Top
Best
New

Posted by captain_dfx 4 days ago

Rayfish, Peer-to-peer mesh VPN with no server to trust(rayfish.xyz)
69 points | 46 commentspage 2
Avicebron 2 hours ago|
> and membership is a signed record they each carry, not a question they ask a server.

Sigh..

I like the project though. It looks very similar to something I vibed up recently, must be in the air

winterqt 2 hours ago|
What’s the sigh to, out of curiosity, just because this makes revocation hard?
Borealid 2 hours ago|||
The grandparent comment is correctly pointing out the sentence is an LLM tell.

"Membership is a question they ask a server" is a bogus sentence. "membership" is not a "question". It's syntactically valid semantic nonsense.

"Membership is dictated by a server" is one of several human sentences saying what that one is trying to.

mintplant 2 hours ago||
Going from starting the project two weeks ago to already having a flashy marketing site is another tell, unfortunately. As much as I would love to see a trustworthy version of this idea.

https://github.com/rayfish/rayfish/commit/c49816e6dfba19e91a...

Avicebron 2 hours ago|||
Partly. Partly because using EUF-CMA pins the record to the CA which makes membership deniability non-trivial which I don't love. It's not dumb, it's what Signal uses AFAIK and in transit message deniability is different than the signer. But still..

Also that sentence structure is very claudelike.

captain_dfx 4 days ago|
Hi HN, we built Rayfish, a peer-to-peer mesh VPN written in Rust on top of iroh.

The core idea: every node has a keypair, and its identity on the network is that public key. From the key we derive a stable IPv4 in 100.64.0.0/10 and a stable IPv6 in 200::/7, similar in spirit to yggdrasil. Those addresses are yours for as long as you hold the key, and they don't change when you move networks or your physical IP changes. You still reach peers by IP or by a name.ray DNS name, the difference is that the address comes from the identity rather than from where you happen to be.

"No server to trust" is the part we care about most. There is no central control plane that brokers your traffic or holds the keys to your network. Peers find each other and connect directly over iroh's QUIC stack, with NAT traversal, hole punching, and relay fallback handled underneath. Relays, when used, only forward encrypted packets and never see your keys or decide who is in your network. Membership and trust live with the peers, not with us.

How it works in practice:

- Networks are closed by default. You join with a one-time invite, a reusable key for fleets of servers, or live approval from a member already inside. The room id is only for discovery, it is never an admission credential. - Any member can be granted the network key and act as a coordinator, so admitting new peers keeps working even if the original creator is offline. - There is a per-device firewall, directional and scoped by port and protocol, plus Magic DNS so you can reach nodes at name.ray (or just name, no need for the .ray suffix). - A "ray connect" flow links two people directly with no shared room, like a friend request between keys. - No ACLs. Networks are logical partitions. Firewall is per-host. You can combine both to have custom ACLs.

It is a single binary with a daemon and a CLI. `ray up`, then `ray create` or `ray join <invite>`, and you have a private network.

Honest limitations: it is early. The mesh protocol is gated at the transport layer, so we break compatibility between releases when we need to. There has been no third-party security audit yet. Mobile is not there. It runs on Linux and macOS today.

Code: https://github.com/rayfish/rayfish

Happy to get into the addressing scheme, the iroh transport, the admission and coordinator model, or anything else.

Retr0id 3 hours ago||
With IPv6 it's plausible that you can avoid collisions as long as you use an expensive hash function, but for v4 how do you avoid IP collisions?

With only 22 bits of entropy in your v4 addresses, you'll get accidental collisions with only ~2000 users.

keepupnow 1 hour ago|||
Please disclose your use of AI. It's rather telling 2 weeks from repository commencement to release. Why should anyone use this over other products, and what testing have you done to PROVE it works as explained by your LLM?
mac-monet 3 hours ago|||
Hey, thanks for sharing this, this is a very cool project and one that is the obvious next step with iroh. I'm curious if you plan to make it into a library to be used, or you intend to keep it solely as an application?
tom1337890 3 hours ago|||
Great work. I'm currently using tailscale and would love to have another option! Hosting my own iroh-relay makes it truely independent then. Only missing the mobile app now! Keep up the good work!
sillyfluke 3 hours ago|||
If you have any previous experience in this domain and/or other relevant credentials it would help to mention them here as well.
applfanboysbgon 3 hours ago|||
> Honest [...]

> Happy to get into the addressing scheme

I truly loathe how all of the HN spambots promoting shovelware include a stupid call-to-action for feedback/discussion.

aftbit 2 hours ago|||
> Happy to get into ...

No reply to various questions an hour later. I guess they're not really watching.

keepupnow 1 hour ago|||
They can be spotted a mile away. Check the repo - 2 weeks to complete!
zuzululu 2 hours ago||
could a MITM/poison-well attacks work here or susceptible ?

im also afraid of exploits disseminating from a mesh network it would be impossible to stop

great work