Replies: 1 comment 4 replies
-
Hi @dfry 👋 Netmaker is a relatively young project (https://github.com/gravitl/netmaker/releases/tag/v0.1). EdgeVPN first takes goes back to 2020, where NetMaker wasn't a choice (yet) and Wireguard was not available as a module in the Linux Kernel. Note that our documentation refer to this implementation as "Experimental". It is secure, as it connections are still e2e encrypted between nodes, and, of course, it's an additional layer on top of plain traffic. However, while NetMaker seems great for VPNs connections, EdgeVPN does more than that - it actually spans as co-ordination layer with a shared ledger - as such is used by Kairos to organize nodes, but - if you don't need a VPN - it uses it only as a layer for consesus and set-up nodes autonomously. Most importantly, doesn't require a central server - at all, and it is by design. I'd suggest to have a look at https://kairos.io/docs/architecture/network/ as describes the rationale, and how it is used. It also gives some insights in how does it work. As you noted, I'm not a network security expert and the software didn't went through a full security audit so I'm being transparent there, however between peers review the architecture seemed very solid - did netmaker went to a full security audit that is publicly accessible, so I can compare? |
Beta Was this translation helpful? Give feedback.
-
Hello, great project by the way.
I am interested in knowing why Kairos has chosen to implement a meshed vpn solution based on edgevpn as opposed to leveraging a wireguard-based solution such as netmaker: https://github.com/gravitl/netmaker
The fact that edgevpn seems to indicate that it is not suitable for production seems deserving of a mention when advertising "Secure peer to peer mesh with VPN" as a feature on kairos.io's main page.
From edgevpn's github page:
⚠️ Warning!
I'm not a security expert, and this software didn't went through a full security audit, so don't use and rely on it for sensible traffic and not even for production environment! I did this mostly for fun while I was experimenting with libp2p.
Beta Was this translation helpful? Give feedback.
All reactions