Our great sponsors
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
netbird
Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
-
-
(Tailscale engineer here)
That's https://github.com/tailscale/tailscale/issues/1572 which we haven't given up on. It's just not done. We did it for macOS and we thought the same thing would've worked for iOS (they share ton of the same code) but it apparently didn't work.
The mobile apps have been a low priority thus far. We just recently hired some people to work on them, though.
The highest priority for them currently is fixing battery life (we do some dumb things when LTE + wifi are both available, and when using exit nodes, and some unnecessary heart beating that sucks on mobile) and then there's also a mobile app redesign (or just "design" coming).
We like Headscale and we're super glad that it exists. (they saved us some work by doing it first, as our control server wasn't in a releasable state) We keep Juan et al updated when there's protocol changes or things they can do. (e.g. recent https://github.com/juanfont/headscale/issues/552)
(Tailscale engineer here)
That's https://github.com/tailscale/tailscale/issues/1572 which we haven't given up on. It's just not done. We did it for macOS and we thought the same thing would've worked for iOS (they share ton of the same code) but it apparently didn't work.
The mobile apps have been a low priority thus far. We just recently hired some people to work on them, though.
The highest priority for them currently is fixing battery life (we do some dumb things when LTE + wifi are both available, and when using exit nodes, and some unnecessary heart beating that sucks on mobile) and then there's also a mobile app redesign (or just "design" coming).
We like Headscale and we're super glad that it exists. (they saved us some work by doing it first, as our control server wasn't in a releasable state) We keep Juan et al updated when there's protocol changes or things they can do. (e.g. recent https://github.com/juanfont/headscale/issues/552)
You don't need to dream about it. You can absolutely do this today with OpenZiti. You just need to be able to set it up which is - imo (I am a dev on the project and wrote the quickstarts) just as easy to get up and running as anything. I do it in "under a minute" but I work on the project so my timing is not fair... :)
You can find information about it over at https://openziti.github.io/ you don't even need to trust the software itself. You can add a 3rd party certificate to the server and mint your own private keys/certs and deliver them to your friends and have 100% control over where and how and whom you trust. You control access down to individual services, not CIDR blocks, not IP addresses. You can embed the sdks into any of your own apps if you're into that sort of thing. :) you could setup a relay server in some cloud provider for the 'untrusted' traffic (hmmmm you make me wonder if we could integrate with tor somehow now too...)
Seems like it'd do most/much of the things you want it to. I'd be happy to help you out. We have a discourse you can post questions to.
There exist ZeroTier too, with which can be self-hosted.
Indeed, this is why I won't use it either. I settled on Slack's Nebula[0] instead of wireguard because it managed direct p2p links for me.
There also exists an open source implementation of the tailscale control server[1] that you could self host.
> I’ve been dreaming lately of a tor-like network that’s based loosely on the idea of tailnets. Rather than blockchain bullshit, you’d have a direct ring of trust with friends, and then you could set up access policies to forward packets for people you don’t trust, but who know someone you do trust.
Might want to check out Yggdrasil. It lets you can create a real mesh routed, E2E encrypted network. You can keep your network private, or connect it to the greater network and route others. There's no ring-of-trust (I can't imagine that as a viable solution at scale). But the config file has an AllowedPublicKeys section if you want to specify who can route through your node.
And what should replace it? Rust? Cargo? Oops. (I believe 1Password uses Rust for security-sensitive parts too, btw.) I'd genuinely like to know what the correct tech stack for a password manager is today because using the right one is important to my current endeavor.
Regardless at Uno we're working on a password manager with a native app and rust core. It's geared more towards everyday consumers than power HN users, but you might find it interesting. The rust core including api server is open source right now because that's one point where we diverge from 1P. Whatever tech stack you choose, it needs to be openly auditable so that the community can collectively ensure it remains secure. https://github.com/withuno/identity
Related posts
- Solution for a tunnel like connection from my VPS with some Docker containers that need LDAP auth to my homenetwork with a active directory?
- Looking for Cheap Minecraft Server for 10 people with Good ping here in PH
- accedere SSH fuori rete
- How to backup/sync files from multiple remote Ubuntu instances
- Request guidance on Multi-site (each site behind CGNAT) connectivity using a self-hosted VPN server hosted in public cloud