Fediverse

37958 readers

126 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 2 years ago

MODERATORS

ruud@lemmy.world

Xylinna@lemmy.world

MrCenny@lemmy.world

TragicNotCute@lemmy.world

automodbeta@lemmy.world

woelkchen@lemmy.world

Federated wireguard network idea (packmates.org)

submitted 2 years ago* (last edited 2 years ago) by Wander@packmates.org to c/fediverse@lemmy.world

5 comments fedilink hide all child comments

Federated wireguard network idea
Any feedback welcome.

Let's keep things stupidly simple and simply hash the domain name to get a unique IPv6 ULA prefix.

Then we would need a stupidly simple backend application to automatically fetch pubkeys and endpoints from DNS and make a request to add each others as peers.

Et voilà, you got a worldwide federated wireguard network resolving private ULA addresses. Sort of an internet on top of the internet .

The DNS entries with the public IPv4 / IPv6 addresses could even be delegated to other domains / endpoints which would act as reverse proxy (either routing or nesting tunnels) for further privacy.

Maybe my approach is too naïve and there are flaws I haven't considered, so don't be afraid to comment.

Exact use cases? Idk, but it sounds nifty.

#privacy #networking #VPN #wireguard #infosec

cc: @fediverse

top 5 comments

sorted by: hot top controversial new old

[–] breadsmasher@lemmy.world 0 points 2 years ago (1 children)

isn’t this just TOR

[–] Wander@packmates.org 0 points 2 years ago* (last edited 2 years ago)

@breadsmasher I have no idea how Tor works. In this case I would say most peers would have no problem disclosing a public IP, but it could have benefits in making resources in a private network accessible and as long as the endpoint can be reached those resources would be hosting provider agnostic.

I would say this is less about hiding user activity than it is about logical networks, abstracting away the hosting provider and allowing to knit together self hosted services, regardless of where they are hosted.

[–] Wander@packmates.org 0 points 2 years ago

@fediverse I've read that this is called an overlay network. Unfortunately many of the ones I've seen documented focus on keeping things in their own private networks which is okay but not fun.

ULA addresses require no permission and were designed precisely to knit together private networks. We can just use domain names and convert them via checksum into a static ULA /48 prefix. DNS can be used to announce routes, or eventually something more BGP-like given that ownership of a domain can be verified and thus authorization to announce routes.

If domains ever become a bottleneck one could use private TLDs with some consensus mechanism and even create multi-layer networks this way where packmates.layer.1 and packmates.layer.2 are two different networks even though they might have the same address range.

Anyways, I'll go out and touch some grass now.

[–] nysepho@furry.engineer 0 points 2 years ago* (last edited 2 years ago) (1 children)

@Wander @fediverse neat. sounds a bit like dn42, only federated and I am guessing without transit/routing to other users you aren't directly peered with?

[–] Wander@packmates.org 0 points 2 years ago

@nysepho @fediverse there would be routing without being peered directly by delegating your endpoint to another peer you trust (this can create an infinitely long routing chain depending on where you latch on so to speak, but you would be in control)