This... sounds like something I would be interested in, but I cannot for the life of me understand what this does.<p>Is this decentralized file sharing?
It says it uses an over-lay network? If the topology is just like:<p>peer A <---> overlay (server N ...) <---> Peer B<p>And your design is to try get packets between the peers then this is going to be very slow. They will have to go via the routes on the overlay network which may have multiple virtual hops to reach their destination. This is a massive increase in round trip time. I'm not sure if I understand the solution right though as I took a brief look. But I don't see how this solves port forwarding or NAT issues as the actual instances still need to be publicly reachable.<p>I wrote a library for peer-to-peer networking recently and unlike libraries like Libp2p -- my emphasis was on getting direct connectivity to work between peers. I'm not using an overlay for this. I use a range of techniques [direct cons, reverse con, tcp hole punching, TURN] to make the connections happens. With some minor signalling traffic happening over public MQTT servers.<p>My software is at <a href="https://github.com/robertsdotpm/p2pd">https://github.com/robertsdotpm/p2pd</a> if anyone finds it interesting. Sorry for the shameless self-plug but I figure it is related. We're both free open source projects. I don't provide a tunnelling solution but you could easily build something like ngrok with this software without relying on proxying as the primary solution. Currently the software has no way to easily get another peers 'address' so using this will need to solve that problem. But a simple key-value store would be enough tbh. Going to improve usability when I next have time.
Always happy to see more open source options in this space. I maintain a list of similar tools (including OpenZiti) here:<p><a href="https://github.com/anderspitman/awesome-tunneling">https://github.com/anderspitman/awesome-tunneling</a>
There was a post one day ago, apparently from the creator of Zrok, giving more context on this: <a href="https://news.ycombinator.com/item?id=34693988" rel="nofollow">https://news.ycombinator.com/item?id=34693988</a><p>> <i>In the discussions about v0.2, the (now obvious) idea came up to implement something that we're calling "private sharing". It works a lot like the traditional on-demand reverse proxy, except instead of exposing the private endpoint through a public HTTP listener, it binds the shared resource onto an OpenZiti network, where it can be accessed securely by another zrok client. This "other" zrok client exposes an HTTP listener wherever the user wants... but it's usually put on the loopback interface of that user's system. This allows the user to securely access the shared resource on their system as if it's local, even though it's somewhere else on a zero-trust network.</i><p>> <i>As we've started working through the development of v0.3, we've realized that we can incorporate other useful capabilities, like streamlined file sharing (elegant WebDAV integration is coming).</i><p>From a quick look, it seems that the self-hostable part (<a href="https://github.com/openziti/zrok/blob/main/docs/guides/v0.3_self_hosting_guide.md">https://github.com/openziti/zrok/blob/main/docs/guides/v0.3_...</a>) is written in Go, and there are SDKs for connecting to it from a variety of languages.<p>Oracle has an article on the underlying network layer which is called OpenZiti, which defines ZeroTrust:<p>> <i>Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned). Authentication and authorization (both subject and device) are discrete functions performed before a session to an enterprise resource is established.</i><p>All of this sounds very interesting to me, but I have no experience with these kinds of network stacks.
Has anyone here evaluated it?<p>Would this be useful for adding document sharing to applications I write, for instance, a hypothetical word processor? I mean sharing with other people working on a document. The SDKs seem to be clients, so to interchange files between two applications with an embedded SDK, does it still need a third machine running an API server?
Seems interesting, but I think it needs some use case examples to show how it differentiates from a tunnel, VPN etc.
As an example, would it be the right tool to access IoT data from small sensors (and actuators, therefore two ways) in a private LAN from external machines, including mobile, on untrusted public networks?
Or what if I wanted on all my laptops a shared directory that replicated on all machines what is being written on one, no matter which networks they're connected to, NAT etc.
etc...
The file sharing part of this project made me think of RetroShare (<a href="https://retroshare.cc/" rel="nofollow">https://retroshare.cc/</a>). Too bad this project never really had traction. It was really file sharing + social network in a truly decentralized fashion.
Very interesting product! How does this compare to something like Nebula? Have you done benchmarks against other solutions? If i remember correctly, Nebula implements its own protocol and underperforms compared to Wireguard. Is this the same case?<p>Looking forward to trying it out!
What does "zero trust" mean in this context? I assume the network isn't trusted, but is anything else trusted? How are peers authenticated and/or authorized to access a zrok end-point?
How is this establish a route to an IP that cannot be routed directly to?<p>Sounds like there’s a central server to coordinate and transmit piped data.<p>If so, does the central server have to transmit all data?
I hope a GUI will emerge from this, enabling the comfortable, the less knowledgeable and the less technical to avoid fiddling with terminal commands and all that.