You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Serval Project is implementing a generic proxy for network traffic. We should, by default for a secure network, route all traffic over this proxy so that it is end-to-end encrypted.
The text was updated successfully, but these errors were encountered:
Would it make sense to offer the option to explicitly select serval-encrypted tunnels in QuickStart? Likewise, implement a straightforward on/off checkbox in luci to toggle serval tunnels for nodes that have already completed Quickstart? serval is definitely a viable option for encrypted tunnels, like tinc or even n2n, but it has so far shown to have large memory demands and affect nodes' stability.
I guess if we have robust per-interface configuration, we might want to select on a per-interface basis whether ALL traffic is routed over Serval, or whether we just provide a proxy. That's largely a UI and documentation issue. I'll go ahead and flag this for the UI review, so that we can address the question. Thanks, that's a good point about how we present options.
We could potentially support a different tunneling solution, but I would like to focus on bugfixing and improving one cryptosystem vs. supporting multiple in parallel, as much as possible. But ultimately, I see all of this as fairly pluggable, so that even if OTI doesn't implement, say, a tinc or ipsec or n2n based backhaul transport for v1, someone else could write a Commotiond plugin that would implement that functionality without having to rewrite all the interfaces and other pieces.
The Serval Project is implementing a generic proxy for network traffic. We should, by default for a secure network, route all traffic over this proxy so that it is end-to-end encrypted.
The text was updated successfully, but these errors were encountered: