You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The new Wireguard encrypted VPN between all compute servers in a project is now live and fully working in all the testing I've done. This a very critical foundation for building other things -- clusters, the distributed filesystem, etc.
If you want to try the encrypted wireguard vpn, just start two compute servers in the same project. Then type more /etc/hosts and see that compute-server-[n] resolves to the vpn address of the compute server (which will be of the form 10.11.x.y). Do apt-get install -y iputils-ping and then you can ping from one to another, e.g., ping compute-server-[n] . Also, if you set a subdomain so https://foo.cocalc.cloud works, then you can also use foo as a name to connect to. The exciting thing is that:
all ports are opened on the vpn
all traffic is fully encrypted
only compute servers in the same project have access to the vpn
this fully works across clouds, i.e., some nodes on google cloud and some on hyperstack, and they all connect to each other in a unified way.
Note that on-prem has one limitation still, e.g., on prem nodes can connect to all cloud nodes and all cloud nodes can connect to on prem nodes, but on prem nodes can't connect to each other. To make this work in general is complicated and expensive, requiring TURN servers, so we're not doing that for now. There's some special cases that will be supported in the future. This isn't the highest priority, since probably nobody but me uses on prem with more than one server so far...
Anyway, I think now that this is in place, implementing our new high performance distributed filesystem will be possible! Stay tuned.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The new Wireguard encrypted VPN between all compute servers in a project is now live and fully working in all the testing I've done. This a very critical foundation for building other things -- clusters, the distributed filesystem, etc.
If you want to try the encrypted wireguard vpn, just start two compute servers in the same project. Then type
more /etc/hosts
and see that compute-server-[n] resolves to the vpn address of the compute server (which will be of the form 10.11.x.y). Doapt-get install -y iputils-ping
and then you can ping from one to another, e.g.,ping compute-server-[n]
. Also, if you set a subdomain so https://foo.cocalc.cloud works, then you can also usefoo
as a name to connect to. The exciting thing is that:Note that on-prem has one limitation still, e.g., on prem nodes can connect to all cloud nodes and all cloud nodes can connect to on prem nodes, but on prem nodes can't connect to each other. To make this work in general is complicated and expensive, requiring TURN servers, so we're not doing that for now. There's some special cases that will be supported in the future. This isn't the highest priority, since probably nobody but me uses on prem with more than one server so far...
Anyway, I think now that this is in place, implementing our new high performance distributed filesystem will be possible! Stay tuned.
Beta Was this translation helpful? Give feedback.
All reactions