Is it considered a mesh tool? Does your work have space for it?
I think it is cool, maybe a bit too rough from the self-hosted side, you have to take care of most of things, even ip association in the overlay network and sometimes even more (I had a clash with some nftable rules that clashed with Docker - or better to say: it was Docker fault).
BTW, awesome work of yours.
From the Nebula docs:
Core features
Peer-to-peer, layer 3, virtual network (Technical Details)
Supports TCP/UDP/ICMP traffic via TUN adapter with split-tunneling
Host firewall with groups-based rules engine for overlay traffic
Route discovery and NAT traversal assisted by simple "lookup" hosts
Identity and Authorization
Nebula uses a PKI model for establishing trust between hosts and networks.
Host certificates are used to securely identify and authorize peers
Hosts mutually authenticate by validating certificates and CA's
Firewall rules enforced by evaluating certificate "security groups"
Releases include nebula-cert executable to generate keys, certs, CA's, and to sign host certificates.
Talking about Defined's Nebula
Is it considered a mesh tool? Does your work have space for it?
I think it is cool, maybe a bit too rough from the self-hosted side, you have to take care of most of things, even ip association in the overlay network and sometimes even more (I had a clash with some nftable rules that clashed with Docker - or better to say: it was Docker fault).
BTW, awesome work of yours.
From the Nebula docs:
Core features
Peer-to-peer, layer 3, virtual network (Technical Details) Supports TCP/UDP/ICMP traffic via TUN adapter with split-tunneling Host firewall with groups-based rules engine for overlay traffic Route discovery and NAT traversal assisted by simple "lookup" hosts
Identity and Authorization
Nebula uses a PKI model for establishing trust between hosts and networks.
Host certificates are used to securely identify and authorize peers Hosts mutually authenticate by validating certificates and CA's Firewall rules enforced by evaluating certificate "security groups"
Releases include nebula-cert executable to generate keys, certs, CA's, and to sign host certificates.