Nebula VPN routes between hosts privately, flexibly, and efficiently

'Last month, the engineering department at Slack—an instant messaging platform commonly used for community and small business organization—released a new distributed VPN mesh tool called Nebula. It's difficult to coherently explain Nebula in a nutshell. According to the people on Slack's engineering team, they asked themselves "what is the easiest way to securely connect tens of thousands of computers, hosted at multiple cloud service providers in dozens of locations around the globe?" And (developing) Nebula was the best answer they had. It's a portable, scalable overlay networking tool that runs on most major platforms, including Linux, MacOS, and Windows, with some mobile device support planned for the near future. Nebula-transmitted data is fully encrypted using the Noise protocol framework, which is also used in modern, highly security-focused projects such as Signal and WireGuard. Unlike more traditional VPN technologies—including WireGuard—Nebula automatically and dynamically discovers available routes between nodes and sends traffic down the most efficient path between any two nodes rather than forcing everything through a central distribution point.' -- source: https://arstechnica.com/gadgets/2019/12/nebula-vpn-routes-between-hosts-priv... Cheers, Peter -- Peter Reutemann Dept. of Computer Science University of Waikato, NZ +64 (7) 858-5174 http://www.cms.waikato.ac.nz/~fracpete/ http://www.data-mining.co.nz/

On Fri, 13 Dec 2019 12:00:52 +1300, Peter Reutemann quoted:
'Last month, the engineering department at Slack—an instant messaging platform commonly used for community and small business organization—released a new distributed VPN mesh tool called Nebula.'
Here <https://arstechnica.com/gadgets/2019/12/how-to-set-up-your-own-nebula-mesh-vpn-step-by-step/> is a followup article explaining how it works in more detail. All VPNs are capable of establishing bidirectional connections in and out of private networks. What makes Nebula a “mesh” VPN is the fact that it can dynamically reconfigure itself to take advantage of more direct connections between private networks, instead of always routing through public “lighthouse” nodes. It does this by spoofing source addresses on UDP packets, which usually (!) works.
participants (2)
-
Lawrence D'Oliveiro
-
Peter Reutemann