So I’m trying to bridge to physical locations together. At one location I control the firewall and at the other I don’t. I would normally use Wireguard but its all dynamic IPs so it would break every so often.
My though was to use I2P to create a bridge between the 2 places. I will use 0 hops on each with encrypted lease sets.
Is this a sain setup? What drawbacks will this have and will it be problematic? Also what security should I use for my encrypted lease set? I want only one device to connect and no others.
Edit: I think I’ll use i2p for dns
I2p seems an odd choice when DYNAMIC DNS exists for this particular situation where non static IPs are used.
In my case I use duckdns.org for DDNS, it is free and works well with wireguard.
Not terribly secure and is not nearly as fun.
Why not something like Zerotier?
Because that’s proprietary and adds more latency. I already have a vps for routing traffic into my server farm so if I was going to to go that route I wouldn’t even bother with ZeroTier
Yes this is sane and one of the main use cases for encrypted lease sets. Encrypted lease sets make it impossible for unauthorized users to connect to your hidden services.
If you know beforehand that only one client needs to be able to connect, choose “DH” as a security strategy, and share the client’s key with the server. This article explains these concepts in detail.
If you don’t care about anonymity (given the 0-hop tunnels), you could also stick both hosts on an overlay network like Yggdrasil. This may or may not be more convenient / performant based on the number of services you want to expose.