this post was submitted on 08 Jul 2023
9 points (100.0% liked)

networking

2839 readers
1 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 2 years ago
MODERATORS
 

I am thinking of setting up an overlay network using Nebula but I am curious as to what other completely open source projects there are out there. Sure I know about the commercial ones like Tailscale and Zerotier but I'd like to know what else I might be missing.

top 4 comments
sorted by: hot top controversial new old
[–] Kazaii 4 points 1 year ago (2 children)

I've been using Nebula for a long time. It's great and definitely worth your time to setup.

[–] [email protected] 2 points 1 year ago (1 children)

How well does Nebula handle symmetric NAT? I've got a rather complicated problem in that I am currently using WireGuard tunnels to solve. I have a rented VPS in the cloud that is my WireGuard/reverse proxy server. I use a tunnel between it and my home network to carry traffic to/from the reverse proxy. The same tunnel allows me to access my home network. I have routing on my VPS to allow me to connect my laptop to it via a second a WireGuard tunnel. It works well but obviously has issues with scalability. My family has asked me to provide some services for them as my anti-public cloud philosophy has worn off on them. I warned them that if I provide the service it will be a best effort one with no guarantees and they said okay.

So I would also like to be able to help maintain their systems from my home. I am hoping to use Nebula to build an overlay network and connect all three of their locations. The nice thing about Nebula is the automeshing capability which makes it scale well.

[–] Kazaii 2 points 1 year ago

Sorry, I commented then went to Europe for 3 weeks; Browsing detox.

Symmetric NAT wouldn't be an issue for Nebula at all -- or WireGuard, as you know, but neither ZeroTier.

If you're worried about CGNAT, it has several ways to deal with it:

https://nebula.defined.net/docs/config/punchy/

The lighthouse can also act as a bastion/proxy and handle the connections for you, if your two nodes can't speak directly.

That being said.... if you're supporting other users, I think wireguard is the way to go.

[–] [email protected] 1 points 5 months ago

Sorry for the necro. There's not many posts about Nebula on the lemmyverse.

Been having a pain in the ass time getting my network up and running. I've got nodes on the same LAN as well as a VPS lighthouse and another few nodes on another LAN miles away. Seems all can ping the lighthouse and nodes within the same LAN can ping eachother (although sometimes they randomly can't until I reboot them), but I can't get nodes from one LAN to ping the other. Have you had any experiences with this in your setup? It's pretty much the entire use case of Nebula so it's strange that it's giving so much shit.