Mixing private and public config .... makes sense ?


Will this conf for a device spread the private relay coordinates into the wide ?


Thank you

The announce server is told about the relays, as otherwise other devices could not use them to connect to you, usually. So yes, sort of, if anyone knows to ask.

Thanks for reply calmh

In other words, as soon as a fully private group of devices with their own private relay(s)+disco(s) welcomes a mixed device, the private(s) relay(s) become publicly known? Not been so good in english your “if anyone knows to ask” lets me scratch my head. Would asking the mixed guest to use ip:port to private devices be a workaround? Half-one at least, because the guest looses the ability to find roaming private devices

When a device is using global discovery, it lets the discovery server know where it can be contacted. That includes any public IP address and relay addresses.

When asking the discovery server about a given device ID, it will answer with the information it has.

By “if anyone knows to ask” @calmh means. If a device connects to the public discovery server and requests the address of the specific device it will be told all of the ways to contact that device, including the private relay address.

This in essence would allow someone running a discovery server to build a list of private relays if they wanted.

You guys made this clearer in my mind.

There is no way to make sure the private relay will remain private. Even not telling the guest about the private relay and disco, a yet aware node would decide to switch on its own to a mixed config, revealing the private relay. This is the classic shared secret weakness.

Thank you

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.