RoseLInk

The Organic Overlay Network

View on GitHub

🌹 Roselink

The Organic Overlay Network. > Host websites directly from your machine. Bust through NATs. Reclaim the internet.

Roselink is a decentralized overlay network that allows anyone to host a hidden service (website, API, file server) from their local computer without port forwarding, static IPs, or cloud VPS rentals. It uses a custom SOCKS5 client, Reverse Tunneling, and a Gossip-based Relay Mesh to route traffic securely.

🌟 Features

  • 🚫 No Port Forwarding: Uses reverse TCP tunneling. Works behind strict corporate firewalls, CGNAT, and mobile networks.
  • πŸ”‘ Cryptographic Identity: Domains (e.g., freedom.rose) are tied to Ed25519 keypairs generated on your machine. You own the domain, not a registrar.
  • ⚑ Multiplexed Transport: Built on yamux, allowing thousands of concurrent streams (CSS, Images, API calls) over a single TCP connection.
  • 🧠 Dynamic DNS Mapping: The client intelligently maps custom TLDs (.rose) to virtual IPs (240.0.0.x), allowing standard browsers to access the network without plugins.
  • πŸ•ΈοΈ Relay Mesh: Powered by hashicorp/serf. Relays gossip routing tables, ensuring traffic finds your node no matter which entry point a user connects to.

πŸ›  Architecture

  1. The Service (You): Your machine dials out to a Relay. It performs a cryptographic handshake and holds a connection open.
  2. The Relay (The Mesh): Public servers that accept these connections. They gossip with other relays to track where domains are located.
  3. The Client (The Visitor): A local SOCKS5 proxy. It intercepts browser traffic for .rose domains and tunnels it through the mesh to the Service.

πŸš€ Getting Started

Prerequisites

  • Go 1.21+ (if building from source)
  • A local web server to expose (e.g., Python http.server, Nginx, or a Node app) on port 8000.

Installation

# Clone the repository
git clone https://github.com/yourusername/roselink
cd roselink

# Build the binary
go build -o roselink

πŸ“– Usage Guide

1. Hosting a Site (The Service)

Host a website running on your local machine (default targets localhost:8000).

First Run (Registration): You must claim a domain. This generates a keypair locally and registers it with the public mesh.

./roselink -mode service -domain my-site.rose

Output:

🌹 Generating new identity for: my-site.rose
[Service] Registering 'my-site.rose' with Relay...
βœ… Registration successful! Identity saved.
[Service] βœ… Online

Subsequent Runs: Just run the service mode. It will load your service.key automatically.

./roselink -mode service

2. Browsing the Network (The Client)

To view .rose sites, run the client. This starts a SOCKS5 proxy on your machine.

./roselink -mode client

Configure your Browser (Firefox Recommended):

  1. Go to Settings > Network Settings.
  2. Select Manual proxy configuration.
  3. SOCKS Host: 127.0.0.1 | Port: 1080 | Version: v5.
  4. IMPORTANT: Check the box [x] Proxy DNS when using SOCKS v5.
  5. Navigate to http://my-site.rose.

(Alternatively, use Curl):

curl -v --socks5-hostname 127.0.0.1:1080 http://my-site.rose

3. Running a Relay (Infrastructure)

Want to help the network? Run a relay node on a public server.

# Start the seed node
./roselink -mode relay -public-ip <YOUR_PUBLIC_IP> -cport 7946

# Start a second node (joining the first)
./roselink -mode relay -public-ip <YOUR_IP> -cport 7946 -join <SEED_IP>
  • Port 9001 (TCP): Control Plane (Service Registration/Auth)
  • Port 9002 (TCP): Data Plane (Traffic Tunneling)
  • Port 7946 (TCP/UDP): Cluster Gossip

🧠 Technical Deep Dive

How the Client works (Magic VIPs)

Standard browsers don't know how to resolve .rose.

  1. The Roselink Client acts as a SOCKS5 proxy.
  2. When it sees a request for blog.rose, it assigns it a fake IP from the reserved range (e.g., 240.0.0.5).
  3. It tells the browser "The IP is 240.0.0.5".
  4. The browser sends traffic to that IP.
  5. The Client intercepts it, looks up the mapping, and tunnels the request to the Relay Mesh asking for blog.rose.

How Routing Works (Gossip)

We use a Gossip Protocol.

  1. Service connects to Relay A.
  2. Relay A broadcasts to the cluster: "I have blog.rose".
  3. Client connects to Relay B.
  4. Relay B checks its in-memory route table, sees the route points to Relay A.
  5. Relay B tunnels the traffic over the backend to Relay A, which pushes it down the reverse tunnel to the Service.

πŸ—ΊοΈ Roadmap

  • Core Networking: Reverse tunnels, SOCKS5, Multiplexing.
  • Identity: Ed25519 Keypairs & Challenge/Response Auth.
  • Clustering: Multi-node relay communication via Serf.
  • Binary Protocol: Replace newline-delimited JSON with Protobufs for wire efficiency.
  • End-to-End Encryption: Wrap inner traffic in TLS so Relays cannot see data.
  • Web Registrar: HTTP API for easier domain claiming and key management.
  • Infrastructure TLDs: Implement .thorn (Storage) and .vine (Mesh) namespaces.