Relays, NAT, and
running your own.
Notes on secret-key tunnels, outbound-only access, and the case for self-hosting the rendezvous point.
One is a hosted service; the other is a Go relay you deploy yourself. Same shared-secret idea, very different data path. A practical look at ownership, limits, observability, and where your bytes actually travel.
Flip the direction: have both peers dial out to a self-hosted relay and let a shared secret pair them. A walkthrough of outbound-only access through NAT and firewalls.
autossh, a self-hosted relay, a WireGuard mesh, a commercial tunnel, and a DNS tunnel — weighed against each other so you can choose deliberately.
The data path, the uptime, the limits, the residency — why the rendezvous point should live on your own VPS instead of a vendor's.