How Tailscale is improving NAT traversal (Part 1)

Lastly, there’s an elegance in solving the problem at the protocol or NAT level, rather than application level.

Disagree. Solving this at the NAT level means building against implementation specific details of the NAT implementation. In contrast, using upnp, which is an IETF standard (RFC 6970), lets you build on top of a well defined standard.

I appreciate the work in adding these changes to FreeBSD.

I should really enable IPv6 on a few networks I control that have IPv6-capable ISPs. But then, there's still a network I use whose ISP I believe doesn't support IPv6 yet. But then I should switch that ISP because I could replace it with something better and cheaper. That's been my excuse for a while for not going IPv6- but really I fear having to update everything to behave well and take advantage of IPv6.

I should also really get on Yggdrasil too (devices with a fixed IPv6 address no matter where they are!).

One of my "dreams" is making it easy for people to set up encrypted peer-to-peer backups on NAS devices. You and someone you know punch some code in both of your NAS, choose some options to control disk usage, and you get mutual backups that the other peer cannot read. (Plus some way to speed up the initial copy via sneakernet.)

IMHO that would help a lot in helping people not depend on large cloud providers for data storage if they didn't want to. But I think this could only work and be free with good NAT traversal (or IPv6 for direct connections, etc.).

Very happy to hear about that PF improvement. Now I can stop mentioning it in every BSD thread.

How did they convince the bsd people to take that patch? There had been attempts in the past. They would say "no, that is insecure".