this post was submitted on 24 Jun 2024

102 points (94.0% liked)

Open Source

38918 readers

534 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]

102

Interesting OSS project: Holesail creates instant P2P tunnels between networks (like a VPN) (holesail.io)

submitted 1 year ago by [email protected] to c/[email protected]

37 comments fedilink hide all child comments

"Create P2P tunnels instantly that bypass any network, firewall, NAT restrictions and expose your local network to the internet securely, no Dynamic DNS required."

all 39 comments

sorted by: hot top controversial new old

[–] [email protected] 94 points 1 year ago (1 children)

Join our Discord Support Server

Right into the trash.

[+] [email protected] -40 points 1 year ago* (last edited 1 year ago) (3 children)

Discord is still a legitimate form of contact and support for a lot of people. Out of interest, where do you see that line? I can only see Discord mentioned alongside e-mail and some other (even less tasteful than Discord) contact methods for support.

To all those downvoting I'm not saying that Holesail is using Discord correctly, just saying that just having Discord (or any other chat platform) as an option shouldn't be an instant red flag and it depends on how the project actually utilises it.

[–] [email protected] 43 points 1 year ago (2 children)

Very first line of the GitHub readme. As a support tool it's mostly useless, endless similar or identical questions answered differently or not at all and none of it indexed by search engines for use on the web.

It's an awful data silo / black hole that increases volunteer load.

[–] [email protected] 14 points 1 year ago (1 children)

I've tried to use it to ask for help on a couple of other open source projects and I thought that I was using it in the wrong way, that I was missing something. So...I was not! I don't understand how people could use it for support. Guys talking over each other, questions mixed and lost between other people's chats, terrible!

[–] [email protected] 5 points 1 year ago

Every time I've joined a large group chat, I've always wished there were hundreds more people talking over the top of each other to make the whole communication thing more efficient!

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

We use Discord rather extensively but we don't have this problem. I don't think the issue is Discord itself (or for that matter any chat, be it IRC or Matrix) but the way it is used. I think it unfair to just blacklist a project just because it uses it.

We use Discord for team chat and conversations, the instant nature of a chat app suits this purpose far more than an async platform like a forum for us. This is either commonly known or transient info, not something we are interested in preserving. Long form conversations (like the status of our OS packaging) that require input over a long period goes into a forum topic.

We also use it for support for short form questions and help - anything more than a quick answer or "active" help then we recommend filling in an issue form or using the forum.

If a question comes up more than a few times then we make sure that it is documented - either in an FAQ or in the main documentation as it is clear that information isn't readily available or easy to find.

I'm not necessarily defending their use of Discord as I don't know exactly what they are doing but it does seem they don't have any alternative community areas. In contrast, yes we have a Discord but we also have a Lemmy community, a Subreddit (I'm honestly against keeping that one going but we would rather not shut out users from support), Mastodon and forum.

So no, it doesn't increase volunteer load in all cases, it is a valuable tool for us. Not that I'm wedded to Discord in particular (I'd honestly prefer to migrate it all to Matrix) but the idea of a chat platform for projects is not a bad thing by itself, it is how the project uses it.

[–] Apollo2323 29 points 1 year ago (3 children)

The problem is not that Discord is used as a contact method the problem is that Discord chats are not indexable so if someone has a problem and gets solved its gets lost on the chat logs and its not like a forum.

[–] [email protected] 10 points 1 year ago

There's a lot more problems than that lol

[–] [email protected] 2 points 1 year ago

I know some subreddits where people ask the same questions over and over, all day every day. They don't read the rules/sidebar, they don't read the stickied posts, they don't read the automod response and they don't search before posting. if you mention any of those they immediately turn defensive and abusive usually. it's incredibly frustrating.

[–] [email protected] 2 points 1 year ago (1 children)

I think that is more of a comment on incorrect use of such a platform and it would be the same whether it was IRC or Matrix. I've put a more detailed response to another comment if you were interested - https://lemmy.ml/comment/11850496

[–] [email protected] 8 points 1 year ago (1 children)

Discord requires an account to even view a server, and the layout for forum support style questions is not there.

