Meshnet - Direct connection and kernel wireguard?

NordSecurity / nordvpn-linux

NordVPN Linux client

GNU General Public License v3.0

305 stars 43 forks source link

Meshnet - Direct connection and kernel wireguard? #640

Open vampywiz17 opened 1 week ago

vampywiz17 commented 1 week ago

I found now Meshnet option and i test it.

Before i use tailscale and i have some question with meshnet.

it use kernel based wireguard?
It able to make direct connection or the data pass through the relay servers every time?

mariusSincovici commented 1 week ago

Hi,

Yes, the application uses the WireGuard kernel module.
Meshnet will try to make direct connection between peers. Servers are used until the direct connections are established or as a fallback if there are issues and it is not possible to have direct connection.

If you need more information about Meshnet you can find https://meshnet.nordvpn.com.

Thank you for trying Meshnet.

vampywiz17 commented 1 week ago

@mariusSincovici Thanks for the information! Is there a way to check the connection status (direct or relay) I'm testing it now and unfortunately it doesn't work on the company network (strong firewall rules) is it possible to "help" the connection with another device (e.g. my home server) like port forward or something?

mariusSincovici commented 1 week ago

Hi,

For the moment the CLI is not displaying this information, it is available into the application logs. But an easier way to get it would be with WireGuard tools: sudo wg show and nordvpn mesh peer list. WG tools will display the status of all the WG connections. There each peer has its public key and the endpoint. If the endpoint is not 127.0.0.1, then it is a direct connection. To know which peer is which from your Meshnet you can use nordvpn mesh peer list. This will give peer information + public key(same with WG tools).

e.g.

$ sudo wg show

peer: <key1>
  endpoint: 127.0.0.1:1234

peer: <key2>
  endpoint: <public_ip>

$ nordvpn mesh peer list
Nickname: peer1
Public Key: <key1>

Nickname: peer2
Public Key: <key2>

In the above peer2 has direct connection, while peer1 doesn't.

Regarding the "help" to improve direct connections. This depends on the company network settings. For example if the firewall is blocking then would require firewall rules changes.

vampywiz17 commented 1 week ago

@mariusSincovici

My current config is that my home i isntall nordvpn on my server. Of course i manage my server fully. My firewall is OPNSense. so it possible to set something on my home side, to able to access it to company network ? (in these side i use my mobile device)

For example, I need to enable NAT-PMP to make direct connection on Tailscale. Simiral "tune" option are exist with meshnet?

mariusSincovici commented 5 days ago

Hi,

We need to look into this in greater detail with the team working on the NordLynx protocol to determine if we can implement a similar approach for direct connections, or if it requires changes on their end for OPNSense.

We'll keep you informed as soon as we have more information on this.