search

unreality / nebula-mesh-admin

MIT License
44 stars 6 forks source link

Mesh Node Auto Assign IP #1

Open lonnietc opened 2 years ago

lonnietc commented 2 years ago

Hello,

I am building a massively scalable P2P project in Golang and one part of it may be using Nebula Mesh (https://github.com/slackhq/nebula) for the VPN that allows nodes to connect.

I have been researching many solutions and it seems that a Wireguard solution may be the best approach. With that in mind, I fired up Nebula to test and it worked great, but found that I had to have a dedicated "lighthouse" with a static IP which is totally fine, but that in order to add the nodes, I had to manually choose an IP and encode it in the certificate for that node before proceeding. This is the problem point and an area in which you "nebula-mesh-admin" project might help.

Do I understand correctly that once a user "registers" then when they want to connect to the P2P VPN mesh they start up their node and then login at which time a signed cert is sent to them with an IP that is available from the IP pool and I would not have to manually send certs to each node like in the current Nebula core design?

The reason is that I need to make it just as simple as possible for the users to login and not have to do special things in order to use the secure network. Perhaps this would operate much like ZeroTier or similar system, although that is really not the intent of the project.

I have also come across Netmaker (https://github.com/gravitl/netmaker) but that may be a bit of an overkill for what I need.

Any guidance or information that you might be able to provide would be greatly appreciated. Thanks in advance and have a great day.

unreality commented 2 years ago

Yes, that is correct. However users are not required to 'register' first. They only need to login - currently nebula-mesh-admin assumes that all users who can login are allowed access to nebula.

It also requires the use of a Nebula client which will do the login and retrieve the certificate first. I wrote a windows client that does this, and for other platforms you could use nebula-helper CLI program (users would need to run nebula-helper to get their short-lived cert, then run nebula to connect)