[–] [email protected] -1 points 1 year ago (2 children)

The same could be said of Matrix though, I don't think you can see a Matrix chat without an account either. Discord does have a forum layout... ish. It is pretty bad though and not something we use as a forum. It is used but really only as a way to separate topics in what would be a busy single chat area - more akin to something like Zulip. Even IRC channels tend to need you to connect with a nickname but unlike the others you can't see chat history without a bouncer set up and at that point you have basically made an account in all but name.

[–] [email protected] 5 points 1 year ago (1 children)

Why are you even mentioning matrix? We don't want a chat server corpo or not, we want a real functional forum with topics and history and indexed by search engines, not a single chat log that disappears into the void after 24 hours of use.

[–] [email protected] 0 points 1 year ago

I feel you haven't been reading what I've been saying if you are claiming a "single chat log". The whole point of what I'm saying is that there are various forms of communication that can be used in a project and the one I'm part of literally couldn't function with an async-only forum type setup. Chat is for temporary, transient communication. Forums (and by extension Lemmy/Reddit) are for longer form async discussions with defined topics. Both are valid as has been the case all the way back into the days of having both a mailing list and IRC channel for a project.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Yeah matrix is even worse than discord for usability and finding things.

Just use a normal publicly readable and indexed forum like has been common for the last 30+ years, I don't understand the obsession with chat clients for this purpose.

[–] [email protected] 0 points 1 year ago (1 children)

You know IRC has been used alongside mailing list for open source software communities and projects for literally decades right?

[–] [email protected] 3 points 1 year ago (1 children)

But not in place of, no one is trying to say no chat clients ever, we just don't want only chat clients.

[–] [email protected] 2 points 1 year ago

But... that is exactly what I've been saying since the start... If used correctly there is no need to instantly reject a project just because it uses Discord, or any other chat, as one of its options.

[–] [email protected] 2 points 1 year ago

Welcome to Lemmy, a social media platform inhabited by Richard Stallman Redditor contrarians.

[–] [email protected] 30 points 1 year ago* (last edited 1 year ago) (3 children)

Static IP address and Dynamic DNS can expose your network to attackers on the internet. With Holesail, you expose only the port you choose.

Er, wut? If you're exposing a port, then your public IP is being used, as a port is a subset of an IP interface. So even Holesail uses the public IP in some way...thats how the internet works. Unless they're only making outbound connections, which isn't a new idea at all - Hamachi was doing it 20 years ago.

This sounds like FUD to me - of course your public IP is used, whether static or dynamic. How do they supposedly mitigate this risk?

There's nothing on the home page saying how it works, or how it's different than current solutions.

I'm intrigued to see a new tool in this space, but this one is starting off leaving a bad taste. Even Tailscale admits they use Wireguard, and even have a comparison between Wireguard and Tailscale that's pretty honest (though they focus on what Tailscale adds).

Being open and transparent is a minimum today - anything less and it's not worth the time for a second look.

[+] [email protected] 7 points 1 year ago* (last edited 5 months ago) (1 children)

[deleted]

[–] [email protected] 5 points 1 year ago (1 children)

This VPN protocol usually uses a private key (client) / public key (server) combo that is used to connect through a public IP address (the 2 nodes can’t communicate it without) using the specified TCP or UDP (more often lately) and port to create the VPN tunnel that’s gets established during the handshakes.

There is a whole lot more going on with the process but that’s a high level view. But I have a WireGuard VPN service running on a raspberry pi that I put in a DMZ on my perimeter firewall.

But a port scanner would be able to see that port is open. Make sure you keep your software up to date. Hopefully the software devs of the VPN application is keeping their stuff up to date to avoid any vulnerabilities getting exposed in the code and a backdoor getting created because of it. As long as that doesn’t become an issue, no one will be able to get through without the private key. And those are usually uncrackable in a lifetime with the complexity and length of the key.

