tijlvdb.mehttps://tijlvdb.me/2026-03-23T19:00:00ZAn Open LANhttps://tijlvdb.me/p/2026-an-open-lan/2026-03-23T19:00:00ZAn idea born from wanting to share services with people I trust, in a "default open" way.<h1>An Open LAN</h1>
<p>There's something I wish I could do, but there's no software to do it with.</p>
<p>I wish I could give access to services I run to people I trust, in a "default open" way. Where once I say "I trust this person", they can go ham and make an account on or connect to everything. This would be <em>group</em> thing, not just from me towards others, but between people.</p>
<p>This post has gone through a few rewrites. It started with the title "Small Web of Trust", then I started over as "Thoughts on The Promised LAN" after discovering <a href="https://notes.pault.ag/tpl/">The Promised LAN</a>. A few days later while editing, this much shorter rewrite was born.</p>
<p>I have two components in mind:</p>
<ul>
<li><strong>A trust server:</strong> Users sign up and define their ACLs here. It also stores connection details for user devices. While I have in mind a centralized trust server for simplicity, it could be peer to peer as well</li>
<li><strong>A client:</strong> Running on a users' device, it can connect to one <em>or more</em>(!) trust servers. It does two things:
<ul>
<li>It <strong>publishes services</strong> defined by the user. Any reachable host/port (including port ranges) can be defined as a service</li>
<li>It <strong>relays connections</strong> from the user to other people's published services</li>
</ul>
</li>
</ul>
<p>The goal is that I can create a group called "Friends" on the server. Everyone I add gets access to all services I publish automatically, and <em>others can also publish services to that group.</em> It has much more flexibility than the promised LAN. People can also join in on any number of groups, on any number of trust servers, simultaneously.</p>
<p>An important distinction here is that it's not a VPN like Tailscale; it works more like Cloudflare Tunnels. It would also use <a href="https://www.iroh.computer/">Iroh</a> in the networking layer to forget about IP addresses entirely. No need for a static IP, DDNS, or a forwarding server in the cloud.</p>
<p>This idea expands into a number of applications:</p>
<ul>
<li>Give members of a web of trust like <a href="https://duniter.org/g1/">Ğ1</a> access</li>
<li>Public services, where any user of a trust server you're on has access</li>
<li>A DNS integration to seamlessly access services</li>
<li>Integrate static website hosting? Users could dedicate some storage to the static files of others, similar to ZeroNet<sup class="footnote-ref"><a href="#fn1" id="fnref1">[1]</a></sup></li>
<li>The trust server could act as an OAuth server, powering auth on "normal" websites.</li>
</ul>
<p>To put it another way, it's a layer on top of the internet, where any service can be exposed and directly connected to without NATs getting in the way, and protected by a "social-oriented" firewall.</p>
<p>This post is a failed attempt at getting the idea out of my system. Though the successive rewrites have tampered my excitement, it is not gone yet.</p>
<hr class="footnotes-sep" />
<section class="footnotes">
<ol class="footnotes-list">
<li id="fn1" class="footnote-item"><p>ZeroNet is dead software. It also suffers from being a breeding ground for illicit content, by virtue of being impossible to moderate. <a href="#fnref1" class="footnote-backref">↩︎</a></p>
</li>
</ol>
</section>