Most active commenters

    ←back to thread

    Magic Wormhole: get things from one computer to another, safely

    (github.com)
    816 points tosh | 13 comments | 17 Aug 24 16:59 UTC | HN request time: 0.414s | source | bottom
    Show context
    geerlingguy ◴[17 Aug 24 18:23 UTC] No.41276702[source]
    I've used this for years when passing large files between systems in weird network environments, it's almost always flawless.

    For some more exotic testing, I was able to run my own magic wormhole relay[1], which let me tweak some things for faster/more reliable huge file copies. I still hate how often Google Drive will fall over when you throw a 10s-of-GB file at it.

    [1] https://www.jeffgeerling.com/blog/2023/my-own-magic-wormhole...

    replies(4): >>41277198 #>>41277682 #>>41277698 #>>41278657 #
    1. cl3misch ◴[17 Aug 24 19:23 UTC] No.41277198[source]
    > you need a machine that can handle whatever link speeds you need

    I would have expected the relay server only being used for initial handshake to punch through NAT, after which the transfer is P2P. Only in the case of some network restrictions the data really flows through the relay. How could they afford running the free relay otherwise?

    replies(2): >>41277253 #>>41277819 #
    2. lotharrr ◴[17 Aug 24 19:30 UTC] No.41277253[source]
    There are two servers. The "mailbox server" helps with handshakes and metadata transfers, and is super-low bandwidth, a few hundred bytes per connection. The "transit relay helper" is the one that handles the bulk data transfer iff the two sides were unable to establish a direct connection.

    I've been meaning to find the time to add NAT-hole-punching for years, but haven't managed it yet. We'd use the mailbox server messages to help the two sides learn about the IP addresses to use. That would increase the percentage of transfers that avoid the relay, but the last I read, something like 20% of peer-pairs would still need the relay, because their NATs are too restrictive.

    The relay usage hasn't been expensive enough to worry about, but if it gets more popular, that might change.

    replies(1): >>41277764 #
    3. bscphil ◴[17 Aug 24 20:37 UTC] No.41277764[source]
    The folks on the wormhole-rs fork (who appear to share your Github organization? [1]) already have NAT punching working 95+% of the time in my testing, so maybe what they're doing could be ported over to the Python implementation.

    [1] https://github.com/magic-wormhole

    replies(2): >>41282062 #>>41358694 #
    4. from-nibly ◴[17 Aug 24 20:45 UTC] No.41277819[source]
    You cant make a p2p connection over a NAT without exposing a port on the public side of the NAT.
    replies(3): >>41277878 #>>41278549 #>>41278577 #
    5. t0mas88 ◴[17 Aug 24 20:54 UTC] No.41277878[source]
    You can: https://en.wikipedia.org/wiki/Hole_punching_(networking)
    6. kccqzy ◴[17 Aug 24 22:31 UTC] No.41278549[source]
    Go check out STUN and ICE.

    The best article I've found about NAT traversal is this article from Tailscale: https://tailscale.com/blog/how-nat-traversal-works

    replies(2): >>41280333 #>>41282082 #
    7. voxic11 ◴[17 Aug 24 22:36 UTC] No.41278577[source]
    You aren't guaranteed to be able to do that but in practice most times you can.
    8. jvansc ◴[18 Aug 24 05:36 UTC] No.41280333{3}[source]
    https://sendfiles.dev/
    replies(2): >>41280397 #>>41283384 #
    9. yownie ◴[18 Aug 24 05:55 UTC] No.41280397{4}[source]
    is there a filesize limit for this?
    10. Fnoord ◴[18 Aug 24 12:46 UTC] No.41282062{3}[source]
    The Rust implementation on Tailscale worked well for me. Except on a layer 7 firewall have to be quick to permit the connection or else it tries fallback.
    11. Fnoord ◴[18 Aug 24 12:51 UTC] No.41282082{3}[source]
    Not bad, though you don't even need STUN or ICE;

    https://github.com/samyk/pwnat

    https://github.com/samyk/slipstream

    12. kccqzy ◴[18 Aug 24 16:39 UTC] No.41283384{4}[source]
    That uses WebRTC, which uses the same NAT traversal tricks.
    13. meejah ◴[26 Aug 24 16:14 UTC] No.41358694{3}[source]
    That is just using normal STUN/TURN via another server that one of those developers is running