Open darkdrgn2k opened 4 years ago
Idea for EXIT NODE + VPN SERVICE model
Route a IP address at the exit node past the exit node. Have every exit node do this.
In this model when connecting to a WireGuard instance
Since BABELD has no knowledge of the SPECIFIC IP address its routing to (its just routing to 0.0.0.0), each exit node can route to its own companion VPN with the same IP address making it transparent for the user.
Things to consider
Discussed this with @darkdrgn2k @ASoTNetworks it sounds like the work involved is:
Then we have to:
Note that traffic to services hosted within TCN is still unencrypted.
We cannot install these on our current exit nodes as they are temporary, and don't have the capacity to encrypt traffic for everyone. This may be possible in the near future at Cisco DC, but it's WIP.
For now, if anyone is concerned about the traffic, just buy VPN from your favourite provider and connect from your endpoint. You'll be basically doing Option 2 without doing the router prototyping and documentational work here.
This initial comment is collaborative and open to modification by all.
Task Summary
🎟️ Re-ticketed from: #
📅 Due date: N/A
🎯 Success criteria: Arrive at model for E2E VPN Criteria
...
To Do