Dashboard — Sidecar Network

active peers

—

loading…

IPv4 in use

—

loading…

plan

—

loading…

crypto layer

post-quantum

X-Wing hybrid · per-peer · auto-rotated 24h

recent events

gitea

p99 latency 184ms — investigating

warn

22m ago

key rotation

rotated · 8 peers — auto

1h ago

btc-full-node

tx · 892 GB / 24h — within plan

3h ago

IPv4

attached · vaultwarden — 203.0.113.101

4h ago

our backup system

replica · ok — encrypted off-site backup

5h ago

canary

signed · 2026-05-19 — PGP 14DE 0D37

14h ago

Container	IPv6	IPv4	State	Lat	Tx	Rx	Age
8 peers · 7 ok · 1 warn · 0 down · 2 slots free (AUP §3) · post-quantum encryption keys · rotated every 24h · auto

network

IPv6
IPv4
WG iface
attached
PTR
latency

shared IPv4 port range

endpoint

What's this? →

post-quantum encryption keys

hybrid post-quantum encryption

kem: post-quantum encryption
fp: 9F3A·2C81·0E7E·B442
rotated: 4h 12m ago
next: in 19h 48m

shield

active

mode: Traffic obfuscation: active
entropy: crypto/rand

relay-andrew-us-east

US-West region · High-performance
Debian 13 · unlimited bandwidth

online

tunnel

pubkey: isBTQ6O/WjyORip0zaZ9vmIdA1ZdC5D7k//hwGDHWU0=
endpoint: [2001:db8:1::1b75]:<port>
peers: 8 / 10 active
listen: active

hardware

tier: High-performance
bandwidth: unlimited
DB: RAM-only · zero disk persistence

IPv4 pool — 203.0.113.0/28 (16 addr · 15 usable)

.42
minecraft

.99
jellyfin

.101
vault

.184
gitea

free

unrouted

          4 in use · 8 free · 3 unrouted
        

services

Unit	State	Description
control plane	● active	sidecar control plane
traffic protection	● active	traffic obfuscation daemon
threat detection	● active	threat detection + IP intel
our security monitor	● active	our security layer runtime security
security monitoring	● active	syscall anomaly detector
threat intelligence	● active	collaborative IPS
our backup system	● active	continuous database replication
canary-update.timer	● active	warrant canary auto-signer (daily)
certificate renewal	● active	TLS cert renewal (Let's Encrypt)
IPv6 routing	● active	NDP proxy for routed /128 pool

always blocked — cannot override (AUP §4)

tcp/25 tcp/135 tcp/137–139 tcp/445 udp/137–139 udp/445 udp/1900 udp/5353 tcp/3389 tcp/6666 tcp/6667 tcp/3333–3336 tcp/4444 tcp/5555 tcp/8888 tcp/9332

per-peer rules — 9 customer rules

Peer	Proto	Port / CIDR	Direction	Action	Note
minecraft-java	tcp+udp	25565	inbound	allow	game server
valheim	udp	2456–2458	inbound	allow	game server
jellyfin	tcp	8096, 8920	inbound	allow	media server
immich	tcp	2283	inbound	allow	photo server
vaultwarden	tcp	443, 80	inbound	allow	password manager
home-assistant	tcp	8123	inbound	allow	home automation
gitea	tcp	3000, 22	inbound	allow	git server
btc-full-node	tcp	8333	inbound	allow	bitcoin p2p
* (all peers)	all	*	outbound	allow	default egress

tok_••••••••-••••-••••-••••-••••••••••••

122-bit UUID v4 · stored as SHA-256 hex · rate limit: 1 req / 30s

all tokens

Token ID	Label	Created	Last used	Status
tok_3f7a…d4f3	homelab-automation	2026-05-20	just now	● active
tok_a2c1…88b0	monitoring-script	2026-04-12	2h ago	● active
tok_f9e0…c211	test-integration	2026-03-01	42d ago	◌ idle
tok_0011…dead	old-vps-script	2026-01-15	—	✕ revoked	2026-02-01

Route a hostname you own to one of your peers via SNI. Claim the hostname, publish the DNS TXT record we hand you, then verify. Traffic for that hostname is routed to the peer you select.

Hostname

Peer

Publish this DNS TXT record, then verify

name

value

claimed domains

Hostname	Peer	Status

No custom domains claimed yet.

cover packets / 24h

18.6M

DAITA padding active

real traffic / 24h

4.8M

all 8 peers

key rotations

rotated 4h 12m ago

detector events

Time	Kind	Peer	Detail	Action
14:02:17	detector	btc-full-node	CobaltStrike beacon pattern · src 185.220.101.48	blocked
11:34:55	detector	gitea	Tor exit node · src 51.77.136.9	blocked
09:18:03	shield	jellyfin	cover burst 4,200 pkts — DAITA schedule	ok
07:44:21	detector	* all	threat feed refresh — threat intelligence feeds active	ok
03:00:01	psk.rotate	* all	encryption keys rotated · 8 peers · fp 9F3A·2C81	ok

threat feed subscriptions

IPs: active · threat intelligence feeds
CIDRs: active · bogon + fullbogon feeds
domains: active · malware domain list
refresh: every 6h · last ok 07:44:21
engine: threat detection engine

total events

1,284

since 2025-11-07

key rotations

auto every 24h

peer attaches

8 peers total

token revokes

no security incidents

event log

Timestamp	Kind	Actor	Resource	Detail
2026-05-20 14:02:17Z	detector	system	btc-full-node	CobaltStrike beacon blocked · src 185.220.101.48
2026-05-20 11:34:55Z	detector	system	gitea	Tor exit blocked · src 51.77.136.9
2026-05-20 03:00:01Z	psk.rotate	system	relay-us-east · 8 peers	encryption keys rotated · fp 9F3A·2C81·0E7E·B442
2026-05-19 18:44:10Z	firewall	andrew	btc-full-node	rule added: tcp/8333 inbound allow
2026-05-19 16:20:03Z	peer.attach	andrew	vaultwarden	IPv4 203.0.113.101 attached
2026-05-19 14:00:01Z	canary	system	canary.txt	signed · PGP 14DE 0D37 · 2026-05-19
2026-05-18 03:00:02Z	psk.rotate	system	relay-us-east · 8 peers	encryption keys rotated · fp A1B2·C3D4·E5F6·0000
2026-05-17 11:05:44Z	api.auth	tok_a2c1…88b0	/v1/peers	GET 200 · 14ms · monitoring-script
2026-04-07 09:12:30Z	peer.attach	andrew	gitea	peer attached · 34d ago
2025-11-07 00:00:00Z	relay.init	system	relay-andrew-us-east	relay provisioned · Debian 13

—

loading plan…

Your subscription is billed and managed entirely through PayPal — that's where charges, payment method, renewal date, and invoice history live. Sidecar does not store your card details.

PayPal

Manage your subscription on PayPal
View charges, update your payment method, or cancel.

Open PayPal subscriptions →

billing questions

For invoices, refunds, plan changes, or anything billing-related, email [email protected] and include the email address on your account.

Cancel subscription

Cancel anytime from your PayPal subscriptions page (linked above). Once the subscription ends, your peers stop routing at the end of the paid period. Refund requests within the eligible window go to [email protected].

Cancel on PayPal

✓ signed · 2026-05-19

As of 2026-05-19, Sidecar Network has not received any secret government orders, search warrants, subpoenas, gag orders, or national security letters. We have not been required to modify our systems to allow surveillance. All peer encryption keys remain under sole customer control and are never accessible to Sidecar Network operators.

Full canary →