You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is extremely long term (read: years). In addition to #11 we could evaluate implementing a simple VPN protocol similar to fastd.
In addition to external VPNs (openvpn, wireguard, tinc, cjdns, ...), we could allow the user to use a snail internal VPN that is specifically designed to subvert firewalls. This requires a server that runs snaild vpn. For example, it would try to establish a tunnel using one of the following techniques, and fall over to the next one if it fails:
udp on a snaild specific port
tcp on a snaild specific port
web sockets over https on port 443
(send a wpad request)
web sockets over https on port 443, using the proxy from wpad
https on port 443
https on port 443, using the proxy from wpad
ssh on port 22
http on port 80
http on port 80, using the proxy from wpad
dns lookups on port 53, directly to the snaild server
dns lookups to google/cloudflare
dns lookups to the network recursor
We should also have a pluggable transports interface so pluggable transports can be used as well.
snaild would automatically configure the MTU based on the data obtained from dhcp or lower if required by the transport. All data is going to be encrypted, this is especially interesting since iodine doesn't do encryption on it's own. All transports that are not packet based would need a framing format.
Static leases that map public keys to fixed clients should also be considered.
For the server side, there should be a docker container for this that just works™.
The text was updated successfully, but these errors were encountered:
This is extremely long term (read: years). In addition to #11 we could evaluate implementing a simple VPN protocol similar to fastd.
In addition to external VPNs (openvpn, wireguard, tinc, cjdns, ...), we could allow the user to use a snail internal VPN that is specifically designed to subvert firewalls. This requires a server that runs snaild vpn. For example, it would try to establish a tunnel using one of the following techniques, and fall over to the next one if it fails:
We should also have a pluggable transports interface so pluggable transports can be used as well.
snaild would automatically configure the MTU based on the data obtained from dhcp or lower if required by the transport. All data is going to be encrypted, this is especially interesting since iodine doesn't do encryption on it's own. All transports that are not packet based would need a framing format.
Static leases that map public keys to fixed clients should also be considered.
For the server side, there should be a docker container for this that just works™.
The text was updated successfully, but these errors were encountered: