Things like Tailscale are on the edge of my know-how, but this seems pretty cool: make a vpn for your home devices that uses nostr relays to coordinate paths through the internet. I believe it also relies on hole-punch a little, which is what keet (#1015915) uses to make connections without a centralized server.
OverviewOverview
nostr-vpnis a Rust workspace for a Tailscale-style mesh VPN control plane built on Nostr signaling and userspace WireGuard. It includes thenvpnCLI plus a Tauri/Svelte app codebase that targets desktop and mobile platforms.
What the project does todayWhat the project does today
- Generates both Nostr identity keys and WireGuard keys automatically
- Stores a single app config with one or more named networks, each with participant allowlists and its own stable mesh ID
- Publishes and consumes private peer announcements over Nostr relays
- Brings up userspace WireGuard tunnels via
boringtun- Tracks peer endpoints, including NAT-discovered public endpoints and hole-punch attempts
- Supports route advertisement and exit-node selection
- Exposes JSON status, relay checks, network diagnostics, and doctor bundles
- Includes a desktop GUI with service-first session control, invite QR/import flows, tray integration, autostart, timed LAN pairing, MagicDNS controls, health reporting, and port-mapping status
- Includes Linux-focused Docker e2e coverage for signaling, mesh formation, NAT traversal, and exit-node routing
afaik Tailscale mostly exists to eliminate needing a server with a public ip in a wireguard network/mesh (peers in your private network periodically reach out to the server so that peers know how to route to each other). From there, I think Tailscale also provides a number of other useful abstractions on top of wireguard like traditional forms of auth. Fundamentally you are trusting Tailscale with your metadata like other VPNs.
This sounds like it exploits nostr relays as public utilities for peer coordination, removing the need for a public IP or something like tailscale.