[–] [email protected] 2 points 1 year ago

Open UDP ports are pretty secure and rarely found by scanners. The basic issue with scanning for UDP is, that most services don't respond to random garbage you try to probe then with. Without getting a response back, the scanner has no way of knowing if there is something running on that port or not.
Wireguard in particular only responds if the correct key is given.
Also make sure your firewall DROPs (usually the default, but do check) disallowed connections instead of REJECT. This way any UDP probing, whether it's to an open port or closed one just times out with no way for the scanner to distinguish them.

[–] [email protected] 4 points 1 year ago

I know ngrok is something different, but do you know if it uses a technology similar to Hamachi too? I'm asking because I discovered that ngrok works even without a public IP (when you use a mobile connection for example).

[–] [email protected] 1 points 1 year ago

Because you’re only ‘exposing’ the port on the peer to peer network.

You “publish” a port to holesail, then clients have to create a local proxy via holesail before they can access it.

I agree, It’s a dumb pointless claim. But I don’t think it’s misleading.

It looks like holesail is just tailscale, but on a much smaller scale. It’s not networks, it’s just ports.

[–] [email protected] 13 points 1 year ago (2 children)

I don't understand, it says it's P2P, then it also says expose your local network to the internet securely. How can a P2P service expose anything to the internet without a gateway server somewhere?

Static IP address and Dynamic DNS can expose your network to attackers on the internet. With Holesail, you expose only the port you choose.

That's also how NAT works, you only expose the ports you choose.

[–] [email protected] 2 points 1 year ago

This looks like one of those wireguard based solution like tailscale or netbird though I'm not sure they are using it here. They all use a public relay used for NAT penetration as well as client discovery and in some instance, when NAT pen fails, traffic relay. From the usage, this seems to be the case here as well:

Share the local Minecraft server:

$ holesail --live 25565 --connector "holesailMCServer420"

On other computer(s):

$ holesail "holesailMCServer420"

So this would register a "holesailMCServer420" on their relay server. The clients could then join this network just by knowing its name and the relay will help then reach the host of the Minecraft server. I'm just extrapolating from the above commands though. They could be using DHT for client discovery. But I expect they'd need some form of relay for NAT pen at the very least.

As for exposing your local network securely, wireguard based solution allow you to change the routing table of the peers as well as the DNS server used to be able to assign domain name to IPs only reachable from within another local network. In this instance, it works very much like a VPN except that the connection to the VPN gateway is done through a P2P protocol rather than trough a service directly exposed to the internet.

Though in the instance of holesail, I have heavy doubts about "securely" as no authentication seems required to join a network: you just need to know its name. And there is no indication that choosing a fully random name is enough.

[–] [email protected] 2 points 1 year ago

Looks like tail scale for ports.

[–] [email protected] 8 points 1 year ago (1 children)

Trying to figure this out

Hyperswam dht is used as the hole punch intermediary... Which is running on the hole punch swarm...https://github.com/hyperswarm

I can't find a good overview document of how the entire architecture works, there's no Wikipedia page on this system.

At its core, if it's open source, I want to know what I need to run this independently on my own networks without touching any of their stuff.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)

There's more information about the components of this system here:

https://docs.pears.com

There really isn't much to this Holesail project - it's a little convenience wrapper around Hyper DHT and that's a part of this Pear project it seems. That site has a list of the various components and links to each one's GitHub.

Pear looks like an interesting project but I haven't looked through the details of how it works.

[–] [email protected] 4 points 1 year ago

Setting up a custom reverse proxy is time-consuming and requires advanced knowledge of nginx/apache2.

ezpz with Caddy. tailscale + caddy can get this done pretty easily.

Also, not hating on nodejs, but this project screams like it shouldn't be in nodejs. Maybe if there was a webui included that would make sense. Otherwise I'd expect C or Go.

[–] [email protected] 4 points 1 year ago (2 children)

@makeasnek So, another Hamachi?

[–] [email protected] 1 points 1 year ago

That brings back memories... trying to play co-op games back in the day wasn't so easy as it is now...

[–] Andromxda 2 points 1 year ago

Is this similar to NetBird and Tailscale?