
Meshbird – distributed private networking - gyre007
http://meshbird.com/
======
galadran
This project has so many cryptographic wrong answers, I don't know where to
begin.

Glaring problems: \- The same unchanging aes key is shared between all nodes
on a network. Compromise one, compromise all. Additionally a bad node can
impersonate any other node.

    
    
        - The 96 bit nonce is derived randomly and there is no rekeying which means sending more than 2^32 messages will leak your (static, unchanging) key to the world. That's 2^32  total between all clients on a network. Hope everyone is manually updating their keys! 
    
        - Default unchanging password of `hello-world` is set. Everyone remembers to change that environment variable right?
    
        - The KDF is md5, which means attackers can brute force guess the key incredibly fast. 
    
        - There's no perfect forward secrecy (aging out of old keys). 
    

Amazingly, this is still better than their last version, which used AES-CBC
and used the same value for both the key and the IV (which is transmitted over
the network).

Summary: Stick to Wireguard!

------
narak
Looks like a decentralized version of ZeroTier[1] (No affiliation)

Would be interested in hearing from Adam[2] the trade-offs between fully and
partially decentralized architectures

1: [https://www.zerotier.com/](https://www.zerotier.com/)

2:
[https://news.ycombinator.com/user?id=api](https://news.ycombinator.com/user?id=api)

~~~
viraptor
Not Adam, but I believe this:

> All traffic transmit directly to recepient peer without passing any
> gateways. Meshbird do not require any centralized servers.

means you can't have a NAT on both sides of connection. Zerotier falls back to
proxying the traffic if you can't connect directly.

~~~
hunter2_
Wait, can't something in this list of techniques handle a NAT on both sides?
[https://en.m.wikipedia.org/wiki/NAT_traversal](https://en.m.wikipedia.org/wiki/NAT_traversal)

If not, please pardon my ignorance; not a networking expert.

~~~
yardstick
There’s two issues here-

1) They switched away from UDP, now use TCP. So NAT traversal / punching isn’t
possible.

2) Even if UDP was used there’s still some network setups that aren’t
traversal friendly, such as most cellular/LTE networks where port mappings are
unpredictable.

~~~
eps
TCP-based NAT punching is perfectly possible. Not that it’s needed often in
systems that employ punching (due to it being a fallback option if UDP is
unavailable), but it’s easy to do and works well.

~~~
viraptor
How does that work? NATs (usually?) track TCP state. That means party A sends
a SYN and will only pass in SYN-ACK. Party B's NAT drops SYN on the floor.
Same happens the other direction. It works for UDP because there's no concept
of an established connection, but TCP?

~~~
eps
Look up something called Symmetrical TCP Open.

~~~
viraptor
Name in papers: stunt, natblaster, p2pnet. They mostly depend on raw sockets
unfortunately. And:

> Similarly, adding port prediction to the P2PNAT approach allows it to handle
> symmetric NATs increasing its success rate to 84.3%

Interesting that it works, but doesn't seem very reliable.

~~~
eps
You are reading wrong papers :)

Clients A and B connect to a rendezvous host. R looks at A and B's ports,
guesses which ports they will use for the next connection and instructs them
to connect to each other respectively. First SYN packets are lost, but they
poke holes, so on the retry the symmetrical open kicks in and peers hook up
into a shared TCP connection. The end.

~~~
viraptor
Again, that's only if the NAT allows this. Not all of them do and not all of
them will have predictable port mappings. See
[http://www.ijimt.org/papers/226-G0027.pdf](http://www.ijimt.org/papers/226-G0027.pdf)
for example for details about what works when.

~~~
eps
It's been a while since I worked on this, but back then over 80% NAT devices
used simple +1 port allocation. Some fraction was using other increments and
only OpenBSD used truly random overloading. The main issue with port
prediction in general wasn't making it _per se_ , but making it quick enough
so that it won't expire.

