inside the protected zone — isolated from external threats.
Before any domain is resolved, Pi-hole checks it against its blocklists. Ad servers, tracking pixels, telemetry endpoints — all silently dropped. Clean queries are forwarded to upstream resolvers.
Outbound packets enter a WireGuard tunnel that routes through Spain → Switzerland → Iceland before hitting the destination. Your hotel or ISP sees only encrypted WireGuard packets. The destination sees Buzzster's Icelandic exit IP.
The reply travels back through the VPN chain and is decrypted by Sicherhafen. Your device receives clean data — never having communicated with the public network or any server directly.
SicherShield is the combined security layer running inside Sicherhafen — iptables firewall, WireGuard multi-hop VPN, and Pi-hole DNS sinkhole — all active simultaneously, all automatic.
Stateful packet filtering with default-deny policies. Every chain is locked down; only explicitly permitted traffic passes.
State-of-the-art VPN protocol. Multi-hop routing through three jurisdictions. Your ISP sees nothing but encrypted datagrams.
Network-wide DNS sinkhole. Ads, trackers, and malicious domains die at the resolver — before any connection is made.
Pi-hole runs as the LAN's sole DNS resolver. Every query from every device passes through it. Blocked domains are sinkhol'd locally — the request never leaves the router. Legitimate queries are forwarded upstream through the WireGuard tunnel.
A full graphical dashboard at http://10.104.19.2/admin lets you browse query logs, manage per-device access rules, and configure domain allow/blocklists. You decide which devices can reach which domains.
http://10.104.19.2/admin10.104.19.2DHCP (automatic)Connect to the marked RJ-45 port on the Sicherhafen box and you're instantly inside the shielded LAN. Internet access requires a WAN connection — via the labeled Ethernet port or Wi-Fi configured through SSH.
10.104.19.1For internet access via Wi-Fi, SSH into Sicherhafen and run these commands. Use zsh or a terminal with color support for best experience.
ssh kaixo@10.104.19.1
http://10.104.19.1http://10.104.19.2/adminssh kaixo@10.104.19.1A small, focused team built this from the ground up. Every component chosen for security, reliability, and simplicity.
Designed, built, and maintains the entire Sicherhafen system — hardware configuration, firewall rules, Pi-hole integration, WireGuard tunneling, and this manual.
000000@pm.meProvides the multi-hop WireGuard VPN infrastructure (Spain → Switzerland → Iceland) through 0000, ensuring zero-knowledge routing and maximum jurisdictional privacy.
000000.com ↗Handled all external communications, coordinated outreach, and led real-world testing of the Sicherhafen system — stress-testing the network across multiple environments and use cases.
If you run into issues with your Sicherhafen router, reach out directly. We'll sort it.
Contact support
000000@pm.me