“Create P2P tunnels instantly that bypass any network, firewall, NAT restrictions and expose your local network to the internet securely, no Dynamic DNS required.”
Join our Discord Support Server
Right into the trash.
Discord is still a legitimate form of contact and support for a lot of people. Out of interest, where do you see that line? I can only see Discord mentioned alongside e-mail and some other (even less tasteful than Discord) contact methods for support.
To all those downvoting I’m not saying that Holesail is using Discord correctly, just saying that just having Discord (or any other chat platform) as an option shouldn’t be an instant red flag and it depends on how the project actually utilises it.
Very first line of the GitHub readme. As a support tool it’s mostly useless, endless similar or identical questions answered differently or not at all and none of it indexed by search engines for use on the web.
It’s an awful data silo / black hole that increases volunteer load.
I’ve tried to use it to ask for help on a couple of other open source projects and I thought that I was using it in the wrong way, that I was missing something. So…I was not! I don’t understand how people could use it for support. Guys talking over each other, questions mixed and lost between other people’s chats, terrible!
We use Discord rather extensively but we don’t have this problem. I don’t think the issue is Discord itself (or for that matter any chat, be it IRC or Matrix) but the way it is used. I think it unfair to just blacklist a project just because it uses it.
We use Discord for team chat and conversations, the instant nature of a chat app suits this purpose far more than an async platform like a forum for us. This is either commonly known or transient info, not something we are interested in preserving. Long form conversations (like the status of our OS packaging) that require input over a long period goes into a forum topic.
We also use it for support for short form questions and help - anything more than a quick answer or “active” help then we recommend filling in an issue form or using the forum.
If a question comes up more than a few times then we make sure that it is documented - either in an FAQ or in the main documentation as it is clear that information isn’t readily available or easy to find.
I’m not necessarily defending their use of Discord as I don’t know exactly what they are doing but it does seem they don’t have any alternative community areas. In contrast, yes we have a Discord but we also have a Lemmy community, a Subreddit (I’m honestly against keeping that one going but we would rather not shut out users from support), Mastodon and forum.
So no, it doesn’t increase volunteer load in all cases, it is a valuable tool for us. Not that I’m wedded to Discord in particular (I’d honestly prefer to migrate it all to Matrix) but the idea of a chat platform for projects is not a bad thing by itself, it is how the project uses it.
The problem is not that Discord is used as a contact method the problem is that Discord chats are not indexable so if someone has a problem and gets solved its gets lost on the chat logs and its not like a forum.
I know some subreddits where people ask the same questions over and over, all day every day. They don’t read the rules/sidebar, they don’t read the stickied posts, they don’t read the automod response and they don’t search before posting. if you mention any of those they immediately turn defensive and abusive usually. it’s incredibly frustrating.
I think that is more of a comment on incorrect use of such a platform and it would be the same whether it was IRC or Matrix. I’ve put a more detailed response to another comment if you were interested - https://lemmy.ml/comment/11850496
Static IP address and Dynamic DNS can expose your network to attackers on the internet. With Holesail, you expose only the port you choose.
Er, wut? If you’re exposing a port, then your public IP is being used, as a port is a subset of an IP interface. So even Holesail uses the public IP in some way…thats how the internet works. Unless they’re only making outbound connections, which isn’t a new idea at all - Hamachi was doing it 20 years ago.
This sounds like FUD to me - of course your public IP is used, whether static or dynamic. How do they supposedly mitigate this risk?
There’s nothing on the home page saying how it works, or how it’s different than current solutions.
I’m intrigued to see a new tool in this space, but this one is starting off leaving a bad taste. Even Tailscale admits they use Wireguard, and even have a comparison between Wireguard and Tailscale that’s pretty honest (though they focus on what Tailscale adds).
Being open and transparent is a minimum today - anything less and it’s not worth the time for a second look.
My guess is that this works similar to a Tor hidden service, where you can’t even access the open port without a key of some kind and then you can only access that specific port. It’s not the same as having a port open on your IPv4 address since from the router’s perspective it’s only an outgoing connection. Somebody portscanning you wouldn’t find that port open. Though I could be wrong.
