I was expecting these projects sooner rather than later.
In 10 years everyone will be using heavily-automated p2p VPNs like Tailscale. Tailscale is an amazing product but I do understand the case for running your own control plane.
We looked pretty heavily at ZeroTier for a project at my day job a while back, but ultimately walked away from it because it could not be entirely self hosted. There was always a connection to their plane at some level.
Looks like you can boot people off the network by disabling a peer, but it’s unclear when other peers will start dropping connections to disabled peers (if ever). I’ve opened an issue so hopefully we can find out :)
Jake! This is awesome. I really love the tooling UX for standing things up especially. Gonna play around with it later.
One thought is that subnet associations might be a little inflexible. I could imagine that a user in an ENG subnet might wanna quickly give one (and only one) person in NON-ENG temp access to a service. Seems like this kind of thing would only work easily if both the user and the service were already in their own subnets of 1 peer. Then again, I often am the one arguing against more powerful primitives for the sake of simplicity in ux and implementation.
This has come at a good time for me, I have been trialling a few of these p2p systems, and I’m looking forward to trying this one (no mobile support for now makes it a no-go). I love the simplicity of the whole concept and what it can achieve. As soon as I saw tailscale the penny dropped for me.
So far:
Tailscale works but is pricey as you scale. Still considering it however.
Nebula is a bit under-documented and requires config files everywhere. Also, it didn’t connect or even try to relay in a few tests I did.
Zerotier. What we are using at the moment. Very easy to run, even for free with a self-hosted controller. Good platform coverage including synology. However:
It does rely on zerotier servers to some degree
Occasional connection issues
No linux DNS so you either manually set servers or use public DNS (a trick I picked up from tailscale docs actually)
Ok now this is cool. I’ve been a big tailscale user/advocate, but this would allow me to add another service to my cloud server and all of a sudden I have a nice mesh vpn? SWEET!
I was expecting these projects sooner rather than later.
In 10 years everyone will be using heavily-automated p2p VPNs like Tailscale. Tailscale is an amazing product but I do understand the case for running your own control plane.
Keep it up!
I wonder why ZeroTier isn’t more popular. It already does all of this and more, is open-source, and has been working for years now.
ZeroTier doesn’t build on wireguard, for one. And I’ve seen people having lots of issues with it: https://old.reddit.com/r/zerotier/ .
Another thing in the genre of “Hamachi for not gamers”.
There’s a name I have not heard in a long time
True enough, but it works very well for gaming too. I played perfectly good “LAN” CS1.6 over 1000km.
We looked pretty heavily at ZeroTier for a project at my day job a while back, but ultimately walked away from it because it could not be entirely self hosted. There was always a connection to their plane at some level.
So this is basically the innernette?
Looks like you can boot people off the network by disabling a peer, but it’s unclear when other peers will start dropping connections to disabled peers (if ever). I’ve opened an issue so hopefully we can find out :)
https://github.com/tonarino/innernet/issues/9
This seems really cool. I have not tried it, but the vibe of this at least is really nice.
I especially liked this line:
I could even imagine this being used to collaborate on a project, using an internal git repository and associated services.
Unfortunately I can’t judge the security-related things, but the project certainly seems neat!
This sounds like it could be pretty fantastic for workflow.
Jake! This is awesome. I really love the tooling UX for standing things up especially. Gonna play around with it later.
One thought is that subnet associations might be a little inflexible. I could imagine that a user in an ENG subnet might wanna quickly give one (and only one) person in NON-ENG temp access to a service. Seems like this kind of thing would only work easily if both the user and the service were already in their own subnets of 1 peer. Then again, I often am the one arguing against more powerful primitives for the sake of simplicity in ux and implementation.
This has come at a good time for me, I have been trialling a few of these p2p systems, and I’m looking forward to trying this one (no mobile support for now makes it a no-go). I love the simplicity of the whole concept and what it can achieve. As soon as I saw tailscale the penny dropped for me.
So far:
Ok now this is cool. I’ve been a big tailscale user/advocate, but this would allow me to add another service to my cloud server and all of a sudden I have a nice mesh vpn? SWEET!
Keep up the good work!