I’ve been playing around with self hosting for file sharing, backups, and a handful of other ideas I might one day get round to. I like the idea of a mesh VPN and being able to, for example, connect a travelling laptop to a ‘host’ laptop nearby, though my only public ip is a VPS in another country.
Of all the options I found, I liked the look of Nebula most. Fiddly in some places, but it’s working nicely for me, and I appreciate some of the simplicity of design.
I’m wondering if people here have much experience of it, though? My biggest concern is over its future. With,
- The Defined Networking site focusing on making money off it, and
- The Android app doesn’t allow full configuration (including the firewall, so I can’t host a website from a phone) but - I heard - does if you use Defined Networking’s paid service for configuration,
makes me worry they might be essentially trying to deprecate viable FOSS Nebula in favour of a paid or controlled service.
Any thoughts? Insight?
The benefits are obvious:
Not saying you should do it or that it is better overall, but ignoring those is not fair.
Personally i would never go for Tailscale since i give away the access control to my kingdom to a company. Exactly what i want to get away from through selfhosting.
Exactly. I tried Tailscale to get things off the ground, but it didn’t do precisely what I wanted, so I abandoned it and built exactly what I needed, which for me was a VPN at the gateway that tunneled SSL traffic via HAProxy to my internal network.
If Nebula solves your problems, great! I find I don’t need its features, and prefer to keep things relatively simple, which for me is a WireGuard VPN and a handful of containers to run my things. My setup is basically HAProxy -> Wireguard VPN -> Caddy (TLS termination; docker container) -> Docker container on internal network. HAProxy routes to the appropriate machine, and Caddy renews TLS certs and routes to the appropriate container. I could probably accomplish the same w/ Nebula, but I understand my setup a bit more than Nebula.
Doesn’t selfhosting headscale prevent the keys to the kingdom thing you’re talking about?
Yes. But it removes some benefits. You again open some ports or use a VPS to host it. The benefit of not needing to have open ports on other servers and central auth and management still stands.
Nebula you also need a VPS or something public for the coordination server (‘lighthouse node’). Seems there’s no way around that at the moment: at least one machine, of your own or another’s, has to have a public IP so the other machines can learn how to connect to each other.
Check out Net Bird