Looks interesting - I imagine there’s lot of uses for this. I currently use ngrok to tunnel from 443 to a local server, which is good way to test fediverse apps, but I wouldn’t be able to use bore for that (because it only assigns random public ports above 1024, and doesn’t deal with the SSL end of things)
See https://github.com/anderspitman/awesome-tunneling for a list of many similar things. A few of them automatically setup letsencrypt certs for unique subdomains so you can have end-to-end HTTPS.
If you are good with all of this stuff, can you tell me if usijg bore relays traffic or creates some kind of direct (P2P?) connection between devices?
I have a device without public IP, AFAIK behind NAT, and a server. If I use bore to open a port through my server and host a game, and my friends connect to me via IP, will we have big ping (as in, do packets travel to the server first, then to me) or low ping (as in, do packets travel straight to me)?
In other words, is bore good to play with friends when games use a method if connection via IP when you have a server with public IP, but host a game on your local device without public IP?
We are currently using yggdrasil for this and connect via «local» IPv6.
I have a device without public IP, AFAIK behind NAT, and a server. If I use bore to open a port through my server and host a game, and my friends connect to me via IP, will we have big ping (as in, do packets travel to the server first, then to me) or low ping (as in, do packets travel straight to me)?
No, you will have “big ping”. bore (and everything on that page i linked) is strictly for tunneling which means all packets are going through the tunnel server.
Instead of tunneling, you can try various forms of hole punching for NAT traversal which, depending on the NAT implementation, will work sometimes to have a direct connection between users. You can use something like tailscale (and if you want to run your own server, headscale) which will try its best to punch a hole for a p2p connection and will only fall back to relaying through a server if absolutely necessary.
I do have wireguard on my server as well, I guess it’s similar to what tailscale does?
Too bad my friends from Russia can’t connect to me, it might be because we are doing something wrong, but most likely wiregueard is somehow (DPI?) blocked in Russia.
I can connect to my own wireguard, it routes all my traffic and I can access any blocked sites, as well as access other people via «local» IPs over wireguard. I think this uses NAT traversal and we exchange data directly over wireguard. But somehow some friens are not able to use that.
Do you know if Yggdrasil does something similar and if we exchange data directly when playing over Yggdrasil virtual IPv6 network?
I do have wireguard on my server as well, I guess it’s similar to what tailscale does?
Tailscale uses wireguard but adds a coordination server to manage peers and facilitate NAT traversal (directly when possible, and via a intermediary server when it isn’t).
If your NAT gateway isn’t rewriting source port numbers it is sometimes possible to make wireguard punch through NAT on its own if both peers configure endpoints for eachother and turn on keepalives.
Do you know if Yggdrasil does something similar and if we exchange data directly when playing over Yggdrasil virtual IPv6 network?
From this FAQ it sounds like yggdrasil does not attempt to do any kind of NAT traversal so two hosts can only be peers if at least one of them has an open port. I don’t know much about yggdrasil but from this FAQ answer it sounds like it runs over TCP (so using TCP applications means two layers of TCP) which is not going to be conducive to a good gaming experience.
Oh, I have found pwnat before, but it’s not available for windows, also most people say that it doesn’t work anymore because most routers patched the behavior that made it work IIRC.
What’s the easy way to know if two peers are directly connected without measuring ping time and guessing?
Looks interesting - I imagine there’s lot of uses for this. I currently use ngrok to tunnel from 443 to a local server, which is good way to test fediverse apps, but I wouldn’t be able to use bore for that (because it only assigns random public ports above 1024, and doesn’t deal with the SSL end of things)
See https://github.com/anderspitman/awesome-tunneling for a list of many similar things. A few of them automatically setup letsencrypt certs for unique subdomains so you can have end-to-end HTTPS.
If you are good with all of this stuff, can you tell me if usijg bore relays traffic or creates some kind of direct (P2P?) connection between devices?
I have a device without public IP, AFAIK behind NAT, and a server. If I use bore to open a port through my server and host a game, and my friends connect to me via IP, will we have big ping (as in, do packets travel to the server first, then to me) or low ping (as in, do packets travel straight to me)?
In other words, is bore good to play with friends when games use a method if connection via IP when you have a server with public IP, but host a game on your local device without public IP?
We are currently using yggdrasil for this and connect via «local» IPv6.
No, you will have “big ping”. bore (and everything on that page i linked) is strictly for tunneling which means all packets are going through the tunnel server.
Instead of tunneling, you can try various forms of hole punching for NAT traversal which, depending on the NAT implementation, will work sometimes to have a direct connection between users. You can use something like tailscale (and if you want to run your own server, headscale) which will try its best to punch a hole for a p2p connection and will only fall back to relaying through a server if absolutely necessary.
Thanks.
I do have wireguard on my server as well, I guess it’s similar to what tailscale does?
Too bad my friends from Russia can’t connect to me, it might be because we are doing something wrong, but most likely wiregueard is somehow (DPI?) blocked in Russia.
I can connect to my own wireguard, it routes all my traffic and I can access any blocked sites, as well as access other people via «local» IPs over wireguard. I think this uses NAT traversal and we exchange data directly over wireguard. But somehow some friens are not able to use that.
Do you know if Yggdrasil does something similar and if we exchange data directly when playing over Yggdrasil virtual IPv6 network?
Tailscale uses wireguard but adds a coordination server to manage peers and facilitate NAT traversal (directly when possible, and via a intermediary server when it isn’t).
If your NAT gateway isn’t rewriting source port numbers it is sometimes possible to make wireguard punch through NAT on its own if both peers configure endpoints for eachother and turn on keepalives.
From this FAQ it sounds like yggdrasil does not attempt to do any kind of NAT traversal so two hosts can only be peers if at least one of them has an open port. I don’t know much about yggdrasil but from this FAQ answer it sounds like it runs over TCP (so using TCP applications means two layers of TCP) which is not going to be conducive to a good gaming experience.
Samy Kamkar’s amazing pwnat tool might be of interest to you.
Oh, I have found pwnat before, but it’s not available for windows, also most people say that it doesn’t work anymore because most routers patched the behavior that made it work IIRC.
What’s the easy way to know if two peers are directly connected without measuring ping time and guessing?
You can use Wireshark to see the packets and their IP addresses.
https://www.wireshark.org/download.html
https://www.wireshark.org/docs/
A word of warning though: finding out about all the network traffic that modern software sends can be deleterious to mental health 😬