TildeNet is a virtual network connecting different tilde servers. This allows for services to run in a tildeverse-wide intranet. We give away addresses in the reserved blocks (10.0.0.0/24 space) for tilde server operators. Join us on the #tildenet
channel on irc.tilde.chat
.
Please don't abuse our network <3
TildeNet intends to connect all servers of the tildeverse federation. At the moment, ~Net connects the following servers:
TildeNet is very similar to ChaosVPN, the virtual network that connects hackerspaces. Contrary to ChaosVPN, TildeNet is based on wireguard tunnels, not tinc.
This project was started after TildeVPN (~VPN) which uses wireguard. That's why ~net is based on Wireguard, but that could change eventually, depending on how this experiment works out in practice.
Each server establishes a tunnel to every other server in the network. End users wishing to access TildeNet should use their tilde server as an entry point, either via SSH or VPN.
either:
- setup SSH SOCKS5 proxy (TL;DR ssh -D 9350 your@tilde
then configure your programs to use localhost:9350 as SOCKS proxy)
- connect with OpenVPN/Wireguard via ~VPN node (soon)
To setup ~net on your tilde server, you need to open a wireguard tunnel to every other server within the network, and they must also open a tunnel to you.
Join #tildenet
at irc.tilde.chat
. All node operators are on this channel, so you can ask them to add your Wireguard server to TildeNet as peer.
Also there is a list of peers.
This section describes ideas for future work. None of it is implemented yet.
It would be possible to use special DNS resolvers for TildeNet. Specific domains claimed by ~net nodes would resolve to a ~net address.
approaches: 1. work with .tilde people so .tilde domain would resolve to ~net addresses - develop a special resolver that would query a special ~net delegation TXT record that points to an authoritative resolver reachable within ~net 2. sync with .tilde, but use TXT records (with record type + data) which get written as proper records on ~net dns - or only sync records matching the allocated subnets? (grep? ;)
TODO: The TXT record should contain a unique ID for the LAN context (i.e. "tildenet") so other communities can reimplement the same process with a different ID and there would not be confusion on a DNS level in regards to what services we can resolve locally or not.
.tilde
domains currently resolve to public IP addresses. Anyone using a tilde resolver can resolver .tilde
domains to an internet-facing server. This alternative DNS root is a nice proof-by-example that DNS does not have to be centralized in a few people's hands, but brings little value to end-users while requiring manual configuration.
Maybe .tilde domains should resolve to ~net addresses, and ~net members should resolve .tilde domains. This way, the burden of configuration lies on the server in most cases.
What we're trying to do, somehow, is to setup alternative authorities for existing domains. For example, thunix.net should be able to resolve to public Internet addresses or to ~net addresses depending on the context.
We can introduce a new TXT record for a domain to delegate its ~net resolution to a different authoritative server
For example current .tilde
DNS users can make a subdomain for it and point it to ~Net address. (Needs collabration with .tilde
operators and node operators)
Implementing ~Net with ~VPN and making a decentralized VPN network.