search

Start9Labs / start-os

Open source Linux distro optimized for self-hosting
https://start9.com
MIT License
846 stars 86 forks source link

[feat]: Wireguard #1607

Open kn0wmad opened 1 year ago

kn0wmad commented 1 year ago

Prerequisites

Describe the Feature Request

Wireguard config as a feature within the UI. This could be a "VPN" section, containing a UI form to add the pertinent Wireguard peer data

Describe the Use Case

Create IPv4 connections for all services without revealing the IP address of the Embassy's network

Describe Preferred Solution

No response

Describe Alternatives

No response

Anything else?

No response

k0gen commented 1 year ago

Cool - consider using ZeroTierOne for configuring and managing Wireguard.

beeforbacon commented 1 year ago

Wireguard client added to Embassy system services would be great.

AndySchroder commented 1 year ago

This request seems to pertain to making outbound wireguard connections to expose a new public IPv4 address (using a VPN provider that offers a static IP?) for incoming connections. In this case, the data is encrypted to the VPN provider, but clients accessing services remotely use many https connections instead of wireguard to encrypt data.

It would also be very beneficial to expose a wireguard service to allow for remote client connections to make a single wireguard encrypted connection back to the start9 computer, then allow for all services to use just http (like with tor) as if they were using the kiosk mode on localhost. Wireguard setup is a lot easier than doing CA setup on a bunch of different applications on your PC. Also, wireguard authenticates too, so you could probably do away with the need to even log in within the web browser.

kn0wmad commented 1 year ago

This functionality has been scoped out as part of a much larger (less naive) feature-set. Details will come later this year

AndySchroder commented 1 year ago

This functionality has been scoped out as part of a much larger (less naive) feature-set. Details will come later this year

Nice!

Also, I made this post yesterday: https://stacker.news/items/155121 . Considering whether there is any demand for a lightning enabled wireguard tunnel that provides you a dedicated public static IPv4 address. Not sure if there is any overlapping interest?

Also, looking into some more options besides wireguard, would Yggdrasil (https://yggdrasil-network.github.io/) be something you might consider or have already investigated? It requires the service to be installed by all users, but you gain a lot from that nuisance.

kn0wmad commented 1 year ago

Very cool, I'll share your post out with parties that I know are looking for solutions like this.

We definitely have an eye on Yggdrasil, Reticulum, CJDNS, etc. These types of protocols will likely be a part of the next networking paradigm after we have established our protocols for 'clearnet.' We will also have a simple system for fallback/privacy networks (in addition to Tor) available as per-service options, such as i2p.

EthnTuttle commented 5 months ago

Here for any Reticulum talk. Ecash related Reticulum nostr note.

"Very basic cashu wallet in Python and Kivy. Just sending and receiving ecash tokens for now. You can receive from different mint, but there's no way to select.

But the point is not to create another cashu wallet, there are many good ones, but to be able to communicate with the mint through Reticulum based mesh network (that's why I needed pure Python, because that's how you send LXMF messages now).

If interested, give it a star and watch how I develop it: https://github.com/jooray/nutband

Pull requests welcome.

https://nostrcheck.me/media/jooray/10a7e73eb9b635d704754436112bec877db4802e64310991c75ff7c0cd1f299e.mp4"

https://njump.me/nevent1qqsx6j6s888a2lsrjmjdzv75thvanlma0h64eg20jdxtmpn732kxefgpp4mhxue69uhkummn9ekx7mqzyrdtd3sxt3pehxa0kzc0rl66p35zww7wtsv4nfq43tt2wzz375rmvqcyqqqqqqgwqa6r8

kn0wmad commented 5 months ago

Here for any Reticulum talk. Ecash related Reticulum nostr note.

"Very basic cashu wallet in Python and Kivy. Just sending and receiving ecash tokens for now. You can receive from different mint, but there's no way to select.

But the point is not to create another cashu wallet, there are many good ones, but to be able to communicate with the mint through Reticulum based mesh network (that's why I needed pure Python, because that's how you send LXMF messages now).

If interested, give it a star and watch how I develop it: https://github.com/jooray/nutband

Pull requests welcome.

https://nostrcheck.me/media/jooray/10a7e73eb9b635d704754436112bec877db4802e64310991c75ff7c0cd1f299e.mp4"

https://njump.me/nevent1qqsx6j6s888a2lsrjmjdzv75thvanlma0h64eg20jdxtmpn732kxefgpp4mhxue69uhkummn9ekx7mqzyrdtd3sxt3pehxa0kzc0rl66p35zww7wtsv4nfq43tt2wzz375rmvqcyqqqqqqgwqa6r8

You may like to post this in the dev section of our Community Hub for more exposure.