I’ve been playing around with self hosting for file sharing, backups, and a handful of other ideas I might one day get round to. I like the idea of a mesh VPN and being able to, for example, connect a travelling laptop to a ‘host’ laptop nearby, though my only public ip is a VPS in another country.
Of all the options I found, I liked the look of Nebula most. Fiddly in some places, but it’s working nicely for me, and I appreciate some of the simplicity of design.
I’m wondering if people here have much experience of it, though? My biggest concern is over its future. With,
- The Defined Networking site focusing on making money off it, and
- The Android app doesn’t allow full configuration (including the firewall, so I can’t host a website from a phone) but - I heard - does if you use Defined Networking’s paid service for configuration,
makes me worry they might be essentially trying to deprecate viable FOSS Nebula in favour of a paid or controlled service.
Any thoughts? Insight?
You must log in or register to comment.
I’m not sure what the point is? Here’s my setup:
- wireguard VPN on my edge VPS
- lots of services behind my router that connect to that VPN
- router DNS to resolve my domains to my internal services when on my LAN
This gets me like 95% of the benefit of something like Nebula or Tailscale. When connecting to my internal services, I get LAN speeds if I’m on my LAN and WAN speeds if not. I initially started with Tailscale, but realized that I really didn’t care about most of what it provided.
The benefits are obvious:
- No port forwarding needed
- Central Auth management
- Easy integration of new devices
Not saying you should do it or that it is better overall, but ignoring those is not fair.
Personally i would never go for Tailscale since i give away the access control to my kingdom to a company. Exactly what i want to get away from through selfhosting.
I’m interested in Tinc but there isn’t a lot of documentation
Tinc has weird limitations and Wireguard completely obsoletes it. There’s zero reasons to ever consider using Tinc when Wireguard exists.
Can Wireguard to NAT traversal? Let’s say I have a publicly facing server A and then two devices B and C behind two separate nats. Can B reach C directly via hole punching by A?
No, I don’t think so.
It uses UDP so I have my doubts
Isn’t that the same with all of them? Using UDP so they can tunnel between machines that are both behind NAT?
Wouldn’t you want at least some TCP?
They pass TCP over UDP.
I’m using Headscale for work and Tailscale for personal use. I tried to use Nebula but it’s not easy as Tailscale.
Headscale server, open source, self hosted, with the open source tailscale clients are the way to go.
Netbird is easier to use although it is a little less developed
I took a quick look at the GitHub repo - selfhosted Netbird looks harder and more resource hungry, not easier! At least compared to Nebula.
The UI is cleaner
Ok
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System IP Internet Protocol NAT Network Address Translation SSL Secure Sockets Layer, for transparent encryption SSO Single Sign-On TCP Transmission Control Protocol, most often over IP TLS Transport Layer Security, supersedes SSL UDP User Datagram Protocol, for real-time communications VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
10 acronyms in this thread; the most compressed thread commented on today has 18 acronyms.
[Thread #951 for this sub, first seen 5th Sep 2024, 10:35] [FAQ] [Full list] [Contact] [Source code]
