Why it is cool
The goal here is to make my PI reachable from everywhere, no matter where is it. It’s not like publishing it to the internet, it’s a private network, currently not connected to any external peers, which helps to reduce the attack surface. Think of it as VPN service without any central servers, nodes just connects to each other, and they can reach each other by discovering routes, so if any node breaks down, it will be just that node, and the rest of the network will find an other way around.
My choice was cjdns ( https://github.com/cjdelisle/cjdns ), because it’s easy to setup, and provides some degree of end-to-end encryption.
How to do that
First, it’ll need a recent version of node.js. I’ve tried to download binary packages from some pi-specific site, or the nodejs armv7 version (cat /proc/cpuinfo to see which arm version you have), but it just didn’t worked.
The solution was to download the source ( https://nodejs.org/en/download/ ), and compiled it.
It took several hours, as it includes openssl and other deps, but when finished, just copied binaries into /usr/local/bin and worked.
Next, downloaded cjds with
git clone https://github.com/cjdelisle/cjdns
I’ve tried to compile it with
./do , but it doesn’t worked, and I’ve found out that the seccomp support on raspberry default kernels (Raspbian) is not like what cjdns is expecting; see https://github.com/hyperboria/bugs/issues/6 for details, but in short, you need to build with
NO_TEST=1 Seccomp_NO=1 ./do
to make it work.
After that, the setup process is the same as in any other node, it runs and seems to be stable so far.