if two nodes behind nat without public ip, can they make mesh vpn?

[youxiaojie]

if two nodes behind nat without public ip, can they make mesh vpn?

[m13253]

Currently no.

Technically possible. (with hole-punching algorithm)

[youxiaojie]

for eample, node a and b behind nat, if I have a third node c with public ip and port, and can I use this for a relay,just transfer for some nat port information ,that is to say under the c's help a b make a connection hole? is it feasible?

[m13253]

If you have the node C, this server can either help punch a hole between A and B. If the hole is established, A and B can communicate directly without further help from C. However, whether hole punching can succeed is determined by multiple factors (e.g. the configuration of the NAT gateway). If hole punch fails, node C can relay data between A and B.

Currently VxWireguard-Generator only supports relaying. The other mode is possible but I do not have time to implement it.

[innerop]

Random onlooker here.

You’d have to use a STUN server and neither nodes can have a symmetric NAT. At least that is my amateur understanding.

Cool project.

[m13253]

FYI, if you want a full-mesh VPN, you might want to try ZeroTier or Tinc.

Also, I2P is a good choice (better than Tor) if you want an anonymous global-wide mesh VPN.

[bmullan]

@innerop VpnCloud works really well, is fast, supports TUN or TAP and its easy to configure...

https://vpncloud.ddswd.de/features/

[sunnytoes]

Depending on what the OP is trying to accomplish: Althea (routing firmware and mesh privacy architecture) uses wireguard to secure the client to the exit node and a second WG tunnel to secure each hop between routers in a Babel Mesh to create a crypto incentiveised commmunity p2p global scale network. Its interesting!

[sunnytoes]

@innerop VpnCloud works really well, is fast, supports TUN or TAP and its easy to configure...

https://vpncloud.ddswd.de/features/

thanks for the reference! nice project!