Using public relays in private network


I have a private network of two nodes running with swarm key from different networks on the internet. They cannot find each other unless I setup a relay, and since they are using swarm key, the relay must also have the key so that they can connect to it.

This means we cannot have untrusted relays, and relay can have access to files on those nodes.

Is there a way to make files hidden from relay and only use it for relaying the connection? (without encrypting files)

Or is there a way to tell the node not to require swarm key from the relay and connect to them to find peers?

Or is there a way to first create the connection between two nodes using the relay(maybe separately using libp2p?) and then use ipfs functionality?

Or run one public ipfs instance and one private instance and share the peers and dht table between two?

I’ve never done this so it’s a little speculative but you might be able use a public ipfs to establish a p2pstream between the two nodes using the relay and then tunnel your private IPFS over that. You’d probably have to do some juggling with the ports. IPFS over IPFS.

1 Like

Thank you @ zacharywhitley. Can you elaborate a bit more?
Can you please give a more step by step guide?

As I said, I’ve never done it. Here’s a really nice explanation of p2p stream mounting

This is opening the api port 5001 but I guess in your case you’d open the swarm port on 4001

And then you’d have to set up a private swarm over that. Alternatively there’s always the relatively straight forward solution of either setting up a VPN or encrypting data on the public IPFS swarm.

I’m not sure how people that run public relays handle the amount of traffic that gets relayed.

1 Like

You can also setup your own private relays, but you’ll need to patch go-ipfs. Unfortunately, we had to switch to a set of “known good” relays because public relays on the network were not able to keep up with the load (causing problems for anyone using relays).


diff --git a/core/node/libp2p/relay.go b/core/node/libp2p/relay.go
index e625b4d00..2bf2bde83 100644
--- a/core/node/libp2p/relay.go
+++ b/core/node/libp2p/relay.go
@@ -20,4 +20,4 @@ func Relay(enableRelay, enableHop bool) func() (opts Libp2pOpts, err error) {
-var AutoRelay = simpleOpt(libp2p.ChainOptions(libp2p.EnableAutoRelay(), libp2p.DefaultStaticRelays()))
+var AutoRelay = simpleOpt(libp2p.ChainOptions(libp2p.EnableAutoRelay(), libp2p.StaticRelays([]peer.AddrInfo{...})))

You’ll need to insert the peer infos of your private relays.

1 Like

Is that a private relay for public ipfs rather than just setting up a relay as part of a private swarm?

@stebalien can I connect to private relays I patch like this without relays having/needing the swarm key?
(Nodes has swarm key)
Node A(swarm key) <–> private relay (no swarm) <–> Node B

Also is the below correct way of doing what you said?
var multiaddress, err = ma.NewMultiaddr("/ip4/x.x.x.x/tcp/4001/p2p/12D3Koo…")
var privateRelays, err2 = peer.AddrInfosFromP2pAddrs(multiaddress)
var AutoRelay = simpleOpt(libp2p.ChainOptions(libp2p.EnableAutoRelay(), libp2p.StaticRelays(privateRelays)))