This VPN protocol usually uses a private key (client) / public key (server) combo that is used to connect through a public IP address (the 2 nodes can’t communicate it without) using the specified TCP or UDP (more often lately) and port to create the VPN tunnel that’s gets established during the handshakes.
There is a whole lot more going on with the process but that’s a high level view. But I have a WireGuard VPN service running on a raspberry pi that I put in a DMZ on my perimeter firewall.
But a port scanner would be able to see that port is open. Make sure you keep your software up to date. Hopefully the software devs of the VPN application is keeping their stuff up to date to avoid any vulnerabilities getting exposed in the code and a backdoor getting created because of it. As long as that doesn’t become an issue, no one will be able to get through without the private key. And those are usually uncrackable in a lifetime with the complexity and length of the key.
Open UDP ports are pretty secure and rarely found by scanners. The basic issue with scanning for UDP is, that most services don’t respond to random garbage you try to probe then with. Without getting a response back, the scanner has no way of knowing if there is something running on that port or not.
Wireguard in particular only responds if the correct key is given.
Also make sure your firewall DROPs (usually the default, but do check) disallowed connections instead of REJECT. This way any UDP probing, whether it’s to an open port or closed one just times out with no way for the scanner to distinguish them.
Because you’re only ‘exposing’ the port on the peer to peer network.
You “publish” a port to holesail, then clients have to create a local proxy via holesail before they can access it.
I agree, It’s a dumb pointless claim. But I don’t think it’s misleading.
It looks like holesail is just tailscale, but on a much smaller scale. It’s not networks, it’s just ports.
I don’t understand, it says it’s P2P, then it also says expose your local network to the internet securely. How can a P2P service expose anything to the internet without a gateway server somewhere?
Static IP address and Dynamic DNS can expose your network to attackers on the internet. With Holesail, you expose only the port you choose.
That’s also how NAT works, you only expose the ports you choose.
This looks like one of those wireguard based solution like tailscale or netbird though I’m not sure they are using it here. They all use a public relay used for NAT penetration as well as client discovery and in some instance, when NAT pen fails, traffic relay. From the usage, this seems to be the case here as well:
Share the local Minecraft server:
$ holesail --live 25565 --connector “holesailMCServer420”
On other computer(s):
$ holesail “holesailMCServer420”
So this would register a “holesailMCServer420” on their relay server. The clients could then join this network just by knowing its name and the relay will help then reach the host of the Minecraft server. I’m just extrapolating from the above commands though. They could be using DHT for client discovery. But I expect they’d need some form of relay for NAT pen at the very least.
As for exposing your local network securely, wireguard based solution allow you to change the routing table of the peers as well as the DNS server used to be able to assign domain name to IPs only reachable from within another local network. In this instance, it works very much like a VPN except that the connection to the VPN gateway is done through a P2P protocol rather than trough a service directly exposed to the internet.
Though in the instance of holesail, I have heavy doubts about “securely” as no authentication seems required to join a network: you just need to know its name. And there is no indication that choosing a fully random name is enough.
Trying to figure this out
Hyperswam dht is used as the hole punch intermediary… Which is running on the hole punch swarm…https://github.com/hyperswarm
I can’t find a good overview document of how the entire architecture works, there’s no Wikipedia page on this system.
At its core, if it’s open source, I want to know what I need to run this independently on my own networks without touching any of their stuff.
There’s more information about the components of this system here:
There really isn’t much to this Holesail project - it’s a little convenience wrapper around Hyper DHT and that’s a part of this Pear project it seems. That site has a list of the various components and links to each one’s GitHub.
Pear looks like an interesting project but I haven’t looked through the details of how it works.
Setting up a custom reverse proxy is time-consuming and requires advanced knowledge of nginx/apache2.
ezpz with Caddy. tailscale + caddy can get this done pretty easily.
Also, not hating on nodejs, but this project screams like it shouldn’t be in nodejs. Maybe if there was a webui included that would make sense. Otherwise I’d expect C or Go.
