5 posts tagged with "Larktun"

When you build an app for people running many different network setups, the hardest part is not the features. It is the front door.

Some people use Larktun's managed network. They type in an account and password, and they are in. Some prefer auth keys — a string of characters is all the identity they need. And a significant portion of users run networks that are not on Larktun at all. They operate their own Tailscale network, or maintain a self-hosted Headscale instance on a VPS somewhere.

Letting everyone walk in their own way is something the Larktun iOS app has considered from day one.

Accessing a private network from iPad or iPhone has often meant turning on system VPN first, then switching between an SSH client, an SFTP client, a browser, or a remote desktop app. Each tool solves one part of the workflow, but in practice users keep jumping between apps while also checking whether the system VPN is still connected.

Larktun is taking a more direct path: put the network access workflow into one app.

The iPad/iOS version has been submitted for App Store review and is expected to meet everyone soon. It does not rely on system VPN permission. Instead, it joins the Larktun network inside the app, so users can view devices, test connectivity, SSH into hosts, manage files with SFTP, and open private Web services from one interface.

On mobile devices, private device networking almost always raises the same question: do we need system VPN permission?

Whether you use Larktun or Tailscale, if you want every app on the phone to access a private network, the usual answer is yes. A system-level VPN tunnel gives the client full capability: traffic can be routed through the private network, DNS and routes can be handled centrally, and apps can access internal services without being aware of the tunnel. But this also creates practical friction. Users must understand and approve a VPN profile, apps may need extra platform capabilities, and the tunnel can conflict with a company VPN, campus VPN, or other proxy tools that already occupy the system network entry point.

So is there another path: can we use private device networking without requesting system VPN permission?

Yes. The key is tsnet.

I recently provisioned a free Oracle Cloud server with 4 CPU cores and 24 GB of memory. For a development server, that is generous enough for test services, build jobs, database experiments, and the occasional production-support workload.

But as soon as I needed remote SSH access, the classic question appeared: should I expose port 22 to the public internet?

My answer is clear: no.

Sometimes a product does not begin with a grand plan. It begins with a small, ordinary wish.

You are away from home, and suddenly you need to publish a program, restart a service, or check the quiet little computer sitting on your desk. You only have a tablet or a phone in your hand. Still, you hope you can reach that machine as naturally as opening your own door.

Larktun grew out of that wish.