Is there anybody interested in building or using a service that routes static public IPs to self-hosted servers, over WireGuard? I made a prototype a week ago, here's the homepage:
I tried your service and it just works™, which is great. But a couple of points:
1) I saw that you're basically using one OVH box per IP. How do you plan to ever monetize this then?
What prevents a user from creating their own VPN instance on their own box and port forwarding from there? Granted this process is somewhat involved, but the kind of user who needs to do this is likely to be somewhat technically inclined anyway. (Some ideas: negotiate long-term deals for IP addresses and try to map > 1 IP per box / remove the static IP guarantee and keep a rotating pool of addresses – public IPs are more valuable than static IPs anyway IMO and you can integrate dynamic DNS into your service)
2) How do I know that you're not sniffing my traffic? Granted that most traffic being encrypted these days is a thing, but still I think it's a genuine concern.
3) I live in Asia, so latency was off-the-charts for me. (On the order of 500ms). But this problem could easily be solved by introducing servers in more locations.
1) I have monetization figured out. That's as much as I'll say for now.
2) that's a hard question, mainly because if I was using this service I would ask the same thing. Personally, I think a strong mission statement, privacy policy, and maybe a warrant canary would be good enough. At least with a strong privacy statement, I would be legally bound to never sell/peek at your data which is loads better than current ISPs.
I can't do much better than promise I wouldn't.
3) Did the Chicago server fare any better?
Also, thank you for the comments! I really appreciate them.
FYI: There is a funded, global, commercial gaming VPN service with HQ in SF also called Subspace that hss had deals with major gaming networks since 2019.
You might want to sort out the Subspace name and trademark, sooner than later.
> 2) How do I know that you're not sniffing my traffic? Granted that most traffic being encrypted these days is a thing, but still I think it's a genuine concern.
How does this work? I thought WireGuard encrypts the traffic?
That's true. However, ngrok adds a lot of restrictions like "40 connections a minute", or capping the number of port forwardings. It's unclear if ngrok support port 25 either. Also, paying a premium for encrypted transport in 2020?
I think it's less that you're paying a premium for encrypted transport, but that the uncomfortable unencrypted one is set up primarily as a demo/trial service.
I'm sure there is and will be demand for good static IPv4 tunnel brokers. I'm personally fine with dealing with dynamic DNS and port forwards for my home setup for now, but once I no longer have a public IPv4 assigned I would be a potential customer.
How do you deal with the global scarcity of IPv4-addresses that you would need to scale your service? I think this can only work long term if you own the address space yourself and are not dependent on some specific provider or cloud.
Also very important is a local endpoint to get a reasonable end to end latency.
Hey cool! Nice job, I'm been working on nearly the same thing, been using it for a bit and find this pattern has really nice properties, like it's great to access my servers at local network speed (ssh, file copy, etc really fast,) having the option to easily move the server to another network, adding something like cloudflare to the mix I'm thinking one could host quite well from home. What is the use case that inspired you to build it? I'm really curious to see what interest and dynamics you find. It would be great if you could post an update as things progress.
Yes, but just to check / point out that I don't think it's clear in current docs.txt (I know you said they're still WIP) - the 'hoppy server' that I add as a peer would be routed straight through to my own right, as in the public key for 'ca1.hoppy.network' is generated by me?
Or do I have to add a peer that's out of my control, which you use for routing between the two that are under my control?
> Is there anybody interested in building or using a service that routes static public IPs to self-hosted servers, over WireGuard?
I don't get how this helps me "build" a service. Can't find source code anywhere.
On a related note the whole reason I self host is so I don't have to rely on things I don't control so there is no way I would use something like this. Defeats the purpose of self hosting IMO.
Control is one element of self hosting, albeit full control may be difficult to obtain and also maintain speed and privacy. Pushing your ingress out to an edge node affords interesting properties. One of which is privacy (keeps your home ISP IP hidden from the public.) A service like Cloudflare gets you the same for browser traffic, a service like hoppy can work for all ports, email, ssh, voip, etc. Control can and perhaps should be implemented not at the channel layer but through cryptographic means such as authentication and end to end encryption.
Interesting -- bookmarked! I've had a need for something like this from time to time.
Is there any concern over people using your service for illegal/unfavorable activities like torrenting? Or are you planning to keep logs to provide to law enforcement requests?
I'm curious, how does one go about obtaining IPv4 address space these days? I thought it had become quite a pain, and usually expensive enough to need serious cash?
Yeah, the auctions are about all I've seen and they're pricey enough one would probably need some investment or a substantial loan to obtain enough space for this sort of thing. I'm not sure how a trial hobby project gets the money for that.
No, because I may want it reachable from somewhere that doesn't have good v6 support. Plus this guy's project is literally based on v4, so I'm not sure how that would work.
Great idea for a service! I do this for a bunch of personal services I host in le basement, where I don't want to either have any ports open it even expose my ip.
Pushing your ingress out to a full internet node simplifies behind the NAT/dynamic IP hosting. Once you have a static IP and no NAT or port restrictions it's much easier to run a from home personal cloud system.
..that might go something like this...
Raspberry Pi at home running docker containers with a reverse proxy like Nginx or Caddy. The Pi is set to automatically connect to the wireguard service once it has a network connection. The hosting server with the external public IP forwards port 80/443 browser traffic to the Pi sitting in your home LAN. Your domains can be mapped through Cloudflare to the public IP of your external server for an extra layer of privacy and caching. Requests to your Pi webserver reverse proxy through other containerized services on the Pi or to other hosts within your private home network running services like Wordpress, GOGS, Express Node app, Verdaccio (npm cache/proxy,) pretty much anything. Things get even more interesting if you run a reverse proxy on the remote server. It's also great to have a static public address by which to reach and manage your internal servers via ssh.
https://hoppy.network
I realized that I didn't want to ever deal with port-forwarding, NAT, or dynamic DNS and decided to create this. Message me if you want a signup link.