So I’m trying to bridge to physical locations together. At one location I control the firewall and at the other I don’t. I would normally use Wireguard but its all dynamic IPs so it would break every so often.

My though was to use I2P to create a bridge between the 2 places. I will use 0 hops on each with encrypted lease sets.

Is this a sain setup? What drawbacks will this have and will it be problematic? Also what security should I use for my encrypted lease set? I want only one device to connect and no others.

Edit: I think I’ll use i2p for dns

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    11 months ago

    I2p seems an odd choice when DYNAMIC DNS exists for this particular situation where non static IPs are used.

  • MeldrikA
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    Why not something like Zerotier?

    • Possibly linux@lemmy.zipOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      11 months ago

      Because that’s proprietary and adds more latency. I already have a vps for routing traffic into my server farm so if I was going to to go that route I wouldn’t even bother with ZeroTier

  • 0v0@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    11 months ago

    Yes this is sane and one of the main use cases for encrypted lease sets. Encrypted lease sets make it impossible for unauthorized users to connect to your hidden services.

    If you know beforehand that only one client needs to be able to connect, choose “DH” as a security strategy, and share the client’s key with the server. This article explains these concepts in detail.

    If you don’t care about anonymity (given the 0-hop tunnels), you could also stick both hosts on an overlay network like Yggdrasil. This may or may not be more convenient / performant based on the number of services you want to expose.