What software defined apps are people working with? - eviltoast

I am thinking of setting up an overlay network using Nebula but I am curious as to what other completely open source projects there are out there. Sure I know about the commercial ones like Tailscale and Zerotier but I’d like to know what else I might be missing.

  • Meow.tar.gz@lemmy.goblackcat.comOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    How well does Nebula handle symmetric NAT? I’ve got a rather complicated problem in that I am currently using WireGuard tunnels to solve. I have a rented VPS in the cloud that is my WireGuard/reverse proxy server. I use a tunnel between it and my home network to carry traffic to/from the reverse proxy. The same tunnel allows me to access my home network. I have routing on my VPS to allow me to connect my laptop to it via a second a WireGuard tunnel. It works well but obviously has issues with scalability. My family has asked me to provide some services for them as my anti-public cloud philosophy has worn off on them. I warned them that if I provide the service it will be a best effort one with no guarantees and they said okay.

    So I would also like to be able to help maintain their systems from my home. I am hoping to use Nebula to build an overlay network and connect all three of their locations. The nice thing about Nebula is the automeshing capability which makes it scale well.

    • Kazaii@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Sorry, I commented then went to Europe for 3 weeks; Browsing detox.

      Symmetric NAT wouldn’t be an issue for Nebula at all – or WireGuard, as you know, but neither ZeroTier.

      If you’re worried about CGNAT, it has several ways to deal with it:

      https://nebula.defined.net/docs/config/punchy/

      The lighthouse can also act as a bastion/proxy and handle the connections for you, if your two nodes can’t speak directly.

      That being said… if you’re supporting other users, I think wireguard is the way to go.