[tptacek]

Yes! This person gets it.

[xbar]

I'm a fan of the writing style. It reminds of smart people I know. I haven't bought any fly.io yet, so I don't know that I'm you're target market. Still--well said, repeatedly.

[ficklepickle]

I've had a fly.io tab open for months. I haven't had time to use it yet, but something in me won't let me close that tab.

[tptacek]

I wish I could tell you it would eat a bunch of your time, engaging your curiosity and sense of wonder all the way, but really what's going to happen is you're going to install `flyctl`, go somewhere with a Dockerfile, do `flyctl app create` and then `flyctl app deploy` and it's going to just work. :)

[omribahumi]

Have you considered using ssh command's ProxyCommand option? It allows you to replace the TCP transport with communication over stdin/stdout.

It could help you replace the TUN with something more cross platform, and possibly with less overhead. You can pass in the hostname using %h, so you can even have virtual DNS.

[tptacek]

How does that help us here? Without WireGuard, there's no channel with which you can talk to a Fly Hallpass instance, by design.

[xmodem]

Implement the userspace wireguard client and TCP stack as a ProxyCommand, make something useful for the general case of SSH'ing over wireguard.

[tptacek]

You can totally do that. The code is public, and for a simple TCP proxy, we're talking, maybe, a couple dozen lines.