upvote

points

by milkshakes4 hours ago |
comments
upvoteby tux34 hours ago|
next
[-]
Modern VPNs based on wireguard can do direct connections with hole punching. It's just a lot more work to setup on your own, or you have to sign-up to a SaaS like tailscale and use their relays, and they'll do the hole punching for you.

Here this is a decentralized network with a lot of existing public relays. But in principle a VPN can solve a lot of the same problems. It's just that commercial VPNs are not decentralized, and doing your own wireguard setup is a pain.

reply
upvoteby kkapelon4 hours ago|
prev|
next
[-]
Already possible with taiscale, netmaker, zerotier etc.

https://tailscale.com/blog/how-nat-traversal-works

reply
upvoteby danudey3 hours ago|
parent|
[-]
But only for devices already on that tailnet.

This allows you to provide information to an arbitrary person (a friend/coworker/etc) to let them access the thing without them having to jump through all the extra hoops of joining your tailnet/them joining yours/adding a VPN/etc.

reply
upvoteby 9dev2 hours ago|
parent|
next
[-]
With Tailscale at least, you can pretty easily share a node with someone else. If your target audience are solo developers or hobbyists, making it even easier to share access is surely nice; from the perspective of someone in charge of making sure our company IT is balancing security and ease of networking, the literal last thing I want is making it easier to grant someone access.

There are policies defining who can talk to what; they are deployed from a GitHub repository with defined rules on who can modify them and who has to review them; there are zero scenarios where I want an alternative way of granting access to any device or service under our control.

reply
upvoteby kkapelon3 hours ago|
parent|
prev|
[-]
but what exactly is the use case? I was responding to the nat traversal topic..

If I wanted to share something internal with a friend I would use ngrok or any of the million alternatives.

Anyway, this is exactly why my top-level comment says that this project needs a "versus" page in the docs.

reply
upvoteby UltraSane3 hours ago|
prev|
[-]
Cisco Dynamic Multipoint VPN will start by connecting to a central VPN server and then learn the public IPs of endpoints and automatically create VPN tunnels to them. It can scale to thousands of endpoints.
reply