| Hello HN, I would like to announce the soft availability of The Reliquary [0]:
A "VPN" service for hackers. Note that VPN is in air quotes here because it is not a traditional consumer
VPN your strange uncle uses to watch questionable online content. With Reliquary you can setup end-to-end encrypted, peer-to-peer tunnels
between your devices no matter where they are located. The Reliquary was started after I built sanctum [1] to make it a bit
easier to setup networks and tunnels between me and my hacker friends. I ended up building a simple management API around sanctum and its
cathedral mode that allows you to define networks and join devices into
these networks, all the while keeping the shared secrets sanctum builds its
security on completely in your hands while still providing meaningful
ways of doing key rotations. On your client devices you use some shell scripts reliquary provides to
manage sanctum configurations, there's zero magic. A cathedral in sanctum acts as a discovery point (think STUN) for your
devices and can relay (but not read/alter) encrypted traffic when needed.
They also facilitate key rollover by acting as a distribution point
for your shared secrets (which are wrapped with per-device KEKs). If your devices are behind reasonable NAT, they will move towards
a peer-to-peer connection, leaving the cathedral behind. Keep in mind that The Reliquary is directly aimed at the hacker crowd as
one should be familiar with certain topics to be able to feel comfortable
with it (you need to handle your own key management, network setup, etc). A starting guide can be found at [2] for those who are interested. I built this to be useful to me and my hacker friends, I hope some of
you might find it equally useful - I am happy to answer some
questions but I dislike writing on public forums (digital agoraphobia?) You can get in touch with me via joris@sanctorum.se Take care, [0] https://reliquary.se
[1] https://sanctorum.se/sanctum/
[2] https://reliquary.se/guide.html |