I have a confession to make. For a while now, I’ve been quietly obsessed with a specific problem: the modern internet has become a rental economy.

If you want to host a website today, you usually have to pay a cloud provider for a VPS, pay a registrar for a domain name, or fight with your ISP’s router settings to open ports on your home connection (if you aren't behind a CGNAT that makes it impossible). The barrier to entry for simply sharing something from your own computer to the world has become surprisingly high.

I wanted to build an alternative. I wanted to build an overlay network—a community-owned layer on top of the existing internet that would let anyone host a website from their laptop, for free, with a custom Top-Level Domain (like .rose), completely bypassing firewalls and corporate gatekeepers.

I never talked about it publicly because my first attempt was a disaster.

I tried to tackle it all at once—manually crafting DNS packets, reinventing encryption, and managing complex state. It became a sprawling mess of spaghetti code and race conditions. It was too complicated to maintain, let alone release to the community. So, I shelved it.

But the vision wouldn't let me go. The idea of a decentralized, NAT-busting network where you own your identity and your data stays on your machine was too important to give up on.

A few weeks ago, I decided to try again. This time, I embraced radical simplicity. I switched to Go, tossed out the old codebase, and focused on getting the plumbing right.

I’m thrilled to share that Roselink is alive. We aren't just running locally anymore; we have a real-world, multi-node mesh network running on public servers.

Here is how I brought this project back from the dead and the technical hurdles we cleared to build a free internet.

The Vision: No Ports, No Fees

The goal was simple: You should be able to run one command on your laptop and have a globally accessible domain (e.g., myblog.rose), without touching your router or paying a dime.

To do this, I separated Roselink into three roles:

  1. The Service (You): Runs on your machine. It creates a secure "reverse tunnel" out to the network. It never opens an inbound port, so it works from coffee shops, dorm rooms, or behind strict corporate firewalls.
  2. The Relay (The Community): Public servers that act as the glue. They accept connections from Services and hold them open, waiting for traffic.
  3. The Client (The Visitor): A local gateway that lets you browse this hidden network.

Hurdle 1: Tricking the Browser

How do you browse http://rebellion.rose when .rose doesn't exist? You have to lie to the browser.

We built a custom SOCKS5 proxy. When you use it, Roselink intercepts your traffic. If you ask for google.com, it passes through. But if you ask for anything.rose, we intercept it.

We built a dynamic in-memory DNS mapper that assigns a fake "Virtual IP" (like 240.0.0.5) to that domain instantly. The browser thinks it's talking to a local server, but our client hijacks that connection and tunnels it through the overlay mesh.

Hurdle 2: The "One-Shot" Problem

In early tests, I could load a page, but complex sites with CSS and images crashed the connection. The TCP tunnels were "one-shot"—once used, they were dead.

We solved this with Yamux (Yet Another Multiplexer). This allowed us to wrap a single physical connection between your laptop and the Relay and turn it into a multi-lane highway. Now, a single tunnel can handle thousands of simultaneous requests.

Hurdle 3: Owning Your Identity

In a community network, identity is everything. I couldn't just let anyone hijack your domain.

We implemented cryptographic identity using Ed25519 keypairs. When you claim a domain (e.g., freedom.rose), the system generates a private key that stays on your machine. You prove your identity to the network by signing a cryptographic challenge.

This means you own your domain. Not a registrar, not a corporation. As long as you have your key, that domain is yours.

Hurdle 4: The Mesh

The final boss was clustering. I set up two public relays. If you connected to Relay A, but I tried to visit your site via Relay B, it failed.

We integrated a Gossip Protocol (using Serf). Now, the relays talk to each other. When you go online, your relay shouts to the cluster: "Hey everyone, freedom.rose is connected to me!"

Traffic automatically routes across the mesh, finding the most efficient path to your machine.

It Works.

Yesterday, I ran a simple web server on my laptop. I fired up Roselink. Traffic left my machine, bounced through public relays, and came back down the tunnel to serve the page. No port forwarding. No credit card. Just code.

What’s Next?

We have a functional, authenticated overlay mesh. Currently, it's the "wild west"—anyone can grab any domain.

The next phase is building a Registrar API to make claiming domains easier for non-technical users, while keeping the core ethos of the project intact: giving the internet back to the people.

Sometimes you have to fail quietly to succeed publicly. I'm glad I didn't give up on this one.

Stay tuned.