Anywherelan (styled AWL) is a direct peer-to peer-to-peer LAN solution for self-hosting and accessing services remotely without a server infrastructure.

Tailscale connections require an account identity (or OAuth authentication through services run by Google, Microsoft, etc.) I currently use it because it’s codebase is open, and there are self-hosted forks (that I have considered as a future fallback), and it is dead easy to set up and use. It “just works.”

However, this just popped up on my radar and I’d never seen it before or even heard of this technology. I couldn’t find any posts about it, but if it works as promised, this would be a huge improvement in terms of my overall infrastructure. It seems like a somewhat young project with very active development, but the first release goes all the way back to 2022.

Has anyone here tried it? Is it any good?

    • gedaliyah@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      9 hours ago

      😂🤣 Brighten my whole day.

      If I had a nickel for every time that song came up on Lemmy this week, I’d have two nickels, which is not a lot, but it’s weird that it happened twice.

  • exu@feditown.com
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    15 hours ago

    I’ve never heard of this, but looks pretty cool. I use Yggdrasil in my homelab and on the surface this looks pretty similar in that both are decentralized mesh VPNs. The goals are somewhat different though and I think that shows in some choices the projects made.

    Just reading through the docs of AWL it looks pretty good. They use libp2p for transport encryption and NAT traversal. libp2p itself is a spinoff from the IPFS project and pretty widely used. Compared to that Yggdrasil does not have any NAT traversal built in, instead every node is capable of relaying traffic and it will find the best route through the network.

    The bootstrapping in AWL relies on community nodes, though you can host your own. Yggdrasil similarly has public peers if you want to participate in the official network, but you can just not configure those and use one or two of your own publicly reachable servers to build a separate network. That’s how I have mine configured, with a VPS and another public server being the primary relay nodes.

    In AWL you must explicitly allow other peers to connect to you. That’s pretty good, otherwise you could just reach any other server on the network. Yggdrasil has similar functionality in that you can specify which public keys can connect to the server, but defaults to allow any member so potentially less secure than AWL.
    Edit: Yggdrasil allows you to set a password to connect to your nodes

    I’d be curious to know which ip ranges AWL uses for its address scheme. I could only find reference to 10.66.0.2 for the public test server. Yggdrasil used ipv6 addresses in the 0200::/7 range, that’s technically reserved by IETF but has been deprecated since 2004. With this you’re certain to not have conflicts, the usual ipv6 local range is fc00::/7

    For other interesting projects also Nebula. It is completely self hosted but not decentralized. You need one or more special nodes called “lighthouses” which are used for the initial handshake between nodes. This has some advantages like ACLs for different nodes.

    Another fully decentralized project I’ve looked at but never tried is EasyTier. I think last time I checked it did not have any ipv6 support

    • Andres@social.ridetrans.it
      link
      fedilink
      arrow-up
      3
      ·
      16 hours ago

      @exu @gedaliyah fyi, yggdrasil supports a shared password. So while by default yggdrasil nodes on the same network will automatically find each other (via multicast) and form a single yggdrasil network, you can ensure only certain nodes connect to each other by setting the same password on each of them.

      • exu@feditown.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        15 hours ago

        Yes, but AFAIK that’s only for local multicast discovery. If you have a server listening for connections somewhere, those aren’t password protected and anyone can connect to them unless you restrict the accepted keys.

  • Reannlegge@lemmy.ca
    link
    fedilink
    English
    arrow-up
    7
    ·
    19 hours ago

    I use wireguard for all that, it is self hosted and I do not have to have accounts elsewhere, once I have my OpenWRT up and running and my static IPs running to it I will move wireguard there. I have QR codes setup so that I can give people a taste of pihole for a short period of time when I am away from my LAN, of course when they are on my guest wifi they get pihole the whole time.

    Just a side note for any 2FA I use vaultwarden.

  • ShredderFeeder@shredderfood.net
    link
    fedilink
    English
    arrow-up
    6
    ·
    21 hours ago

    I just use OpenVPN on Ubiquiti to get in front the outside myself, and “public” sites (like this one) come in through a cloudflare tunnel to a walled-off DMZ lan…

    Reading about it, seems a bit like reinventing the wheel.