Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
> The next version will make it much simpler to deploy isolated networks by using TLS roots to prevent accidental peerings.
Is that PR #1038 [1]? Any info on how to use that feature and whether it works over multicast as well?
I noticed this PR uses SHA-1 for matching fingerprints. SHA-1 has been broken for 13 years now. Is it possible to use something more secure?
> It's also worth noting that Yggdrasil doesn't have the equivalent of "peer exchange" — only directly connected peers would ever find out your public IP address. Yggdrasil will not form new peerings automatically, with the single exception being multicast-discovered nodes on the same LAN.
Right, my worry is that by having a server with a public IPv4 address and Yggdrasil running on an open port (so that my other nodes can connect to it) will allow someone to connect to it (either on purpose or accidentally) and cause my traffic to route over their node(s) and/or the public mesh.
Thanks!
[1] https://github.com/yggdrasil-network/yggdrasil-go/pull/1038
Slack's Nebula is another great open source mesh VPN application: https://github.com/slackhq/nebula
https://webvm.io/ supports WebVM runs x86 binaries in WASM on any browser w/ ("CheerpX includes an x86-to-WebAssembly JIT compiler, a virtual block-based file system, and a Linux syscall emulator") and for external sockets there's Tailscale networking.
IIUC that means an SSH client in a WebVM can connect to a (tailscale (wg)) VPN mesh