ANN: Compute Server VPN

[williamstein]

The new Wireguard encrypted VPN between all compute servers in a project is now live and fully working in all the testing I've done. This a very critical foundation for building other things -- clusters, the distributed filesystem, etc.

If you want to try the encrypted wireguard vpn, just start two compute servers in the same project. Then type more /etc/hosts and see that compute-server-[n] resolves to the vpn address of the compute server (which will be of the form 10.11.x.y). Do apt-get install -y iputils-ping and then you can ping from one to another, e.g., ping compute-server-[n] . Also, if you set a subdomain so https://foo.cocalc.cloud works, then you can also use foo as a name to connect to. The exciting thing is that:

• all ports are opened on the vpn
• all traffic is fully encrypted
• only compute servers in the same project have access to the vpn
• this fully works across clouds, i.e., some nodes on google cloud and some on hyperstack, and they all connect to each other in a unified way.

Note that on-prem has one limitation still, e.g., on prem nodes can connect to all cloud nodes and all cloud nodes can connect to on prem nodes, but on prem nodes can't connect to each other. To make this work in general is complicated and expensive, requiring TURN servers, so we're not doing that for now. There's some special cases that will be supported in the future. This isn't the highest priority, since probably nobody but me uses on prem with more than one server so far...

Anyway, I think now that this is in place, implementing our new high performance distributed filesystem will be possible! Stay tuned.