After a very enlightening discussion in a previous thread, I decided to plunge into a mesh type network to connect my various servers and devices.
Nebula has been fairly straight forward to set up so far, but I’m having some trouble with the details and am curious if anybody has successfully got Nebula up and running for their network.
Installation on Linux platforms has been a breeze. Windows I can’t seem to get working. I was able to install but the service refuses to start. Can’t find any documentation besides random GitHub issue threads. MacOS was easy to install but having issues due to a VPN that’s running already.
I use a VPN because I travel a lot. I also use my MacBook to SSH into my servers or access remote file storage. My previous network configuration was connecting via wireguard to my network. I was able to do this while maintaining an always on VPN with the mullvad app. With Nebula that VPN seems to muck things up.
I’m also curious if anybody has had experience setting up a dual config for Nextcloud. Essentially accessing a Nextcloud server from nebula with a trusted device while still allowing public access for things list public shared links.
I’m using nebula to remotely access the raspberry pi in my home network and it mostly just works. The dual setup for nextcloud might be a bit more tricky, at least if you want to use HTTPS. You’ll probably have to set up a reverse proxy in Nginx for at least one of the routes, since they need different certificates (although since Nebula already authenticates and encrypts your traffic, HTTPS is probably not necessary there).
My network is currently setup with wireguard. I have a VPS operating as a hub within a hub and spoke (or is it hub and wheel?) configuration. This has worked great with the exception that all traffic passes through the VPS. The benefit of a mesh network is that I can directly connect clients and data does not have to flow through an intermediary VPS.
I’ve been looking at i2p for this kind of thing. Its p2p and you can setup hidden services that are invisible unless you have the key. It can be configured with zero hops for low latency at the cost of privacy and security
I got a small network running with Linux, android and Windows, but seldom use it. Windows install worked fine, but it remember it was not well documented (needed to use some argument for it to setup the service). Don’t use nextcloud but I do have vaultwarden working over it.
I’m planning to move to headscale due to the certificate management overhead.
Self-hosting is essential for many commercial uses. You don’t want your critical infrastructure to rely on a third party which might or might not meet all regulatory requirements in your industry.
I wouldn’t call it a clone, Tailscale didn’t invent mesh VPN’s. I believe Nebula is fully self hosted, while Tailscale makes initial connections through their servers. That means Nebula is more secure and private if you’re paranoid, but also harder to set up. They’re also based on different VPN protocols.
Yes, have it running and it works well. Nextcloud setup is sth that I will still have to set up but the only problem I see there is certificates.
To debug Nebula, simply try executing it by hand, e.g. nebula --config /path/config.yml and see what the error message is. Or check your journalctl of course. Share the message here and we can have a look!
I know this is not the best answer since you would probably like me to talk about Nebula, but I have to say that the best solution I have found for setting up a mesh VPN is Zerotier.
It is a very complete solution. Multisystem, very simple but very configurable, fast, etc.
You simply start by creating a network on the public controller (which will generate an ID for that network) and then join the rest to that network and everyone can communicate with everyone (by default, then you can create subnets if you want).
Using the public controller is completely optional (I personally use it because it is convenient for me and because I have few hosts) but if you want you can set up your own controller, I have an article (the bad thing is that it is in Spanish, but if you run a translator you can understand it perfectly) where I explain how to do it without any requirement. If not, you can use ztncui for it.
Take a look at it, you might find it more attractive than Nebula.
By the way, for me one of the great advantages of ZeroTier is that I don’t have to worry about certificates and keys, the controller takes care of everything for you and security is guaranteed from the point of view that each node has a unique identifier.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
I’m using nebula to remotely access the raspberry pi in my home network and it mostly just works. The dual setup for nextcloud might be a bit more tricky, at least if you want to use HTTPS. You’ll probably have to set up a reverse proxy in Nginx for at least one of the routes, since they need different certificates (although since Nebula already authenticates and encrypts your traffic, HTTPS is probably not necessary there).
@brownmustardminion@lemmy.ml do you mind sharing why nebula and not say WireGuard?
My network is currently setup with wireguard. I have a VPS operating as a hub within a hub and spoke (or is it hub and wheel?) configuration. This has worked great with the exception that all traffic passes through the VPS. The benefit of a mesh network is that I can directly connect clients and data does not have to flow through an intermediary VPS.
@brownmustardminion@lemmy.ml BTW it would be great if you can share your experience in the future!
I’ve been looking at i2p for this kind of thing. Its p2p and you can setup hidden services that are invisible unless you have the key. It can be configured with zero hops for low latency at the cost of privacy and security
I got a small network running with Linux, android and Windows, but seldom use it. Windows install worked fine, but it remember it was not well documented (needed to use some argument for it to setup the service). Don’t use nextcloud but I do have vaultwarden working over it.
I’m planning to move to headscale due to the certificate management overhead.
I’ve not seen nebula, that looks a lot like tinc. Iight have to see how hard nebula is to get running.
If your looking for a mesh VPN, tinc is very easy to setup
What is nebula?
deleted by creator
But also self-hosted (the central server, i.e. “lighthouse”) and open-source
deleted by creator
There is a demand, and there is a supply. Decentralization trends lead more and more people to self-host, and you can’t get around it any other way.
Self-hosting is essential for many commercial uses. You don’t want your critical infrastructure to rely on a third party which might or might not meet all regulatory requirements in your industry.
deleted by creator
Maybe you mean that but that is not what software means when they advertise self-hosting on their website.
I wouldn’t call it a clone, Tailscale didn’t invent mesh VPN’s. I believe Nebula is fully self hosted, while Tailscale makes initial connections through their servers. That means Nebula is more secure and private if you’re paranoid, but also harder to set up. They’re also based on different VPN protocols.
Tailscale actually published a surprisingly unbiased comparison: https://tailscale.com/compare/nebula
Should probably be pointed out (and I assume the tailscale link does), but Tailscale offers a fully self-hosted option called Headscale also
Tailscale does not offer this. It is a community project. Headscale is not official.
My mistake! I saw it referenced on the official site and assumed.
Given that Nebula is older than Tailscale, and was inspired by tinc, it’d be more accurate to say that Tailscale is the clone.
Yes, have it running and it works well. Nextcloud setup is sth that I will still have to set up but the only problem I see there is certificates. To debug Nebula, simply try executing it by hand, e.g.
nebula --config /path/config.ymland see what the error message is. Or check your journalctl of course. Share the message here and we can have a look!I know this is not the best answer since you would probably like me to talk about Nebula, but I have to say that the best solution I have found for setting up a mesh VPN is Zerotier.
It is a very complete solution. Multisystem, very simple but very configurable, fast, etc.
You simply start by creating a network on the public controller (which will generate an ID for that network) and then join the rest to that network and everyone can communicate with everyone (by default, then you can create subnets if you want).
Using the public controller is completely optional (I personally use it because it is convenient for me and because I have few hosts) but if you want you can set up your own controller, I have an article (the bad thing is that it is in Spanish, but if you run a translator you can understand it perfectly) where I explain how to do it without any requirement. If not, you can use ztncui for it.
Take a look at it, you might find it more attractive than Nebula.
By the way, for me one of the great advantages of ZeroTier is that I don’t have to worry about certificates and keys, the controller takes care of everything for you and security is guaranteed from the point of view that each node has a unique identifier.