turn
ziti-doc
Our great sponsors
turn | ziti-doc | |
---|---|---|
3 | 23 | |
1,688 | 34 | |
2.7% | - | |
7.2 | 9.6 | |
9 days ago | 14 days ago | |
Go | HTML | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
turn
-
Using WebTransport
> dedicated signalling
For my small projects I run my HTTP + WebRTC in the same server. My signaling is one POST. Maybe I am missing the complexity, but I don't feel any additional pain compared to running any network service?
> STUN Karate
Mind explaining more? I use https://github.com/pion/turn and run my STUN server embedded in my HTTP server. I do do anything but point my `PeerConnection` at `my-service.com`
-
Show HN: Weron – A Peer-to-Peer VPN Based on WebRTC Written in Go
There is a very neat implementation of a TURN from Pion
-
How do I deploy a TURN server for WebRTC apps on heroku?
I've tried node-turn in a node.js server, tried to execute pion/turn binaries directly so far but with no luck. `node-turn` works if I run locally and test it with my public ip address but the same doesn't work on heroku.
ziti-doc
-
OpenZiti - *everything* you need to implement your own secure, zero trust overlay network
100% agree! We just "need to get it done". It's been on our doc issue list for a while. https://github.com/openziti/ziti-doc/issues/74
OpenZiti vs BoringProxy has some similarities for sure. The simplest OpenZiti deployment is similar to a boring proxy deployment. The main differences will be that the listening ports "on the network" are going to be from the OpenZiti edge-router which will authenticate before allowing any connection using a strong x509 identity (not a token) and then after that the same identity can be authorized to access one or more services. That's one killer difference to me. There are lots of other things OpenZiti is doing that boringproxy isn't trying to as well. I filed an issue to do a comparison to that some day https://github.com/openziti/ziti-doc/issues/176 thanks for the idea! :)
-
How bad it is ? Security of self-hosted server
If you're interested in it, you can find it over at github - https://openziti.github.io. It's one more thing to setup and maintain so maybe that's a dealbreaker but since this is selfhosted - maybe not ;)
-
Alternative to manual IP exposing
I not long ago discovered OpenZiti, and to be honest I fell in love with it. I also have a dinamic IP, and I have even some other cases wheren from my place some IoT devices need to find my laptop wherever I may go (I travel a lot).
-
How we use and Secure SaltStack
https://openziti.github.io/ - gives a good intro
-
Bastion Hosts?
You can grab the quickstart of your choice at https://openziti.github.io/ if you are interested. I would very much enjoy trying to make you successful using it, if you were willing to try it out. You'll probably want a VPS to run it on so you can access it anywhere you want.
-
Zero Trust VPN/network solution
More on OpenZiti: https://openziti.github.io/ https://www.youtube.com/playlist?list=PLMUj_5fklasKF1oisSSuLwSzLVxuL9JbC
-
Show HN: Weron – A Peer-to-Peer VPN Based on WebRTC Written in Go
Wow, some awesome work here. I would be interested to know your thoughts on OpenZiti (https://openziti.github.io/). Its an open source project that allows you to embed private connectivity into your app using one of the many SDKs together with strong identity allowing outbound only connections. It is a mesh overlay similar to TURN but uses a concept of smart routing to normally reduce latency through circumvention of BGP. Various superpowers can be seen here - https://www.youtube.com/playlist?list=PLMUj_5fklasKF1oisSSuL...
-
Tailscale raises $100M to fix the Internet
Here is another (sort of), OpenZiti - https://openziti.github.io/. OpenZiti provides a mesh overlay network built on zero trust priinciples with outbound only connections so that we do not need inbound ports or link listeners. Similar to TS, you can host anything anywhere and has options to deploy on any popular host OS or as a virtual appliance.
What makes it realluy unique though is that it can actually be embedded inside the application via a suite of SDKs. Yes, private, zero trust connectivity inside an application! That provides the highest security and convenience as it can be completely transparent to the user!
Disclaimer, I work for the company who built and maintains OpenZiti so I am opinionated.
You don't need to dream about it. You can absolutely do this today with OpenZiti. You just need to be able to set it up which is - imo (I am a dev on the project and wrote the quickstarts) just as easy to get up and running as anything. I do it in "under a minute" but I work on the project so my timing is not fair... :)
You can find information about it over at https://openziti.github.io/ you don't even need to trust the software itself. You can add a 3rd party certificate to the server and mint your own private keys/certs and deliver them to your friends and have 100% control over where and how and whom you trust. You control access down to individual services, not CIDR blocks, not IP addresses. You can embed the sdks into any of your own apps if you're into that sort of thing. :) you could setup a relay server in some cloud provider for the 'untrusted' traffic (hmmmm you make me wonder if we could integrate with tor somehow now too...)
Seems like it'd do most/much of the things you want it to. I'd be happy to help you out. We have a discourse you can post questions to.
What are some alternatives?
livekit-server - Scalable, high-performance WebRTC SFU. SDKs in JavaScript, React, React Native, Flutter, Swift, Kotlin, Unity/C#, Go, Ruby and Node. [Moved to: https://github.com/livekit/livekit]
ZeroTier - A Smart Ethernet Switch for Earth
Pion WebRTC - Pure Go implementation of the WebRTC API
AdGuard-WireGuard-Unbound-Cloudflare - The ultimate self-hosted network security guide ─ Protection | Privacy | Performance for your network 24/7 Accessible anywhere [Moved to: https://github.com/trinib/AdGuard-WireGuard-Unbound-DNScrypt]
go-stun - A go implementation of the STUN client (RFC 3489 and RFC 5389)
stun - Fast RFC 5389 STUN implementation in go
node-turn - Node-turn is a STUN/TURN server for Node.JS
docker-adguard-unbound-wireguard - This solution is a combination of WireGuard, AdGuard Home, and Unbound in a docker-compose project with the intent of enabling users to quickly and easily create and deploy a personally managed full or split-tunnel WireGuard VPN with ad blocking capabilities (via AdGuard), and DNS caching with additional privacy options (via Unbound).
boundary-reference-architecture - Example reference architecture for a high availability Boundary deployment on AWS.
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security
netbird - Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
weron - Overlay networks based on WebRTC.