Comment

Comment on What do people here think of Nebula?

sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨months⁩ ago

I’m not sure what the point is? Here’s my setup:

wireguard VPN on my edge VPS
lots of services behind my router that connect to that VPN
router DNS to resolve my domains to my internal services when on my LAN

This gets me like 95% of the benefit of something like Nebula or Tailscale. When connecting to my internal services, I get LAN speeds if I’m on my LAN and WAN speeds if not. I initially started with Tailscale, but realized that I really didn’t care about most of what it provided.

source

Sort:hotnew top

ShortN0te@lemmy.ml ⁨2⁩ ⁨months⁩ ago
The benefits are obvious:

No port forwarding needed

Central Auth management

Easy integration of new devices

Not saying you should do it or that it is better overall, but ignoring those is not fair.

Personally i would never go for Tailscale since i give away the access control to my kingdom to a company. Exactly what i want to get away from through selfhosting.
source
- y0kai@lemmy.dbzer0.com ⁨2⁩ ⁨months⁩ ago
  Doesn’t selfhosting headscale prevent the keys to the kingdom thing you’re talking about?
  
  source
  - ShortN0te@lemmy.ml ⁨2⁩ ⁨months⁩ ago
    Yes. But it removes some benefits. You again open some ports or use a VPS to host it. The benefit of not needing to have open ports on other servers and central auth and management still stands.
    
    source
    milicent_bystandr@lemm.ee ⁨2⁩ ⁨months⁩ ago
    Nebula you also need a VPS or something public for the coordination server (‘lighthouse node’). Seems there’s no way around that at the moment: at least one machine, of your own or another’s, has to have a public IP so the other machines can learn how to connect to each other.
    
    source
- paperd@lemmy.zip ⁨2⁩ ⁨months⁩ ago
  Check out Net Bird
  
  source
- sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
  Exactly. I tried Tailscale to get things off the ground, but it didn’t do precisely what I wanted, so I abandoned it and built exactly what I needed, which for me was a VPN at the gateway that tunneled SSL traffic via HAProxy to my internal network.
  
  If Nebula solves your problems, great! I find I don’t need its features, and prefer to keep things relatively simple, which for me is a WireGuard VPN and a handful of containers to run my things. My setup is basically HAProxy -> Wireguard VPN -> Caddy (TLS termination; docker container) -> Docker container on internal network. HAProxy routes to the appropriate machine, and Caddy renews TLS certs and routes to the appropriate container. I could probably accomplish the same w/ Nebula, but I understand my setup a bit more than Nebula.
  
  source
milicent_bystandr@lemm.ee ⁨2⁩ ⁨months⁩ ago
What’s an edge vps? Is that some sort of distributed cdn-style vps? Or just a VPS at the ‘edge’ of your network?

Biggest points for me of having a mesh, not a central Wireguard hub, are,

I have a VPS in one country, a ‘host’ laptop in a friend’s house in another and a third laptop. I want the two laptops to connect directly to each other not bouncing all packets off the vps.

For backups, ssh, etc, I’d like to be able to just call the VPN IP, whether two machines are on the same LAN or not. Nebula/etc makes that work; a centralised VPN would sometimes be sending packets pointlessly out on WAN and back.
source
- sugar_in_your_tea@sh.itjust.works ⁨2⁩ ⁨months⁩ ago
  The latter, a VPS at the “edge” of my network. It doesn’t run any services itself other than HAProxy, which just routes connections to services inside my network.
  
  That use case makes a ton of sense.
  
  I only have my VPS and internal devices, so using DNS names makes it trivial to always get the best route since the only options are within my LAN (simple router config) or over WAN. If it was any more complex, I’d probably do the same as you.
  
  source