“Create P2P tunnels instantly that bypass any network, firewall, NAT restrictions and expose your local network to the internet securely, no Dynamic DNS required.”

  • MangoPenguin
    link
    fedilink
    English
    arrow-up
    13
    ·
    6 months ago

    I don’t understand, it says it’s P2P, then it also says expose your local network to the internet securely. How can a P2P service expose anything to the internet without a gateway server somewhere?

    Static IP address and Dynamic DNS can expose your network to attackers on the internet. With Holesail, you expose only the port you choose.

    That’s also how NAT works, you only expose the ports you choose.

    • CasualTee@beehaw.org
      link
      fedilink
      arrow-up
      2
      ·
      6 months ago

      This looks like one of those wireguard based solution like tailscale or netbird though I’m not sure they are using it here. They all use a public relay used for NAT penetration as well as client discovery and in some instance, when NAT pen fails, traffic relay. From the usage, this seems to be the case here as well:

      Share the local Minecraft server:

      $ holesail --live 25565 --connector “holesailMCServer420”

      On other computer(s):

      $ holesail “holesailMCServer420”

      So this would register a “holesailMCServer420” on their relay server. The clients could then join this network just by knowing its name and the relay will help then reach the host of the Minecraft server. I’m just extrapolating from the above commands though. They could be using DHT for client discovery. But I expect they’d need some form of relay for NAT pen at the very least.

      As for exposing your local network securely, wireguard based solution allow you to change the routing table of the peers as well as the DNS server used to be able to assign domain name to IPs only reachable from within another local network. In this instance, it works very much like a VPN except that the connection to the VPN gateway is done through a P2P protocol rather than trough a service directly exposed to the internet.

      Though in the instance of holesail, I have heavy doubts about “securely” as no authentication seems required to join a network: you just need to know its name. And there is no indication that choosing a fully random name is enough.