Tijl

An Open LAN

There's something I wish I could do, but there's no software to do it with.

I wish I could give access to services I run to people I trust, in a "default open" way. Where once I say "I trust this person", they can go ham and make an account on or connect to everything. This would be group thing, not just from me towards others, but between people.

This post has gone through a few rewrites. It started with the title "Small Web of Trust", then I started over as "Thoughts on The Promised LAN" after discovering The Promised LAN. A few days later while editing, this much shorter rewrite was born.

I have two components in mind:

  • A trust server: Users sign up and define their ACLs here. It also stores connection details for user devices. While I have in mind a centralized trust server for simplicity, it could be peer to peer as well
  • A client: Running on a users' device, it can connect to one or more(!) trust servers. It does two things:
    • It publishes services defined by the user. Any reachable host/port (including port ranges) can be defined as a service
    • It relays connections from the user to other people's published services

The goal is that I can create a group called "Friends" on the server. Everyone I add gets access to all services I publish automatically, and others can also publish services to that group. It has much more flexibility than the promised LAN. People can also join in on any number of groups, on any number of trust servers, simultaneously.

An important distinction here is that it's not a VPN like Tailscale; it works more like Cloudflare Tunnels. It would also use Iroh in the networking layer to forget about IP addresses entirely. No need for a static IP, DDNS, or a forwarding server in the cloud.

This idea expands into a number of applications:

  • Give members of a web of trust like Ğ1 access
  • Public services, where any user of a trust server you're on has access
  • A DNS integration to seamlessly access services
  • Integrate static website hosting? Users could dedicate some storage to the static files of others, similar to ZeroNet[1]
  • The trust server could act as an OAuth server, powering auth on "normal" websites.

To put it another way, it's a layer on top of the internet, where any service can be exposed and directly connected to without NATs getting in the way, and protected by a "social-oriented" firewall.

This post is a failed attempt at getting the idea out of my system. Though the successive rewrites have tampered my excitement, it is not gone yet.

  1. ZeroNet is dead software. It also suffers from being a breeding ground for illicit content, by virtue of being impossible to moderate. ↩︎

Published on 23 Mar, 2026