Enhance derp relay to verify enpoints are onboarded nodes. #1912

vishnoianil · 2024-02-13T04:55:26Z

Describe the Problem Statement

Currently DERP relay relays the wireguard traffic based on the public key that a client/node used to register with derp relay. It doesn't verify if connected clients are onboarded with nexodus control plane. This leaves a possibility of DDoS attack on relay by connecting endpoints that are not onboarded to nexodus and relaying traffic between them.

Describe the Enhancement

We need to add a new API and watchers to get all the node details (public keys, endpoint info) from the nexodus control plane. This info will be used to deny the connection from the nodes that is not part of the nexodus network.

Alternate Solutions

No response

Additional context

No response

vishnoianil added enhancement New feature or request needs-triaging Issue/Enhancement needs assignment labels Feb 13, 2024

github-project-automation bot added this to Nexodus Board Feb 13, 2024

github-project-automation bot moved this to 🆕 New in Nexodus Board Feb 13, 2024

vishnoianil self-assigned this Feb 13, 2024

vishnoianil added derp DERP relay related items and removed needs-triaging Issue/Enhancement needs assignment labels Feb 13, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhance derp relay to verify enpoints are onboarded nodes. #1912

Enhance derp relay to verify enpoints are onboarded nodes. #1912

vishnoianil commented Feb 13, 2024

Enhance derp relay to verify enpoints are onboarded nodes. #1912

Enhance derp relay to verify enpoints are onboarded nodes. #1912

Comments

vishnoianil commented Feb 13, 2024

Describe the Problem Statement

Describe the Enhancement

Alternate Solutions

Additional context