Innernet: open source Rust based Tailscale alternative

This is awesome, thanks for sharing!<p>I really like the simple client&#x2F;server architecture, that it&#x27;s easily self-hostable and there are no servers outside of my control.<p>The invite system reminds me of the way Tinc[1] handles it, which is great. It&#x27;s so good to see user friendly tooling on top of WireGuard.<p>[1]: <a href="https:&#x2F;&#x2F;tinc-vpn.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;tinc-vpn.org&#x2F;</a>

I have been using Tailscale personally on all my machines and it&#x27;s really cool.. Thanks for creating an OSS version of it !<p>Request to HN floks : I can setup a basic home network, but I want to really learn networking ( Setting up subnets , understanding CIDR, etc ).. Where should I start ?

This look great, thanks for the post and open-sourcing the project.<p>I played around with Wireguard directly and having better ergonomics without vendor lock-in is great, i look forward to taking it for a spin.

I cannot wait to start using this as it looks like it will make vpn&#x27;s a heck of a lot easier to manage. Here are my two questions:<p>1. Is it possible to use the same subnet on different innernets?<p>2. Could you please provide installation instructions for generic linux, as I am looking to host on almalinux and opensuse leap, neither of which use dpkg.<p>Thanks for sharing!

How does one update an oldschool web admin page to interact with this model?<p>For example, suppose Kermpany had already been up and running for a while with a standard Django website running behind Cloudflare with an admin page at example.com&#x2F;admin&#x2F;.<p>Now the things in the blog post have happened, and Kermpany wants to make sure that only machines on the &quot;humans&quot; CIDR can connect to the routes hosted at example.com&#x2F;admin&#x2F;.<p>What happens next? Does the admin tool move to a new domain?<p>The manual wireguard solution I know of is to add the example.com IP to the list of AllowedIPs, so the wireguard interface gets used for all requests from the local machine to example.com, and then restrict the &#x2F;admin&#x2F; route in nginx to just the wireguard server&#x27;s IP. But that takes a lot of bookkeeping and I feel like I&#x27;m missing something.

Somewhat unrelated but in case anyone from tonari.no is reading this: I&#x27;ve been following your project for some time[0] and would <i>love</i> to know more about it! Please please update your blog more frequently and maybe even upload some demo videos! :)<p>[0]: Ever since someone posted <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=23540586" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=23540586</a>

Like @chaz6 i&#x27;m really interested by tutorial&#x2F;docs for example to use software on a RPI4 &#x2F; nixos as an alternative to Tailscale :)

This is amazing! I&#x27;ve been thinking of writing a system for managing a wireguard network in rust for quite a while now but I&#x27;m still happy this popped up. Perhaps it would be nice to expand it into a bigger ecosystem with UI based interfaces for different platforms.

Could someone help me out? I understand how Wireguard and Tailscale work. But I don’t understand the various ways they could be used for personal and business use cases apart from a workaround for geoblocking. Could people currently using Tailscale chime in?

How name resolution is handled? I am going to play with it tonight, but it isn’t clear how is DNS setup. Is that something completely separated, or integrated on the tool? Thanks!

Wow, so neat! Thank you for developing this, and open sourcing it.

Looks cool!<p>Nebula has mobile apps. Might this be possible for Innernet in some distant future? It seems like no if it needs root.

All these seem nice but I never seem to find one that will interface with rootless nodes, amd link back to wherever my laptop is. There&#x27;s always a requirement for a kernel module or mounting a new interface. For now I use chisel, but it&#x27;s a hack and I need to manage addresses and ports manually.

Just a heads-up: there&#x27;s an old command-line news program named &quot;inn&quot; that might produce name conflicts for the innernet command-line tool.<p>Fortunately, it sounds like that&#x27;s just an alias, so people who care about &quot;inn&quot; can just spell out &quot;innernet&quot; or make a different alias themselves.

I’m going to try this because tailscale is extremely slow when you want to fully utilize your bandwidth.

This looks great!<p>Is a TCP mode planned? This would be useful for networks where outbound UDP isn&#x27;t allowed. (hotel wifi, other public wifis)<p>Do you plan to add automatic key rollover&#x2F;expiry?

private DNS does not work with tailscale. that means No Block Lists or nextdns.io.<p>if you private dns nameservers, DNS queries are made over plaintext.<p>Magic DNS is not a hard-sell.

Kudos to the team. Great!

What about my e-viruses and e-worms?

This was the name of my hometown ISP back in the late 90s.<p>You see, kids, back in the day, the internet was not ran exclusively by gigantic mega corporations whose only argument against monopoly was &quot;but but but <i>WE</i> wanted to be the monopoly!&quot; Before Walmart pushed out all the mom-and-pop grocery stores, we had mom-and-pop internet service providers, and they didn&#x27;t have to be called &quot;artisanal&quot; or &quot;organic&quot; to get anyone to care about them.