1. 79
  1.  

  2. 11

    I was expecting these projects sooner rather than later.

    In 10 years everyone will be using heavily-automated p2p VPNs like Tailscale. Tailscale is an amazing product but I do understand the case for running your own control plane.

    Keep it up!

    1. 8

      I wonder why ZeroTier isn’t more popular. It already does all of this and more, is open-source, and has been working for years now.

      1. 7

        ZeroTier doesn’t build on wireguard, for one. And I’ve seen people having lots of issues with it: https://old.reddit.com/r/zerotier/ .

        1. 4

          Another thing in the genre of “Hamachi for not gamers”.

          1. 9

            Hamachi

            There’s a name I have not heard in a long time

            1. 3

              True enough, but it works very well for gaming too. I played perfectly good “LAN” CS1.6 over 1000km.

            2. 2

              We looked pretty heavily at ZeroTier for a project at my day job a while back, but ultimately walked away from it because it could not be entirely self hosted. There was always a connection to their plane at some level.

            3. 7

              So this is basically the innernette?

              1. 3

                Looks like you can boot people off the network by disabling a peer, but it’s unclear when other peers will start dropping connections to disabled peers (if ever). I’ve opened an issue so hopefully we can find out :)

                https://github.com/tonarino/innernet/issues/9

                1. 3

                  This seems really cool. I have not tried it, but the vibe of this at least is really nice.

                  I especially liked this line:

                  to make life easy, and is friendly with various sizes of networks: one for your organization, one for your project, one for your social circle

                  I could even imagine this being used to collaborate on a project, using an internal git repository and associated services.

                  Unfortunately I can’t judge the security-related things, but the project certainly seems neat!

                  1. 3

                    I could even imagine this being used to collaborate on a project, using an internal git repository and associated services.

                    This sounds like it could be pretty fantastic for workflow.

                  2. 1

                    Jake! This is awesome. I really love the tooling UX for standing things up especially. Gonna play around with it later.

                    One thought is that subnet associations might be a little inflexible. I could imagine that a user in an ENG subnet might wanna quickly give one (and only one) person in NON-ENG temp access to a service. Seems like this kind of thing would only work easily if both the user and the service were already in their own subnets of 1 peer. Then again, I often am the one arguing against more powerful primitives for the sake of simplicity in ux and implementation.

                    1. 1

                      Ok now this is cool. I’ve been a big tailscale user/advocate, but this would allow me to add another service to my cloud server and all of a sudden I have a nice mesh vpn? SWEET!

                      Keep up the good work!

                      1. 1

                        This has come at a good time for me, I have been trialling a few of these p2p systems, and I’m looking forward to trying this one (no mobile support for now makes it a no-go). I love the simplicity of the whole concept and what it can achieve. As soon as I saw tailscale the penny dropped for me.

                        So far:

                        • Tailscale works but is pricey as you scale. Still considering it however.
                        • Nebula is a bit under-documented and requires config files everywhere. Also, it didn’t connect or even try to relay in a few tests I did.
                        • Zerotier. What we are using at the moment. Very easy to run, even for free with a self-hosted controller. Good platform coverage including synology. However:
                          • It does rely on zerotier servers to some degree
                          • Occasional connection issues
                          • No linux DNS so you either manually set servers or use public DNS (a trick I picked up from tailscale docs actually)