A way to set up a wireguard network. Having a simple network you can depend on to be secure is pretty great. Open up that un-auth website. Share files. SSH? Maybe just regular remote shell. Its all in the network! Like when you friends ran ethernet to eachothers rooms in college.
You should probably just use tailscale they've made a really great product. I used it. It's great. Works without much fuss. You Should probably use that.
While tailscale's e2e encyption is great they do control your peers. So at anypoint they could just shove another peer into your vpn and party down. That's probably fine. You've gotta trust somebody right? Maybe you're crazy paranoid or work for a company that decides they can't deal with that adependenc.
Setting up manual wireguard network is totally doable but it is not convenient. What if you've got a new machine and can't get to an existing one. Even if got one do you really want copy keys across through whatsapp or sms like a chump?
Instead what if you could download a tool on the new machine point it at a public dns/ip and use a two factor from your phone?
A server (virtual or otherwise) with a public ip. Need to be able to open udp ports on the public ip.
On your public server setup wg-sync serve. Get an TOTP token from that sever either locally or from other machine on wireguard network. On a new machine run wg-sync add and give it the the public ip/dns and token. Bam connected.
Under the covers we send udp packet with the udp token and added machines public ip. Once recived that is done get a new token.
Maybe not I probably fucked something up. The TOTP token should be encypted or you could be man in the middled. We could encyrpt with the public key of the public server. But thats harder to carry around/type in. Could put it in txt of DNS. TODO I guess.
Maybe? Need to read more about dsnet and subspace. Lots of other neat stuff here
Yes i've been drinking bourbon. Why do you ask?