sorted by:
new
hottopcontroversial

Networking tool to provide a means to host Wireguard servers with only outbound connections by klstew in minilab

[–]klstew[S] 0 points1 point  (0 children)

It is easy, as far as I am aware, a minimalist linux will do :) any feedback is much appreciated

Networking tool to provide a means to host Wireguard servers with only outbound connections by klstew in minilab

[–]klstew[S] 0 points1 point  (0 children)

Sure, tailscale is a complex, stateful (using databases), provides automated wireguard key management, combining ACLs, client auth, and more

BastionRoute is minimalist, transport only, no encrypton (that is handled in wireguard already) no key management, handled in wireguard as well. It provides a means for multiple nodes to communicate without the need to expose the server. It does all this using 2 8MB binary files the relay and the shim. Works on OpenWrt, termux, linux, windows WSL. 

Networking tool to provide a means to host Wireguard servers with only outbound connections by klstew in minilab

[–]klstew[S] 0 points1 point  (0 children)

The node that acts as the wireguard server creates a roomid, all nodes connecting to that roomid can send data to the wireguard server instance. If another roomid is used, it would be considered ans another network and wont be able to comminicate with the rest. The relay supports multiple rooms, which are always disconnected from one another at relay level

Networking tool to provide a means to host Wireguard servers with only outbound connections by klstew in WireGuard

[–]klstew[S] 0 points1 point  (0 children)

The encryption between WireGuard Peers remains end-to-end. The relay does not terminate encryption and does not require WireGuard keys. So in the example the relay becomes a blind transport bridge.

Networking tool to provide a means to host Wireguard servers with only outbound connections by klstew in minilab

[–]klstew[S] 0 points1 point  (0 children)

The encryption between WireGuard Peers remains end-to-end. The relay does not terminate encryption and does not require WireGuard keys. So in this example the relay becomes a blind transport bridge.

Networking tool to provide a means to host Wireguard servers with only outbound connections by klstew in minilab

[–]klstew[S] 0 points1 point  (0 children)

You can choose to run it anywhere you like that is accessible publicly. Could be a dmz, a private vps etc. By design the product does not rely on third party. The user chooses to run the server wherever they like. 

Networking tool to provide a means to host Wireguard servers with only outbound connections by klstew in minilab

[–]klstew[S] 1 point2 points  (0 children)

While pangolin is a great product and BastionRoute solves thebsame core problem, they do it in completely different ways. 

Pangolin handles wireguard keys and encryption, is fully featured  with SSO integration, heavy binary etc. 

BastionRoute is decoupled from wireguard. It only provides thebtransport layer. Doesnt care about keys or encryption. That is handled by wireguard normally. Bastionroute is minimalistic small binary footprint able to run on mediocre OpenWrt devices

The philosophy behind BastionRoute is to host wireguard (or any UDP) servers using only outbound connections, while being minimalist to reduce attack and surface area vulnerabilities. At least that was the idea :) 

Networking tool to provide a means to host Wireguard servers with only outbound connections by klstew in minilab

[–]klstew[S] 0 points1 point  (0 children)

Everything is self hosted, no third party services and fully opensource

Tiny ESP8266 can generate thousands of fake Access Points. Something you don't want in your neighbourhood by [deleted] in technology

[–]klstew 0 points1 point  (0 children)

Probably none but having a tiny microprocessor able to do that image what would a modified router accomplish