-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
Geyser
A bridge/proxy allowing you to connect to Minecraft: Java Edition servers with Minecraft: Bedrock Edition.
-
Paper
The most widely used, high performance Minecraft server that aims to fix gameplay and mechanics inconsistencies
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
It looks like the authentication rests upon looking up the owner of the incoming packet's (tailnet) IP address[0].
Does anyone know whether they have measures in place to protect against IP spoofing?
Background: The post here on HN reminded me of innernet (a Tailscale alternative) which was presented here on HN last year[1] and which is – at least in principle – vulnerable to IP spoofing[2] because it assumes incoming IP packets (with a WireGuard IP address as "source") must originate from WireGuard's wg0 network interface and cannot e.g. originate from eth0 – which, unfortunately, is not the case on most systems.
As far as I can tell from briefly looking at tsnet[3] (which is what their authentication proxy[4] uses under the hood), tsnet runs WireGuard in user space(?), so this should prevent IP spoofing. Can anyone confirm this?
[0] https://tailscale.com/blog/grafana-auth/
[1] https://news.ycombinator.com/item?id=26628285
[2] https://github.com/tonarino/innernet/issues/26
[3] https://github.com/tailscale/tailscale/blob/main/tsnet/
[4] https://github.com/tailscale/tailscale/tree/main/cmd/proxy-t...
It looks like the authentication rests upon looking up the owner of the incoming packet's (tailnet) IP address[0].
Does anyone know whether they have measures in place to protect against IP spoofing?
Background: The post here on HN reminded me of innernet (a Tailscale alternative) which was presented here on HN last year[1] and which is – at least in principle – vulnerable to IP spoofing[2] because it assumes incoming IP packets (with a WireGuard IP address as "source") must originate from WireGuard's wg0 network interface and cannot e.g. originate from eth0 – which, unfortunately, is not the case on most systems.
As far as I can tell from briefly looking at tsnet[3] (which is what their authentication proxy[4] uses under the hood), tsnet runs WireGuard in user space(?), so this should prevent IP spoofing. Can anyone confirm this?
[0] https://tailscale.com/blog/grafana-auth/
[1] https://news.ycombinator.com/item?id=26628285
[2] https://github.com/tonarino/innernet/issues/26
[3] https://github.com/tailscale/tailscale/blob/main/tsnet/
[4] https://github.com/tailscale/tailscale/tree/main/cmd/proxy-t...
Just wanted to point out that there's a pretty interesting project called Geyser[0] (along with a plugin called Floodgate[1]) that allows Java and Bedrock Minecraft users to connect to the same Java server. This might be an avenue the author could take to allow the tailscale auth here to work. In my implementation I'm using PaperMC[2] as well.
[0] https://github.com/GeyserMC/Geyser
[1] https://github.com/GeyserMC/Floodgate
[2] https://papermc.io/
Just wanted to point out that there's a pretty interesting project called Geyser[0] (along with a plugin called Floodgate[1]) that allows Java and Bedrock Minecraft users to connect to the same Java server. This might be an avenue the author could take to allow the tailscale auth here to work. In my implementation I'm using PaperMC[2] as well.
[0] https://github.com/GeyserMC/Geyser
[1] https://github.com/GeyserMC/Floodgate
[2] https://papermc.io/
Just wanted to point out that there's a pretty interesting project called Geyser[0] (along with a plugin called Floodgate[1]) that allows Java and Bedrock Minecraft users to connect to the same Java server. This might be an avenue the author could take to allow the tailscale auth here to work. In my implementation I'm using PaperMC[2] as well.
[0] https://github.com/GeyserMC/Geyser
[1] https://github.com/GeyserMC/Floodgate
[2] https://papermc.io/