search

SwitchCraftCC / issues

Report general bugs for the SwitchCraft 3 server here. This tracker is NOT for exploits - please disclose those responsibly and privately to a member of staff.
1 stars 0 forks source link

Feature proposal: Yggdrasil support #87

Closed khankul closed 10 months ago

khankul commented 1 year ago

"Yggdrasil is an overlay network implementation of a new routing scheme for mesh networks. It is designed to be a future-proof decentralized alternative to the structured routing protocols commonly used today on the Internet and other networks." [1]

The network is quite popular[2], and connecting SwitchCraft to it will be seen as both a manifestation of the project's spirit and a step towards respecting players' privacy.

[1]: project homepage [2]: clearnet map

khankul commented 11 months ago

Another important point was brought to my attention: Supporting Yggdrasil would make it possible to connect CC computers on SwitchCraft with players' services that are locked down behind double NAT setups and the like. Right now, this can only be accomplished by relying on the commercial kind of third parties (e.g. ngrok), which may harvest and sell your data. It is also end-to-end encrypted by design, which waives the requirement to set up HTTPS for secure communication -- difficult to do for those who don't have a domain to begin with. This will allow players to host their services on any machine at their disposal, without having to fight their ISP -- all they need is an Yggdrasil client. For example, I can host a CC BBS right on my workstation and make it accessible to all players.

MineRobber9000 commented 11 months ago

It is also end-to-end encrypted by design, which waives the requirement to set up HTTPS for secure communication -- difficult to do for those who don't have a domain to begin with.

I can set up a domain and HTTPS in the span of... maybe an hour? Go to Free DNS, sign up, add a subdomain pointing at an IP address, set up a webserver (I like nginx or openresty (which is basically nginx but with lua support)) pointing at that address, run sudo certbot and follow the prompts for a free Let's Encrypt certificate.

Now, granted, I have access to a server that isn't behind double NAT (a friend of mine graciously puts up with my BS and lets me use a container on his proxmox host), but even then, as long as the server is web-accessible and the domain is pointing at the correct public IP (FreeDNS has a dynamic DNS setup so you can ensure the domain keeps pointing to the right place), you should be able to use certbot just fine.

umnikos commented 11 months ago

I think the point was mostly the double nat and not the domain stuff. Not all of us have such gracious friends so the best alternative is some cheap vps or to pay the isp for a public ip.

Lemmmy commented 11 months ago

Consider cloudflared

khankul commented 11 months ago

Before you use Cloudflare Tunnel, you'll need to complete a few steps in the Cloudflare dashboard: you need to add a website to your Cloudflare account. Note that today it is possible to use Tunnel without a website (e.g. for private routing), but for legacy reasons this requirement is still necessary.

To use Cloudflare, you need to own a domain.

Yggdrasil is free and doesn't require that you own a domain name.

migeyel commented 11 months ago

The whole thing seems a bit too ad-hoc to be worthwhile, considering that it would probably include changing more things than a single line in a configuration file.

w.r.t. connecting to tunneled services, I know it's a bummer. I didn't get to contract a VPS until recently so connecting to services from CC was a bit painful. The lp reflects that design in providing services completely through modem (although the way encryption was done still left some things to be desired).

If you want to talk to another device behind a NAT, or maybe even another CC computer running in another server, you could try writing code to interact with current websocket forwarding services like soqet (idk if it's still alive though).

scmcgowen commented 11 months ago

I think that sky’s ws forwarding thing is still up

hatkidchan commented 10 months ago

I'd still up that issue, using cloudflared/ngrok/etc is not an ideal solution Though, Yggdrasil is being updated from time to time, so I'm not sure if keeping it up to date would be worth it And I'm not sure how well CC works with IPv6 in general

it would probably include changing more things than a single line in a configuration file.

Yeah, installing one more package and adding some peers in the ygg config file. That's it

Relying on services ran by individuals (like sky's ws) is suboptimal, since who knows when they will break or go offline I think Yggdrasil (or i2p) would work perfectly here, since, unlike tor, neither of those have that baggage of problems your average anonymous routing service has (because Yggdrasil is not anonymous, peer owners can just look at their logs that show both your real IP address and your Yggdrasil address)

I'd use it myself on SC too, if it was available here, even though I have a spare VPS to host things on

khankul commented 10 months ago

And I'm not sure how well CC works with IPv6 in general

I still hope we'll find out!

Yeah, installing one more package and adding some peers in the ygg config file.

And also firewall Yggdrasil to only access the server itself, or the proxies, or whatever is applicable for SC. That should take care of the security aspect.

hatkidchan commented 10 months ago

Firewall might not be necessary even, if we use yggstack instead.

Config for it would look like that then:

[http]
    enabled = true
    # ...
    [http.proxy]
    port = 1080
    host = "127.0.0.1"
    type = "SOCKS5"
    # ...
    [[http.rules]]
        # not sure if that's the correct usage
        host = "0200::/7"
        action = "allow"
        # is there a way to make it use some specific proxy?
        use_proxy = true