I’ve been playing around with self hosting for file sharing, backups, and a handful of other ideas I might one day get round to. I like the idea of a mesh VPN and being able to, for example, connect a travelling laptop to a ‘host’ laptop nearby, though my only public ip is a VPS in another country.

Of all the options I found, I liked the look of Nebula most. Fiddly in some places, but it’s working nicely for me, and I appreciate some of the simplicity of design.

I’m wondering if people here have much experience of it, though? My biggest concern is over its future. With,

  1. The Defined Networking site focusing on making money off it, and
  2. The Android app doesn’t allow full configuration (including the firewall, so I can’t host a website from a phone) but - I heard - does if you use Defined Networking’s paid service for configuration,

makes me worry they might be essentially trying to deprecate viable FOSS Nebula in favour of a paid or controlled service.

Any thoughts? Insight?

  • uzay@infosec.pub
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    What made you choose Nebula over Tailscale? I’m running it through a self-hosted Headscale server and it’s working well so far. I haven’t looked into Nebula too much.

    • paperd
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      the core bits of nebula are all open source. With tailscale, there is headscale, but that is made by a tailscale employee and it feels ripe for a rug pull whenever tailscale feels like it. with nebula, the lighthouse and user clients are open, so there is far less chance of that.

      • uzay@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        2 months ago

        I see. That is a valid concern. Though it feels unfair to say that headscale is ‘made by a tailscale employee’. From what I understand, one of the main contributors of headscale was hired by tailscale, though he is not the only maintainer and does not own the repo from what I can tell. Still, Tailscale could decide to cede all support of headscale and that would likely hurt the project a lot. In the same way however nebula could decide to switch to proprietary licenses and discontinue their open source offerings.

        • paperd
          link
          fedilink
          English
          arrow-up
          2
          ·
          2 months ago

          In the same way however nebula could decide to switch to proprietary licenses and discontinue their open source offerings.

          Sure but you’d still have whatever the last commit was to nebula under the MIT license. It can be forked etc etc.

          I am sure headscale is great, but its a side project and if so inclined (not saying they are, tailscale seem quite generous), they could kill it a lot faster than Defined Networking could kill nebula. But its all a gamble.

    • milicent_bystandr@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago
      1. Biggest thing was actually the sign up options. What if I don’t want my machines calling to Google or Microsoft to get access to Tailscale? I need to look up the other OIDC providers but don’t know much about that yet.
      2. Then the fact of Nebula being fully open source and fully on my machines. (Though that’s a little undercut by the Android problem being solved only by their managed service).
      3. Headscale gave me an impression of being more complicated to set up and maintain. Haven’t tried it yet, that was just my feel when I chose which one to try.
      4. More recently, I saw Nebula’s interesting post on performance benchmarks. At high throughout Tailscale can be better for CPU but heavier on memory. Hopefully at my sort of very low throughout it’s small on memory but if I’m squeezing a client into a cheap vps alongside nextcloud and other things, memory use is more concerning to me than CPU… I wonder how much memory Tailscale uses when not doing much.