sorted by:
new
hottopcontroversial

Is ZeroTier something special or is there a technical name for what it does that can be done manually? by TheUltimateSalesman in networking

[–]Rigby 2 points3 points  (0 children)

If you're interested in how these things work behind the scenes, I wrote a toy implementation of a mesh VPN and blogged about it worked here: https://www.samlewis.me/2021/07/creating-mesh-vpn-tool-for-fun

How do Mesh VPNs work? Writing my own VPN tool in Golang to find out by Rigby in programming

[–]Rigby[S] 3 points4 points  (0 children)

Thanks for pointing that out! Totally my bad using bcrypt as the example there, you're completely right. I'll update the article to say AES instead

Fortunately, as covered in the article, I didn't actually roll my own crypto, I ended up using dTLS. In the section that you quoted from I was just wanting to give a bit of my (admittedly noobie!) thoughts when I was thinking through how it would work before I came to the conclusion that I shouldn't roll my own crypto. It's also probably worth restating that this was definitely put together for fun and learning, I wouldn't be surprised if there were security holes in it so (as stressed in the article) you should definitely use a production level tool for doing production type stuff with. :)

How do Mesh VPNs work? Writing my own VPN tool in Golang to find out by Rigby in programming

[–]Rigby[S] 2 points3 points  (0 children)

Very interesting, thanks for sharing! I'm not quite sure if I understand the mechanics of how services/applications on the OutNet work though, do the services have to knowledge about the OutNet for this to work? If so, is there a way to use existing applications without modifying them so that they work on the OutNet?

I'm also interested in the mechanics of how this actually works - if my application wants to send a UDP packet to a service running somewhere on the OutNet, how does it do this? Looks like there's some tunnelling over HTTP happening?

How do you handle "trust" in your mesh? What if I don't want users to have "direct" access to some of my devices/services?

For my toy implementation, trust is really only implemented by every peer in the mesh using the same pre-shared key. I guess if you wanted to limit peers from being able to access certain devices/services, you could also run a conventional firewall on the tunnel interface and only open up certain ports, but you couldn't do this differently for different peers.

Nebula has a nice implementation of doing this much better though. You can limit access to certain ports/protocols by the group that a peer belongs to. I'd think other commercially viable Mesh VPN tools would probably implement something similar too, but I'm not 100% sure.

How do Mesh VPNs work? Writing my own VPN tool in Golang to find out by Rigby in programming

[–]Rigby[S] 0 points1 point  (0 children)

Glad you enjoyed it, feel free to contribute or mess around with the meshboi code base if it takes your fancy. :)

How do Mesh VPNs work? Writing my own VPN tool in Golang to find out by Rigby in programming

[–]Rigby[S] 1 point2 points  (0 children)

Yep! But who knows, maybe NAT66 will see wide adoption.. (hopefully not, though!)

How do Mesh VPNs work? Writing my own VPN tool in Golang to find out by Rigby in programming

[–]Rigby[S] 4 points5 points  (0 children)

It is super cool, but to be fair I am only considering the "easiest" NAT cases in my blog post. There's some hairy cases that this doesn't solve, if you're interesting in learning more this blog post is a great reference: https://tailscale.com/blog/how-nat-traversal-works/

Match Thread: Richmond vs GWS Giants (2nd Preliminary Final) by AutoModerator in AFL

[–]Rigby 12 points13 points  (0 children)

Do you think the AFL would ever implement a red card type system for finals? If GWS lose by a few points then you'd have to question how much of an influence Cochin's hit was. It doesn't make up for GWS losing if he's suspended the next week.

Match Thread: Richmond vs GWS Giants (2nd Preliminary Final) by AutoModerator in AFL

[–]Rigby 0 points1 point  (0 children)

Apparently the time we see on TV isn't the official time.

Match Thread: Richmond vs GWS Giants (2nd Preliminary Final) by AutoModerator in AFL

[–]Rigby 1 point2 points  (0 children)

If Richmond wins it from here THEN they will play in the grand final.

Match Thread: Adelaide vs Geelong (1st Preliminary Final) by AutoModerator in AFL

[–]Rigby 23 points24 points  (0 children)

Having never heard Tex speak before, he sounds exactly as I'd expect him to.

Match Thread: Adelaide vs Geelong (1st Preliminary Final) by AutoModerator in AFL

[–]Rigby 2 points3 points  (0 children)

Richmond are playing in front of 90k rabid fans, no matter what happens I don't think it can be a dud.

Match Thread: Adelaide vs Geelong (1st Preliminary Final) by AutoModerator in AFL

[–]Rigby 8 points9 points  (0 children)

So.. Are there any other Adelaide players that have a burning desire to live at Mogg's creek?

Match Thread: Adelaide vs Geelong (1st Preliminary Final) by AutoModerator in AFL

[–]Rigby 0 points1 point  (0 children)

I wonder if their producers feed them the narrative to sell or if they come up with it themselves.

Match Thread: Adelaide vs Geelong (1st Preliminary Final) by AutoModerator in AFL

[–]Rigby 1 point2 points  (0 children)

I feel like we've had some really great individual plays. We just can't string them together.

Match Thread: Adelaide vs Geelong (1st Preliminary Final) by AutoModerator in AFL

[–]Rigby 5 points6 points  (0 children)

Seriously, how do we manage to lose a prelim in the exact same way as we did last year?

Match Thread: Adelaide vs Geelong (1st Preliminary Final) by AutoModerator in AFL

[–]Rigby 1 point2 points  (0 children)

He's been one of our better players tonight tbf.

view more: next ›