this post was submitted on 08 Jul 2023
9 points (100.0% liked)

networking

2839 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 2 years ago
MODERATORS
 

I am thinking of setting up an overlay network using Nebula but I am curious as to what other completely open source projects there are out there. Sure I know about the commercial ones like Tailscale and Zerotier but I'd like to know what else I might be missing.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 1 year ago (1 children)

How well does Nebula handle symmetric NAT? I've got a rather complicated problem in that I am currently using WireGuard tunnels to solve. I have a rented VPS in the cloud that is my WireGuard/reverse proxy server. I use a tunnel between it and my home network to carry traffic to/from the reverse proxy. The same tunnel allows me to access my home network. I have routing on my VPS to allow me to connect my laptop to it via a second a WireGuard tunnel. It works well but obviously has issues with scalability. My family has asked me to provide some services for them as my anti-public cloud philosophy has worn off on them. I warned them that if I provide the service it will be a best effort one with no guarantees and they said okay.

So I would also like to be able to help maintain their systems from my home. I am hoping to use Nebula to build an overlay network and connect all three of their locations. The nice thing about Nebula is the automeshing capability which makes it scale well.

[โ€“] Kazaii 2 points 1 year ago

Sorry, I commented then went to Europe for 3 weeks; Browsing detox.

Symmetric NAT wouldn't be an issue for Nebula at all -- or WireGuard, as you know, but neither ZeroTier.

If you're worried about CGNAT, it has several ways to deal with it:

https://nebula.defined.net/docs/config/punchy/

The lighthouse can also act as a bastion/proxy and handle the connections for you, if your two nodes can't speak directly.

That being said.... if you're supporting other users, I think wireguard is the way to go.