Loading…
Engineering notes, release announcements, and deep-dives from the TunnelMesh team.
TunnelMesh has had logs and metrics for a while. Today we're shipping distributed tracing via OpenTelemetry, completing the observability trifecta and making routing and storage problems dramatically easier to diagnose.
Read article"Hyperconverged infrastructure" sounds like buzzword soup, but the idea behind it is genuinely useful — and TunnelMesh is a pure software expression of that idea for distributed, encrypted networks.
Read articleA field guide to the six Terraform deployment scenarios — from a $4/month single-node setup to a multi-region mesh with monitoring, exit peers, and HA coordinators.
Read articleA deep dive into TunnelMesh's packet filter — the default-deny firewall that lives inside the tunnel and gives you per-peer, per-protocol access control without touching the host firewall.
Read articleA few months in, TunnelMesh is running on real infrastructure. Here's what we learned from watching it operate outside our own machines.
Read articleTunnelMesh can expose a shared S3-compatible object store to all mesh nodes. Here's the architecture, the use cases it solves, and how to set it up.
Read articleHow TunnelMesh thinks about identity — from SSH key derivation to per-user packet filtering — and what "zero trust" actually means in a mesh network you control.
Read articleHow does TunnelMesh actually perform? We look at throughput, latency, and CPU overhead across transport modes and hardware — methodology included so you can reproduce the results.
Read articleAn honest look at where the project stands, what's working, what still needs work, and what we're building next.
Read articleA technical walkthrough of how TunnelMesh selects, negotiates, and promotes transport paths between peers — and the engineering decisions behind the three-level fallback.
Read articleNFS was designed for trusted local networks. TunnelMesh makes the mesh a trusted local network — here's how we use that to share files securely across geographically distributed nodes.
Read articleTunnelMesh's admin panel includes a Docker tab that lets you view, start, stop, and inspect containers running on any mesh node — without SSH-ing into each machine.
Read articleA deep dive into why we chose ChaCha20-Poly1305 over AES-GCM, how AEAD ciphers work, and what the performance profile looks like on hardware without AES acceleration.
Read articleA month into writing a networking tool in Go — what the language got right, where we hit walls, and the libraries that saved us.
Read articleGetting two machines behind NAT to talk directly is harder than it should be. Here's how TunnelMesh does it — and what happens when it can't.
Read articleA practical walkthrough of the Noise IKpsk2 handshake pattern — why we chose it, what it gives us for free, and what the handshake actually looks like on the wire.
Read articleEvery side project starts with a frustration. Ours started with a weekend of fighting WireGuard configs, broken NAT traversal, and the realisation that none of the existing tools did exactly what we needed.
Read articleToday we're open-sourcing TunnelMesh — a P2P mesh networking tool built in Go that creates encrypted tunnels between nodes using the Noise IKpsk2 protocol with ChaCha20-Poly1305 encryption.
Read articleA place for engineering notes, release announcements, and deep-dives on encrypted mesh networking.
Read article