From what I remember ingress TCP filtering was universally very dumb - if
there was a SYN out, anything on the same quartet of IP/ports was allowed in.
That was on a sample of several thousand devices, though most of these were of
consumer grade. It was also few years before the paper you linked to above.

------
atheiste
The quality seems a bit low. There is a similar project based on academic
routing protocol Babel and implemented reliably by a professional called Re6st
[https://re6st.nexedi.com](https://re6st.nexedi.com)

Re6st indeed is more focused on connectivity than performance because it re-
establish connection even when the Chinese great firewall kicks in.

------
win_ini
Is this like Hamachi but for servers/command line?

------
dcow
Previous discussion:
[https://news.ycombinator.com/item?id=13638636](https://news.ycombinator.com/item?id=13638636)

------
vageli
How does the meshing/peer discovery work? Is connection information encoded in
the key?

~~~
naikrovek
DHT

~~~
gduffy
Not anymore.

    
    
      # Changelog
      ## v2.0
      - removed DHT
      [...]
      - bootstraping and peer exchange from one or more nodes

------
nodesocket
In the previous discussion HN users were complaining about "AES-256 in CBC
mode but without an authentication tag (HMAC)". Is this still the case or has
it been addressed?

Also, any idea the overhead in terms of CPU pushing around 100Mbps?

~~~
viraptor
Seems like it was replaced with GCM in
[https://github.com/meshbird/meshbird/commit/f4e50d5596b05d0c...](https://github.com/meshbird/meshbird/commit/f4e50d5596b05d0c5924fb42ec0d449f53ed76df)

~~~
newman314
"Unfortunately I wasn't able to understand this piece of code and what it was
aiming to, so I didn't changed."

That seems alarming for a commit message.

------
KaiserPro
Hmm, I would be keen to try it, however:

There are scant details on the website as to _how_ it works. They don't appear
to backup the claim that its "distributed"

Are they just using a DHT to distribute IP addresses, then use wireguard to
connect? how is routing configured? is it dynamic.

All of the basics seem to require looking into the code, which seems a little
obtuse

also, wget'ing a script direct into sh, not a healthy start. easy installers
== great, but not when its piped directly into sh. Tar.gz and make it obvious
that your not hiding stuff, and make sure you post a hash of the tar.

------
auxten
The website is fancy, but I believe
[https://github.com/CovenantSQL/CovenantSQL/tree/develop/rpc](https://github.com/CovenantSQL/CovenantSQL/tree/develop/rpc)
is way better “distributed private networking”

------
bayesian_horse
It shouldn't matter but if I read English text with all the third-person "s"
missing I somehow assume the worst.

And it is a bit strange their English is mostly correct and then they make
this mistake consistently. Maybe not a mistake?

------
ChristianBundy
How does this compare to cjdns?

------
audi0slave
No tests?

~~~
huhtenberg
And no documentation.

------
ukd1
Is this like zerotier?

------
nik1aa5
How does this compare to tinc-vpn.org?

------
DiabloD3
So, wget a random sh script and run it? Really?

~~~
prophesi
Yeah, there's a lot of unknowns with this project.
[https://github.com/meshbird/meshbird/issues/85](https://github.com/meshbird/meshbird/issues/85)

~~~
voltagex_
I'll point to this next when the value of reproducible builds is questioned:
[https://github.com/meshbird/meshbird/issues/85#issuecomment-...](https://github.com/meshbird/meshbird/issues/85#issuecomment-424547492)

~~~
phs318u
Good catch!

------
snambi
How does it work?

------
johnchristopher
Funny how the submitted URL isn't the https one ^^.

------
RootKitBeerCat
What’s the catch?

~~~
cafxx
I guess that the author doesn't know what they're doing:
[https://github.com/meshbird/meshbird/blob/19fa62219dd1dd9069...](https://github.com/meshbird/meshbird/blob/19fa62219dd1dd906935e1bccac85193723d48b8/src/meshbird/transport/crypto.go#L10-L26)

~~~
miovoid
Why not?

