this post was submitted on 24 Jun 2024
102 points (94.0% liked)

Open Source

31063 readers
553 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

"Create P2P tunnels instantly that bypass any network, firewall, NAT restrictions and expose your local network to the internet securely, no Dynamic DNS required."

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 4 months ago (2 children)

I don't understand, it says it's P2P, then it also says expose your local network to the internet securely. How can a P2P service expose anything to the internet without a gateway server somewhere?

Static IP address and Dynamic DNS can expose your network to attackers on the internet. With Holesail, you expose only the port you choose.

That's also how NAT works, you only expose the ports you choose.

[–] [email protected] 2 points 4 months ago

Looks like tail scale for ports.

[–] [email protected] 2 points 4 months ago

This looks like one of those wireguard based solution like tailscale or netbird though I'm not sure they are using it here. They all use a public relay used for NAT penetration as well as client discovery and in some instance, when NAT pen fails, traffic relay. From the usage, this seems to be the case here as well:

Share the local Minecraft server:

$ holesail --live 25565 --connector "holesailMCServer420"

On other computer(s):

$ holesail "holesailMCServer420"

So this would register a "holesailMCServer420" on their relay server. The clients could then join this network just by knowing its name and the relay will help then reach the host of the Minecraft server. I'm just extrapolating from the above commands though. They could be using DHT for client discovery. But I expect they'd need some form of relay for NAT pen at the very least.

As for exposing your local network securely, wireguard based solution allow you to change the routing table of the peers as well as the DNS server used to be able to assign domain name to IPs only reachable from within another local network. In this instance, it works very much like a VPN except that the connection to the VPN gateway is done through a P2P protocol rather than trough a service directly exposed to the internet.

Though in the instance of holesail, I have heavy doubts about "securely" as no authentication seems required to join a network: you just need to know its name. And there is no indication that choosing a fully random name is enough.