• ZeroTier for other stuff

    From esc@21:1/112 to All on Thu Apr 11 15:15:47 2019
    I'm pretty interested in the ZeroTier stuff everyone here has been discussing. I run all my BBS stuff in a VM on DigitalOcean and have been using a "private networking" option to allow my assets to talk to one another.

    For a while I was thinking of running various games and allowing multiple
    BBSes to connect (similar to a doorparty thing, but different games) and
    wanted to lock it down to a set of prescribed IP addresses. However, /this/ seems like a better and more persistent option. Everyone on the ZeroTier...subnet? I guess? ...could all access the game and the rest of the internet could be firewalled off. Sounds slick.

    Anyone else interested in something along these lines?

    --- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
    * Origin: Black Flag <ACiD Telnet HQ> blackflagbbs.com (21:1/112)
  • From deon@21:2/116.1 to esc on Fri Apr 12 01:21:27 2019
    On 11 Apr 2019, esc said the following...
    /this/ seems like a better and more persistent option. Everyone on the ZeroTier...subnet? I guess? ...could all access the game and the rest of the internet could be firewalled off. Sounds slick.

    Exactly. The more I look at this, it enables a groups with a common interest
    to interact, but keeps those out with the wrong interest (ie: to hack/compromise disrupt).

    Access be be "public" or "private" with the later option being that somebody needs to approve the connection. The network owner can assign the addresses
    to each applicant (or leave it purely dynamic) - but the benefit being of assigning "static" addresses - if you let a rogue person in by mistake, you can identify their activity and switch them off.

    Anyone else interested in something along these lines?

    I can see folks going crazy with zerotier (ie: everybody creating their own network), so I think the implementation needs to be smart. By smart, I think they "group" share a single network, not everybody in the group creates a network for the service they offer.

    So for BBSing, I think the common interest is everything from connecting to a BBS, exchanging mail with a BBS and with the advent of IP, connecting to a
    game server.

    Inside the BBS it has been broken down a bit further, ie: Fidonet, FSXnet,
    etc and I could see each net might want their own zerotier - because we have
    30 years of history of where it hasnt work collectively. But I dont think you want to break it down further than that.

    So back to your game server - if, for example, FSXnet provided the secure network for all FSX nodes (and MyFTN provided a secure network for all my
    MyFTN nodes) and you happen to be a member of both networks, then on your
    game server, you could join both networks. Some folks may use your service, some may not, but its nice to know its there in the network.

    In contrast, if you went the other way and created your own zerotier and
    asked some BBSs to join your network that may work too, but IMHO I think the former implementation in the previous paragraph is a better route. IE: I probably wouldnt join in, but if it was accessible in the network I'm in, I'd be curious and have a look.

    Food for thought...

    ...deon

    _--_|\ | Deon George
    / \ | Chinwag BBS - A BBS on a PI in Docker!
    \_.__.*/ |
    V | Coming from the 'burbs of Melbourne, Australia

    --- Mystic BBS v1.12 A43 2019/02/23 (Raspberry Pi/32)
    * Origin: Chinwag | MysticBBS in Docker on a Pi! (21:2/116.1)
  • From Vk3jed@21:1/109 to esc on Fri Apr 12 12:04:00 2019
    On 04-11-19 11:15, esc wrote to All <=-

    For a while I was thinking of running various games and allowing
    multiple BBSes to connect (similar to a doorparty thing, but different games) and wanted to lock it down to a set of prescribed IP addresses. However, /this/ seems like a better and more persistent option.
    Everyone on the ZeroTier...subnet? I guess? ...could all access the
    game and the rest of the internet could be firewalled off. Sounds
    slick.

    This could work, and if you had a dedicated system to run as the game server, you simply have it listen only on the ZeroTier IP(s), and it will be inaccessible to the wider Internet.


    ... Footprints in the sands of time are never made by sitting down.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From MeaTLoTioN@21:1/158 to deon on Fri Apr 12 23:18:39 2019
    Exactly. The more I look at this, it enables a groups with a common interest to interact, but keeps those out with the wrong interest (ie: to hack/compromise disrupt).

    The only thing I can think of that seems to put a less positive spin on this generally, is that by definition BBSing is a hobby and an enthusiasts all
    over as well as the curious people who've never seen before, should be able
    to access BBSes without any such hassle by having them locked away in a
    private network.

    Sure there might be the odd occasion where someone does something unwanted,
    but we need to keep this alive and spread it around not lock it away in my opinion.

    The ZeroTier network is a great idea, I really love it and think that it
    could lead to some pretty awesome stuff in the near future, but I don't think that using it to lock away the bbses to become something obscure and elite is the right thing to do.

    Perhaps using it to "securely" transmit interbbs data or to run interbbs
    games though could be useful... i'm sure there's a zillion things that this will allow bbses to be opened up to, but I get the feeling that it might be used to hide things away too. I'm not too keen on that bit.

