Comment by bradfitz

Comment by bradfitz 2 days ago

2 replies

View on Hacker News

> Otherwise Plan 9 can do it's own VPN-like over tls or ssh tunnels and bind remote network stacks to a local namespace

Note that one of Tailscale's main party tricks is NAT traversal, when both machines are behind different NATs and can't otherwise get a connection open to each other. (And then Tailscale ultimately falls back to a relay server on the internet if it can't get a direct connection for IP packets)

MisterTea 2 days ago

For situations where you have no control over the NAT then this is indeed the case.

Though, 9front lets you run your own NAT giving you an Internet facing 9 machine you can serve a TLS tunnel from directly. So the server side is solved making the client side NAT a non issue.

Reply View 1 reply
  • bradfitz 2 days ago

    If your 9front machine is in a position on the network whereby it could serve a NAT, you don't have many networking problems at that point. Almost all operating systems can do NAT in such a position.

    I'm talking about two machines deep in somebody else's network or where you don't control the router/NAT.

    Reply View 0 replies