What for a function does the n AstroRelay - Secure Tunnel for Remote Accessing Your Devices offered AstroRelay offer ?
It’s designed to allow users behind double nat, for example on a 4G network, to host their own webserver or to have access to their files remotely via VPN. On a 4G network usually you don’t have a public IP, so you can’t host anything. If you for example have a device somewhere out in the woods or something on 4G, and you want to access it’s data for whatever reason, you can do that. A lot of countries also use double nat for home internet, so those users will be able to connect back to their device.
It is also designed for users that might be behind a firewall that does not let them open ports. This usually happens at the ISP when they don’t want you to host any servers at home, and want you to pay for a business plan.
It also lets you do things like upgrade a server or legacy program that you might not be able to configure easily, to have HTTPS. I personally use it in this way. I have a few programs that don’t have HTTPS, but i want them to be accessible from the internet. AstroRelay lets me quickly upgrade those to TLS1.3.
You can also add some obfuscation to existing VPN or services that are already encrypted, to prevent packet sniffing at the ISP to see what kind of traffic is being sent for example.
There are a lot of GL users that sit behind double nat, so the service is for them. Notice that the connection is from the outside into whatever you want to host, not a general VPN service. It is probably not so useful for a person that already has a public IP, unless they have the issues above, ISP blocking ports, can’t change ISP router config, or they want to do some obfuscation.
So you can for example have wireguard running on your router, run AstroRelay, and connect to the wireguard server from the outside without doing any firewall configuration, even behind double nat.
4 Likes
what is the advantage over using something like mullvad VPN with Port forwarding set up?
As I wrote before it goes the other way, you are connecting back to your home / router / pc etc. So its not for connecting to the internet and surfing the web.
If you don’t have a public IP at home and you are travelling, and you want to access your files at home you can’t. If you use AstroRelay you can however, as it bypasses the double nat and public ip requirements. Just set up Wireguard and you have all your files, or set up SSH for connecting in.
It is also different than GoodCloud or S2S for example. Goodcloud can only manage your router itself, but not other services. S2S requires you to have at least one node with a public ip, so if you only require connecting home where there is no public ip, that does not work either.
2 Likes
Is it something like ZeroTier?
Yeah similar to ZeroTier, but doing just relaying, not p2p. Also without the extra fluff that ZeroTier offers. The client is just 30kB on OpenWRT.
1 Like
So is it like running SoftEther on a GL iNet router, where SoftEther provides NAT Traversal Function and DDNS which allows you to get through multiple layers of NAT and firewalls, from a remote location? See: https://www.softether.org/4-docs/2-howto/6.VPN_Server_Behind_NAT_or_Firewall/1.Dynamic_DNS_and_NAT_Traversal
1 Like
Yeah you can do the same. It bypasses the firewall without touching it, and doesn’t care about IP changes, since the main server has a fixed domain and ip.
SoftEther has built in VPN though, and I personally think Wireguard is superior.
AstroRelay is as the name suggests, an advanced transparent relay, it doesn’t care what protocol you transport, it doesn’t even look at the data. It just grabs and sends it, like a relay race in the Olympics. Removing the built in VPN means that you don’t have such complexity when doing simpler things like just upgrading your service to HTTPS.
So with AstroRelay you can use any VPN protocol or program you want, but Wireguard is again recommended; at least I recommend it personally. SoftEther doesn’t seem to be using ChaCha20 and Poly1305 which is currently the most secure and fastest encryption.
Notice that there is some overhead, not much but I would probably say around 10% drop in Wireguard performance (from UDP to TCP encapsulation and the multiple extra handoffs for the data, once at the client and again at the server), so again, it is mostly for people that don’t have any other choice like a public ip.
You can still use it though if you want to have the features from it, knowing the overhead. I have a link running 24/7 for testing, with a program that doesn’t have HTTP, which I can’t modify to add HTTPS.
3 Likes
Thank you for the information. On the name, AstroRelay, “advanced transparent relay” was not the first thing I thought of, but of Astro the dog from the 1960’s Jetson cartoon by Hanna-Barbera.
1 Like
Astro cos its a wormhole across the internet and relay 
How to use the offered service by gl and by other devices ?
- What need to bee configured ?
If you follow the link in your first post and enter your email you should be able to do beta testing or receive more info when a larger beta test is being made 