Security●Mid
Amneziawg-installer – DPI-resistant WireGuard VPN in one command
Yet another VPN installer script; AmneziaWG does the work, this just automates setup.
Solve My Problem
bivlked
242mo ago
Back to browse
GitHub Repository
a VPN based on WireGuard and WebRTC well-net
12 starsGo
Well-net – a friends-only IPv6 network with no central server
by shynome·Feb 25, 2026·4 points·0 comments
AI Analysis
●●SolidBig BrainZero to OneNiche Gem
Decentralized VPN using stable IPv6 from MAC addresses, but WebRTC browser support incomplete.
Strengths
- •MAC-based EUI-64 addressing eliminates central coordination — genuine technical insight solving a real decentralization constraint.
- •Combines WireGuard + WebRTC DataChannel for both stability and browser accessibility — multi-transport approach is thoughtful.
- •DNS-free identity via IP-literal email (`remoon@[2001:ff::1]`) sidesteps domain registration fragility — solves Delta Chat's identity permanence problem.
Weaknesses
- •Project is explicitly experimental with incomplete features (mail server, Service Worker support) — not production-ready yet.
- •WebRTC DataChannel in browsers remains a blocker; Tailscale/ZeroTier already ship working alternatives with better UX and adoption.
Category
Target Audience
Privacy-conscious developers, small friend groups, decentralization enthusiasts who want mesh networking without a central authority.
Similar To
Tailscale · ZeroTier · Nebula
Post Description
Hi HN,
I built well-net: https://github.com/remoon-net/well
Think tsnet, but without Tailscale or any central server. It’s for secure friend networks — chat, small games, private services.
Existing systems suck in subtle ways: lose your domain → lose your identity and contacts. Delta Chat and Mastodon show the problem. I just want something that works without any central coordination.
Each node gets a stable IPv6 in 2001:00ff::/32 from its MAC using EUI-64. Real MACs → no collisions, no central server needed. NAT is only to avoid overlay address conflicts.
Tech: WireGuard + WebRTC → runs in browsers. Once WebRTC DataChannel works in Service Workers, private services can be accessed directly from the web.
Planned: minimal mail-based chat using Delta Chat with IP-literal addresses like remoon@[2001:ff::1] → DNS-free identity.
Project is experimental.
Would you use this for small friend networks?
Similar Projects
Infrastructure●●●Banger
Pangolin: Open-source identity-based VPN (Twingate/Zscaler alternative)
P2P WireGuard VPN beats Twingate's central-server model without mesh VPN's flat-network mess.
Zero to OneBig BrainSolve My Problem
miloschwartz
81284mo ago
Social●Mid
Directionally bad – a newsletter about risks of AI centralization
Opinionated takes on AI centralization, but it's just another Substack newsletter.
Niche Gem
sultee
3025d ago
Social●●●Banger
Smithereen – an early-Facebook-style Fediverse server
Chronological feeds only reject the algorithmic engagement model dominating the Fediverse.
Zero to OneBold Bet
grishka
15326d ago
Security●●Solid
Qrvpn – deploy and run VPN server on any device and behind NAT/FW
One-click VPN deployment on any device—polished, but Tailscale and Zerotier exist.
SlickSolve My ProblemDark Horse
Serusk
103mo ago
Infrastructure●Mid
P2P (POC) of the ACP for decentralized agent communication
P2P networking for AI agents, but central hubs still win on reliability.
Ship ItBold Bet
modinfo
1019d ago