New on LowEndTalk? Please Register and read our Community Rules.
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Categories
In this Discussion
- 2008-2021 © LowEndBox & LowEndTalk. Privacy Policy. Powered by Vanilla.
Back to Top | LowEndTalk | LowEndBox | Dark Theme Config | Advertise
Comments
You need to define "mesh" first, and go from that.
Mesh can mean that every node contacts every other node directly, without going through a central server. Wireguard already works just like that, by design.
Or mesh can mean self-healing: when there happens to be no direct connection between any two nodes (100% packet loss), other nodes stand in and start forwarding traffic to create a working route. Tinc can do this... but did you think of this requirement as your definition of mesh to begin with? Is this something that you actually see happen that often, and absolutely needs to be handled? I think not, so it is unfair to ditch WG as "not supporting mesh". It does do mesh per definition #1 above, which is more than enough for most cases.
For the more advanced case, mesh can mean that nodes create a dynamic path across them to provide you with the lowest latency. This is what @Neoon's project does, but again, I feel it's not what most people require when thinking of "mesh VPN".
True. booth.
The primary goal is providing the best route, so it isn't going through a central server.
Neither does the software depend on a central server.
Every node has a connection to every node.
If a link fails, the failover is going to take place in a few seconds.
Depending on which has the next best route, the link will be taken.
So you can call it self healing, since dead links are avoided.
Is this needed? Yes, gaming is mission critical.
What about Pritunl? Someone here tried it?
https://pritunl.com/
Neoon solution seems great and does what I need over IPv4, however I NEED IPv6. For me it is not a nice to have, 90% of all my VMs and servers are interlinked over IPv6 and 95+% have it. Going back to IPv4 is not an option, my home servers have to talk over IPv6 to avoid all that NAT shit, private addressing space and the like.
For the future, however, we all need a free internet. Freenet was great at the time but it is old and poorly maintained with little participation.
A simple, platform independent, client and fully encrypted communication between nodes, Tor style. Then keeping everything inside the network with no connection outside, but mirrors available of wikipedia, for example, either maintained by the wikimedia or by someone else, youtube, fb etc. provided either by ABC or Meta or direct links between a node or more exclusively for that, taking the censorship out of the internet and keeping all the current functionality.
We can bypass censorship with such a mesh and we can make it unbreakable even as some big players like ABC or Microsoft might block connections to mirrors, a mechanism where any node can make connections over the regular net to a specific list of blocked sites can work.
Connecting over UDP and distributing the packets through multiple routes would also make it untraceable with any kind of outside measuring and statistics, eliminate any geoblocking as well.
Of course, the latency would suffer, but a continuous adapting routing algorithm can create rivers along the largest bw nodes with the lowest latency. Traffic is getting cheaper and many people with fat pipes at low cost can join in. I would get 10 gb connections just for that, for example, costs me 10 Eur with VAT per month which is absolutely nothing for most people.
It uses already IPv6 for Transport if available and does tunnel IPv4 through it.
You can connect IPv6 only VM's to the Network.
I already had full IPv6 support in the older route bender, however it keep shitting itself when I used to browse over IPv6 using the Network.
I don't know why, I am not an IPv6 expert, however I blame my raspberry pi.
Since IPv6 seemed stable within the Network, just not on my PI.
I could not be bothered to fix it, since its not my main use case.
However, I can merge it into a separate branch or experimental and if people wanna help, they can.
I'm using it for my company's VPN, I like the client app but I haven't tried a mesh setup yet. To connect various LANs I ended up using Wireguard VM managed outside of Pritunl, since it needs to restart the VPN service for every route change and we have a use case where routes could change multiple times per day.
Tinc can be used for this: https://www.tinc-vpn.org/ and as mentioned Wireguard.
@Maounique You can give it a try.
https://github.com/Ne00n/wg-mesh/tree/ipv6
As tested right now with 2 machines, works fine for me.
Including forwarding traffic.
Better use experimental instead.
https://github.com/Ne00n/wg-mesh/tree/experimental
I did a few fixes, especially regarding IPv6 only machines.
Including a new API endpoint, to address this.
Finally I have a use for my Scaleway IPv6 only boxes.
There is a self hosted version of tailscale:
https://github.com/juanfont/headscale
I am using Netmaker (Kernel wireguard) & HeadScale (Self hosted Tailscale control plane/Userspace WireGuard)
There are some other WG based soulutions like Netbird, Innernet. Non WG based ZeroTier.
This all is self-hosted solutions. There is hosted TailScale, ZeroTier available too.
There's a windows client for Headscale?
https://github.com/juanfont/headscale/blob/main/docs/windows-client.md This is what their documentation says.
You can check it out, hope it helps!
@raindog308
any news, have you tried some of the solutions mentioned here as of now?
@all : has anyone ever tried vpncloud? Looks interesting as well (in short: like tinc but better performance?) but seems to be a single maintainer...
Wireguard is the answer.