TE
TechEcho
Home24h TopNewestBestAskShowJobs
GitHubTwitter
Home

TechEcho

A tech news platform built with Next.js, providing global tech news and discussions.

GitHubTwitter

Home

HomeNewestBestAskShowJobs

Resources

HackerNews APIOriginal HackerNewsNext.js

© 2025 TechEcho. All rights reserved.

Show HN: Weron – A Peer-to-Peer VPN Based on WebRTC Written in Go

204 pointsby pojntfxabout 3 years ago
Hey HN! I just released weron, a P2P VPN that uses WebRTC for transport which I&#x27;ve been working on for the last couple of months. It can create both layer 2&#x2F;Ethernet and layer 3&#x2F;IP overlay networks, and the underlying transport layer can be easily embedded to write your own P2P apps with Go. Compared to for example Tailscale, WireGuard and ZeroTier, its much harder to block on a network level and also significantly easier to set up, while not sacrifing much performance.<p>I&#x27;d love to get your feedback :)

15 comments

saurikabout 3 years ago
Is what makes this a &quot;P2P&quot; VPN--as opposed to merely VPN software that you might choose to use between peers (such as Wireguard)--that it supports the group&#x2F;&quot;community&quot; network behavior? When you do that, are you building a fully-connected overlay network--where everyone has a separate WebRTC link to each of the other participants--or are you building some kind of organized P2P network topology out of the participants?<p>(Note: I work on Orchid, a decentralized market for bandwidth built on Ethereum and WebRTC, which has a multi-hop-capable VPN client for various platforms available.)
评论 #31298432 未加载
评论 #31298491 未加载
linsomniacabout 3 years ago
This looks pretty slick, and the WebRTC seems like it might offer some choices of traversal that would work where others don&#x27;t. The inbuilt tools for &quot;chat&quot; (seems a useful test), throughput and latency also seem nice. I&#x27;ve been running into some weirdnesses at times with Nebula and Zero Tier where it&#x27;s unclear where my latency or throughput limits are coming from.<p>I&#x27;m looking forward to doing a lot more with overlay networks in the short term, I&#x27;ve been playing with a variety of them over the last 18 months or so and just need to pick something and start deploying it.
评论 #31299072 未加载
tptacekabout 3 years ago
Why wouldn&#x27;t you just tunnel WireGuard over WebRTC? There&#x27;s already a very, very good implementation of WireGuard --- one of the two major production implementations --- in Go. We tunnel it over WebSockets, and it took like an hour to write that code.
评论 #31299006 未加载
评论 #31298796 未加载
评论 #31303066 未加载
评论 #31299039 未加载
评论 #31300714 未加载
1vuio0pswjnm7about 3 years ago
No one is raising the question of how to handle community name&#x2F;key management for persistent communities. With n2n, which long predates Zerotier, Wireguard and Tailscale, one of the authors thought there needed to be automatic key rotation and also communication between &quot;signal&quot; servers. Original n2n allowed tunneling over HTTP as a fallback. It should be noted that n2n was never meant to be used for large communities, say, over 100 peers. Sure enough, the author of weron is issuing that same warning here.<p>Many years ago I had each peer run their own smtpd listening on the n2n TAP interface. It was peer-to-peer, encrypted email. This can be done for many other protocols, too. With Layer 2 overlay, there are no middlemen. Direct connectivity to friends and family with no need for Google&#x2F;Facebook.<p>Layer 2 overlay networks with n2n can be significantly faster if automatic encryption is turned off. In that case, the user can encrypt and sign sensitive files with a separate program before sending them through the TAP interface. It works quite well.
评论 #31302981 未加载
IceWreckabout 3 years ago
Hey, I have been using Wireguard and Nebula to connect to my home network for a while now, but theyre blocked by my uni. I bypass the blocking using shadowsocks but its still a hassle.<p>I&#x27;ll test out Weron and hopefully I dont need to tunnel it through shadowsocks.
