How do Mesh VPNs work? Writing my own VPN tool in Golang to find out | Sam Lewis

CREATED: [2022-02-22 Tue 13:31]
ID: ea3d0e2c-bb33-455c-8e27-7b39dc8a04e7
ROAM_REFS: https://www.samlewis.me/2021/07/creating-mesh-vpn-tool-for-fun/
MTIME: [2024-12-25 Wed 16:07]

Mesh VPN tools, such as Nebula 👁, Tailscale 👁, Zerotier 👁 and Tinc 👁, facilitate the creation of peer to peer (mesh) networks across the internet. These tools securely, performantly and transparently enable multiple distributed computers to communicate as though they were physically connected to the same network switch (layer 2 or 3, depending on the tool and configuration used). There’s lots of use cases for these tools, but some popular uses-cases are:

Allowing services on instances across multiple clouds to communicate Allowing secure remote access to home networks for roaming users Bridging “home lab” networks with cloud networks These tools enable this communication to occur transparently to applications that are sending and receiving packets over the mesh, while also working around common barriers in networking over the internet, such as firewalls and NAT.

The mesh model is in contrast to traditional “star” VPN solutions, such as OpenVPN or StrongSwan. In a star VPN, traffic between peers needs to pass through a central VPN server, which increases latency and reduces scalability (the central server can only handle so much traffic). The image below shows a simplified high level view of the VPN types. A mesh VPN facilitates direct connections between peers, whereas a star requires connections to go through a central server.