Yes, the primary focus is connectivity within the network.
You can use it for pretty much anything you would use a VPN for, but it is much easier to configure and secure by default with a built-in firewall.
Only services you actively expose are reachable by others - by default nothing on your device can be accessed by others.
In the future, it will also provide some amount of privacy on the network.
I think the biggest user-facing difference is the ease of configuration (ie. none) - if Mycoria had proper installers.
All nodes on Mycoria end up in one huge network. The PN in VPN is for "private network", so I couldn't say this can do anything that a regular VPN can do.
Any node on the network can find my node via mDNS discovery and access any services which I expose. Services need to be secured in the same way I'd do on the public Internet, and not in the same way I do on a trusted private network between a few trusted nodes.
That said, I do believe this is useful in a lot of scenarios where a VPN might be too much work to set up. While one does need to ensure that all services do authentication, the encryption part is valuable, and this does ease exposing services from non-routable nodes with no consistent public IP.
Mycoria is secure by default: It has an integrated firewall that only allows access from explicitly defined addresses, or, optionally from anyone in the network.
Also, multicast is completely disabled on Mycoria.
Mycoria aims to interconnect participants. Eg. you and your friend all have their home server. Everyone wants to connect to their own server, but also to the server of their friends. All of this is super easy with Mycoria. Let a new friend install Mycoria, add them to your friends in the config and give them a URL for accessing. Voila!
Also, Mycoria is an automatic mesh network, I think Wireguard requires a fixed set of peers you configure.
> Wireguard requires a fixed set of peers you configure
Not really. One can add as many peers (though there's a artificial limit to just how many, I think) at runtime. It isn't fixed. Products like Tailscale couldn't be built otherwise.
You certainly can add an remove peers from your Wireguard network on the fly. Granted, this is something you have to do yourself, not something Wireguard has automatic tooling for, so I guess that's a difference :)
A VPN is used to create (the illusion of) privacy when accessing anything on the internet.
But I can't access anything that's not connected to mycoria with it, can I? If I were to access something like Netflix, would I need something like a mycoria reverse proxy server for Netflix?
The services that are marketed as being VPN providers are actually selling a very restricted form of VPN where they create for you a very small VPN between you and some other node in their fleet and then you route your traffic through that node.
It would be more correct to call such a provider a secure (two-way) proxy service (and in the past people did), but for some reason they went with VPN and that stuck.
Mycoria is basically the textbook definition of a VPN.
> A VPN is used to create (the illusion of) privacy when accessing anything on the internet.
Not really. Some more recent "VPN" products position themselves that way, but traditionally a VPN has been a way to have something that behaves like a private LAN between computers that are not physically connected to each other (hence the name).
I would say that for most laypersons, VPN is used for two things: accessing your remote work resources and accessing content banned in your country.
As was patiently explained to me, Mycoria relies to quite an extent on the network effect: you can only use it if other nodes are using it, using it by yourself does not make sense. So the informed layperson's perspective is relevant here. That's why I insist on "dumbing it down" :D
To fit a layperson's understanding maybe the term VPLAN or VPWAN would work? Except I'm not sure laypeople really know what a WAN is. I think more people know LAN but then there could be confusion with VLANs.
Names are hard.
Personally this Mycoria reminds me more of a global tailnet I.e tailscale's VPN
And I guess as an extension, at least currently, Mycoria is an option for building "darknet services" except the privacy aspects aren't quite there yet compared to tor?
I think your definition of VPN is a very recent consumer misappropriation.
VPN = Virtual Private Network. It’s (historically) a way of tunneling segregated / encrypted traffic over another network - generally to allow access to another private network or similar. That’s exactly what this is.
Protocol wise, consumer VPN is using traditional VPN protocols, but it’s effectively being used as secure proxy.
Yes, Mycoria is primarily about connections between network participants, eg. access your server at home without public IP, or a hybrid/fully remote team with a couple servers here and there.
In an open mesh network, you still want privacy from the other network participants.
Mycoria might have exit nodes similar to Tailscale in the future, but it won't be a fan-out multi-exit system like SPN, for example.
To be sure I understand, in that first usecases where a company is replacing their VPN with Mycoria, would access controls/restricting access to devices is all firewall based? That technically there's a network path to all the other devices on Mycoria just limited by firewall rules?
What comes to mind to me analogously (more from my experiences than anything) is like a global tailnet that leans on firewalls to segment things?
A cross between tor and a vpn is quite appropriate too
Mycoria has in integrated firewall for this, just in case that information got lost somewhere.
This also means that devices of the company will help other devices of the company to reach their destination, adding to resilience in outages and emergencies.
You can of course build bridges between these networks. This definitely something that is planned.
You can use it for pretty much anything you would use a VPN for, but it is much easier to configure and secure by default with a built-in firewall. Only services you actively expose are reachable by others - by default nothing on your device can be accessed by others.
In the future, it will also provide some amount of privacy on the network.
I think the biggest user-facing difference is the ease of configuration (ie. none) - if Mycoria had proper installers.