评论 #31301745 未加载
评论 #31303005 未加载
Sean-Derabout 3 years ago
This is so cool! I love the embedded aspect of it, that was a big goal of Pion. Really exciting for users to not have to setup&#x2F;configure a service to get connectivity going.<p>re: concerns about STUN I would love to experiment with adding NAT-PMP&#x2F;PCP support to pion&#x2F;ice. STUN server usage seems to be a major sticking point for people. Talked about it a bit here [0]. I am all for doing it, just would like to know the code is actually wanted before writing it :)<p>[0] <a href="https:&#x2F;&#x2F;mobile.twitter.com&#x2F;_pion&#x2F;status&#x2F;1522365018855165952" rel="nofollow">https:&#x2F;&#x2F;mobile.twitter.com&#x2F;_pion&#x2F;status&#x2F;1522365018855165952</a>
评论 #31299049 未加载
PLG88about 3 years ago
Wow, some awesome work here. I would be interested to know your thoughts on OpenZiti (<a href="https:&#x2F;&#x2F;openziti.github.io&#x2F;" rel="nofollow">https:&#x2F;&#x2F;openziti.github.io&#x2F;</a>). Its an open source project that allows you to embed private connectivity into your app using one of the many SDKs together with strong identity allowing outbound only connections. It is a mesh overlay similar to TURN but uses a concept of smart routing to normally reduce latency through circumvention of BGP. Various superpowers can be seen here - <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;playlist?list=PLMUj_5fklasKF1oisSSuLwSzLVxuL9JbC" rel="nofollow">https:&#x2F;&#x2F;www.youtube.com&#x2F;playlist?list=PLMUj_5fklasKF1oisSSuL...</a>
a-dubabout 3 years ago
very cool! was recently musing about how the next frontier in vpns is steganography, and here we are.<p>are the webrtc streams running at a constant bitrate or can the streams be detected by doing traffic timing analysis?<p>(i once looked at adding constant bitrate support to wireguard but ultimately abandoned it as it was looking to be excessively complicated)
评论 #31299286 未加载
评论 #31299559 未加载
评论 #31300815 未加载
1vuio0pswjnm7about 3 years ago
Here is some initial feedback: Nice selection of static binaries!<p>However the choice to hardcode Google as a default STUN server is off-putting. IMHO, 2008&#x27;s n2n would never set a third party server as a default. <a href="https:&#x2F;&#x2F;luca.ntop.org&#x2F;n2n.pdf" rel="nofollow">https:&#x2F;&#x2F;luca.ntop.org&#x2F;n2n.pdf</a>
评论 #31298452 未加载
评论 #31300826 未加载
评论 #31300871 未加载
评论 #31303190 未加载
13415about 3 years ago
Can this be used as a library like libp2p, or does it require me to run binaries?
评论 #31299012 未加载
depingusabout 3 years ago
This looks nice. Do you have Android&#x2F;iOS mobile apps on the roadmap?
评论 #31299510 未加载
bragininiabout 3 years ago
Well done!<p>Disclaimer: I&#x27;m author of netbirdio - a similar project.<p>Using WebRTC makes it possible to have a tunnel from the browser directly. Combined with a virtual terminal it just makes it even cooler!<p>@pojntfx what do you think about that? Feasible with your implementation?<p>I&#x27;ve been playing with such functionality in Netbird but since it depends on Wireguard it is a bit tricky :)<p>Would love to have your feedback as well on our project<p><a href="https:&#x2F;&#x2F;github.com&#x2F;netbirdio&#x2F;netbird" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;netbirdio&#x2F;netbird</a>
Siiraabout 3 years ago
Having a docker image that sets up a VPN server with ideally zero config, plus short instructions for setting up the clients in popular OSes would go a long way to help adoption.
评论 #31300002 未加载
mib32about 3 years ago
I somehow can&#x27;t understand how to use it :) Sorry! But nice work.
评论 #31303019 未加载
ianlevesqueabout 3 years ago
&gt; Compared to for example Tailscale, WireGuard and ZeroTier, its much harder to block on a network level<p>Tailscale at least bundles in an HTTPS fallback for those situations. I’m not sure that claim holds up.
评论 #31299032 未加载