They are using BGP and routing nodes (backbones), recreating a mini IP (layer 3) network I think.
I've used raw wireguard in a p2p fashion to interconnect LANs. I run wireguard on each segment directly inside the network routers.
Just make sure all LANs are using a different subnet. A /24 is standard. Then configure all the peers and you get a fully peer to peer network. No relays. You only need one side of every peer "pair" to be reachable from the internet.
I do have a small management script to help peer discovery (dynamic IPs) and key exchange, but it's not strictly required. With a dozen nodes or so, it's maintainable manually. Wireguard supports roaming natively, as long as one peer can reach the other.
My personal choice for something like this would be Tailscale/Headscale. Runs over Wireguard and handles a ton of niceties like DNS for connected nodes automatically.
This kind of defeats the purpose of TPL. Part of TPL is setting up your own network segment. There's a dashboard that shows who has what working.
Part of the fun of TPL isn't just that your computer can talk to another computer, it's that you have your own setup configured form the ground up so your /24 can talk to other /24s on TPL. I 100% understand some people will not enjoy that and won't find it fun, and that is ok. Some people do enjoy learning new things about setting up infrastructure, and this scratches some of that itch.
I personally ran into the legacy setup issue for running vanilla Wireguard for my setup before Tailscale is a thing and have to manually manage keys, routing and DNS.
But one thing Tailscale has that annoyed me is that they are using 100.64 CGNAT addresses (which is more RFC-compliant) but conflicts with one of my cloud service provider's pre-configured DNS, NTP and software mirrors setup. Using it became more or less messy for this reason.
I mean, this is pretty much the standard of setting up satellite offices for businesses and whatnot. Lots of people are extremely familiar with IPSec, it's not that hard.
CursedSilicon|7 months ago
smashed|7 months ago
They are using BGP and routing nodes (backbones), recreating a mini IP (layer 3) network I think.
I've used raw wireguard in a p2p fashion to interconnect LANs. I run wireguard on each segment directly inside the network routers.
Just make sure all LANs are using a different subnet. A /24 is standard. Then configure all the peers and you get a fully peer to peer network. No relays. You only need one side of every peer "pair" to be reachable from the internet.
I do have a small management script to help peer discovery (dynamic IPs) and key exchange, but it's not strictly required. With a dozen nodes or so, it's maintainable manually. Wireguard supports roaming natively, as long as one peer can reach the other.
Very little overhead. ICMP, TCP and UDP support.
ericdiao|7 months ago
LorenDB|7 months ago
redn0vae|7 months ago
Part of the fun of TPL isn't just that your computer can talk to another computer, it's that you have your own setup configured form the ground up so your /24 can talk to other /24s on TPL. I 100% understand some people will not enjoy that and won't find it fun, and that is ok. Some people do enjoy learning new things about setting up infrastructure, and this scratches some of that itch.
ericdiao|7 months ago
I personally ran into the legacy setup issue for running vanilla Wireguard for my setup before Tailscale is a thing and have to manually manage keys, routing and DNS.
But one thing Tailscale has that annoyed me is that they are using 100.64 CGNAT addresses (which is more RFC-compliant) but conflicts with one of my cloud service provider's pre-configured DNS, NTP and software mirrors setup. Using it became more or less messy for this reason.
frollogaston|7 months ago
bongodongobob|7 months ago