this post was submitted on 08 Jul 2023
9 points (100.0% liked)
networking
2839 readers
1 users here now
Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How well does Nebula handle symmetric NAT? I've got a rather complicated problem in that I am currently using WireGuard tunnels to solve. I have a rented VPS in the cloud that is my WireGuard/reverse proxy server. I use a tunnel between it and my home network to carry traffic to/from the reverse proxy. The same tunnel allows me to access my home network. I have routing on my VPS to allow me to connect my laptop to it via a second a WireGuard tunnel. It works well but obviously has issues with scalability. My family has asked me to provide some services for them as my anti-public cloud philosophy has worn off on them. I warned them that if I provide the service it will be a best effort one with no guarantees and they said okay.
So I would also like to be able to help maintain their systems from my home. I am hoping to use Nebula to build an overlay network and connect all three of their locations. The nice thing about Nebula is the automeshing capability which makes it scale well.
Sorry, I commented then went to Europe for 3 weeks; Browsing detox.
Symmetric NAT wouldn't be an issue for Nebula at all -- or WireGuard, as you know, but neither ZeroTier.
If you're worried about CGNAT, it has several ways to deal with it:
https://nebula.defined.net/docs/config/punchy/
The lighthouse can also act as a bastion/proxy and handle the connections for you, if your two nodes can't speak directly.
That being said.... if you're supporting other users, I think wireguard is the way to go.