    I have found it personally useful to set up zerotier on my vm's at home, and
    my work computer, so that I can access my vm's that don't have a route in
    from outside for me, so I can monitor home stuff while at work... extremely useful and that alone is a zerotier win for me, thanks Deon again for letting me know about it.

    I'd love to hear all the ideas about what it can be used for in regards of
    our bbses... I'm not poopooing any ideas that people have with this super utility, i just think that locking bbses away is probably going against our enthusiast hobby that we're trying to allow everyone in on.

    I'm probably just rambling at this point and not even sure I know what I
    mean, but I think probably just wanted to keep a discussion going, primarily
    so I can learn all the ideas people have about it, and make known my
    ponderings and/or concerns.

    Thanks y'all for reading this rambling, sorry if I bored you to sleep =)

    ---
    |14Best regards,
    |11Ch|03rist|11ia|15n |11a|03ka |11Me|03aTLoT|11io|15N

    |07── |08[|10eml|08] |15ml@erb.pw |07── |08[|10web|08] |15www.erb.pw |07───┐ |07── |08[|09fsx|08] |1521:1/158 |07── |08[|11tqw|08] |151337:1/101 |07┬──┘ |07── |08[|12rtn|08] |1580:774/81 |07─┬ |08[|14fdn|08] |152:250/5 |07───┘
    |07── |08[|10ark|08] |1510:104/2 |07─┘

    --- Mystic BBS v1.12 A43 2019/03/02 (Linux/64)
    * Origin: The Quantum Wormhole, Ramsgate, UK. bbs.erb.pw (21:1/158)
  • From Vk3jed@21:1/109 to MeaTLoTioN on Sat Apr 13 12:50:00 2019
    On 04-12-19 19:18, MeaTLoTioN wrote to deon <=-

    The ZeroTier network is a great idea, I really love it and think that
    it could lead to some pretty awesome stuff in the near future, but I
    don't think that using it to lock away the bbses to become something obscure and elite is the right thing to do.

    I agree with your concerns there, and for sure, end user access should be on the open Internet. However, infrastructure such as game servers and other "back end" services need not be exposed to the Internet, and these could be placed on ZeroTier networks for member BBSs to seurely access. Obviously, the "proper" solution and best way to solve the problem is to use a secure protocol between the front end BBS and the backend server, but BBSs don't always allow this, and using ZeroTier to secure backend communications is an option. Similar could be done with services like MRC.

    Perhaps using it to "securely" transmit interbbs data or to run
    interbbs games though could be useful... i'm sure there's a zillion
    things that this will allow bbses to be opened up to, but I get the feeling that it might be used to hide things away too. I'm not too keen
    on that bit.

    Yes, I see scope for secure transmission of data. On my end, I've simply configured my systems to allow connections from BOTH ZeroTier and the open Internet, so any users will not see any difference, but I now have more secure channels to share data with other BBSs.

    I have found it personally useful to set up zerotier on my vm's at
    home, and my work computer, so that I can access my vm's that don't
    have a route in from outside for me, so I can monitor home stuff while
    at work... extremely useful and that alone is a zerotier win for me, thanks Deon again for letting me know about it.

    I might have to run a ZeroTier network here for when I'm mobile. Currently, to get an insecure protocol in, I have to SSH in, then use telnet or whatever over a SSH tunnel. VPNs may or may not work, depending on design, due to the presence of one or more NATS in the path these days. ZeroTier looks like a neater solution, and one that's expandable to multiple networks.


    ... Don't mind me; I'm the designated drunk.
    === MultiMail/Win v0.51
    --- SBBSecho 3.03-Linux
    * Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (21:1/109)
  • From deon@21:2/116.1 to MeaTLoTioN on Sat Apr 13 03:13:58 2019
    On 12 Apr 2019, MeaTLoTioN said the following...
    The only thing I can think of that seems to put a less positive spin on this generally, is that by definition BBSing is a hobby and an
    enthusiasts all over as well as the curious people who've never seen before, should be able to access BBSes without any such hassle by having them locked away in a private network.

    So I agree with you.

    In BBS speak, telnet 23 could remain on the greater internet for folks to
    get into BBSing - I personally would like to close it off, but provide EASY instructions for those who want to get into it to do so. Zerotier provides an "adhoc" public secure network for this - I'll provide instructions for folks
    to play.

    BINKP 24554 I think I would prefer to have in zerotier - it doesnt need to be on the greater internet - and if I want to help newbies get into this, I'm happy to host a second "test" BINKP server so that they can learn the technology. If that gets compromised, its an easy reset (and hopefully by definition hasnt screwed with my live BBS.)

    ...deon

    _--_|\ | Deon George
    / \ | Chinwag BBS - A BBS on a PI in Docker!
    \_.__.*/ |
    V | Coming from the 'burbs of Melbourne, Australia

    --- Mystic BBS v1.12 A43 2019/02/23 (Raspberry Pi/32)
    * Origin: Chinwag | MysticBBS in Docker on a Pi! (21:2/116.1)