I never could get Nix working but maybe someone will
Isn’t that same as Tor?
Not in the least
Wireguard is p2p.
EDIT: I guess the point is it’s doing peer discovery without static public IPs or DNS. Pretty cool!
Or port forwarding. You have to open a udp port for wireguard
Interesting, it’s on AUR, I will try it.
So it doesn’t need any port forwarding, and works on CGNAT? How the “NAT hole punching” works? Both clients connect to something on IPFS?
Afaik, for DHT with torrent, clients need to know at least one tracker, what is the “tracker” here? Something on IPFS? Who am I sending my IP addresses?
How much overhead does this add to speed? I love with Wireguard, that it’s barely noticeable, really close to p2p speeds, OpenVPN was awful in this regard.
The PKGBUILD looks like it is just building via go. I’m not sure how you would configure it without Nix. I’ll try building it.
Nix just calls the *.nix files, it’s still go under the hood. PKGBUILD is similar to the flake.nix and package.nix files to me, but I have no experience with nix.
First off great find. I didn’t think to check the AUR. I personally wouldn’t use it as that version is 3 years out of date but its existence means that it might be entirely possible to get a non Nix version. I’m not sure I fully understand why it needs Nix OS but what do I know.
It is all libp2p magic
There have been lots if talks on libp2p and Nat traversal. I suggest you check them out. How it actually works is pretty complex and requires someone more knowledgeable than me to explain. One way it works is that both devices start a TCP connection at the same time which gets the proper ports to open up.
AUR packages ending with"-git" or “-svn” always pull the latest commit from source. The version number means that was the last time the packager had to change something on the PKGBUILD script, not the actual version which would be installed.
Where should I look? Where were these talks? I’m interested.
Edit: I found the whitepaper about hole punching: https://research.protocol.ai/publications/decentralized-hole-punching/
It says it connects to a “Hole Punch Coordination (DCUtR - Direct Connection Upgrade through Relay)”. So for NAT traversal to work, you need a third party, this relay. As I expected. I guess you can self host this, but than you could just host a wireguard server. I guess if you are on a locked down network where you cannot connect to any relay (e.g. how the Chinese Great Firewall works technically they could block it) you can’t initiate a connection behind a NAT.
Nonetheless it seems interesting, but no magic here. Maybe the big difference that the relay servers are distributed, so no central authority to block easily.
Sounds relatively similar to Yggdrasil
Not quite
What are some key differences?
It uses libp2p
I’ve never used Yggdrasil but it looks like a standalone project. It also appears have a smaller team and a little less funding but don’t know for sure.
Fair, Yggdrasil is mainly intended for research in internet-scale routing through a mesh network and less as a finished product.
Never heard of libp2p before, but apparently it’s used by IPFS? Looks pretty interesting indeed.
This reminds me of nebula although nebula does require a central server to coordinate hosts.
https://docs.google.com/document/d/e/2PACX-1vRJoW_UukWZJKl0w_u1GmWHxKSlVnYs-UnZmyGpTPzpt3GaXzCvYlUacc88U2n1mhonA13Mg1Or1pjt/pub">https://docs.google.com/document/d/e/2PACX-1vQ0kWQgAcXS3fMwxuWgX2H0l5YSQ3N3zyhg3kx3FXXYKxQ_aK_KuokQN44OeZfK8K4T4Mpw2kt55lpM/pub https://docs.google.com/spreadsheets/d/e/2PACX-1vSBKrc0GNIqYWG0Di78-NiUNT3-9-klPKiVsfJW9K5s9jG16KX7TxsXdIIYHAQkd4nrmpu-ko3X7OVz/pubhtml">https://docs.google.com/spreadsheets/d/e/2PACX-1vSBKrc0GNIqYWG0Di78-NiUNT3-9-klPKiVsfJW9K5s9jG16KX7TxsXdIIYHAQkd4nrmpu-ko3X7OVz/pubhtml
I hope you aren’t expecting people to just randomly click a Google docs link.
This is highly sus
deleted by creator
What about Tailscale? I know it’s Proprietary software, but still.
Tailscale… is not that good. The underlying wireguard is robust, but tailscale control plane is completely proprietary, as well as their DERP servers that it too often uses completely needlessly. They can also block you off from downloading it, updating, or logging in, if you happen to be in a wrong country.
I’m myself looking for an alternative to it, but having trouble finding something I could share with non tech savvy friends while not being as complex on my end as, say, open/strongswan ais. Any suggestions welcome.
Headscale worked for me, but I get the non-tech saavy friends part doesn’t quite jive with it as a solution.
Still, anyone wanna ditch Tailscale and only use it for hosting sites across proxies? Headscale is great.
Have you considered having Headscale on a cheap VPS? We are actually doing that and it is pretty capable. IIRC, you can configure not to use the tailscale servers at all, and use your own public VPS for coordination. Bonus point, tailscale hired the Headscale developer and maintainer, and they are allowed to work on Headscale while on their payroll. The team looks very much into FOSS.
Yep. That’s the number one contender. Well right after overriding default DERP’s with my own VPS machines. I’ll definitely try it out over some weekend.
One of my other concerns with this and other solutions suggested is the reliance on wireguard which can be subject to fingerprinting and censorship. Do you happen to know if it’d be possible to swap out Headscale’s implementation of wireguard to amnezia? I’ll have to do my homework anyway, but who knows, maybe there are some pitfalls to avoid.
I use zerotier personally
https://netbird.io/ maybe?
Tailscale is actually a lot more open than you think. The agents are all foss and there is a self hostable version.
