I've used it for some time, it feels very much like it is in maintenance mode. You manage a P...

ysleepy • today at 12:43 PM • 3 replies • view on HN

I've used it for some time, it feels very much like it is in maintenance mode.

You manage a PKI and have to distribute the keys yourself, no auth/login etc.

it's much better than wireguard, not requiring O(N) config changes to add a node, and allowing peoxy nodes etc.

iirc key revocation and so on are not easy.

Replies

PLG88 • today at 3:38 PM

This problem has been brought up in the OpenZiti community many times. I like Nebula, but it's not 'truly open source'.

dave78 • today at 2:15 PM

Nebula just had a major release that added IPv6 support for overlay networks. Hardly maintenance mode.

The main company working on it now seems to be adding all the fancy easy-to-use features as a layer on top of Nebula that they are selling. I personally appreciate getting to use the simple core of Nebula as open source. It seems very Unix-y to me: a simple tool that does one thing and does it well.

c0balt • today at 1:03 PM

Nebula does not require O(n) config changes for adding a node.

O(n) is only required for:

- active revocation of a certificate (requires adding the CA fingerprint to the config file)

- adding/removing a lighthouses (hub for publishing IPs for p2p) or relay (for going over p2p)

- CA rotation

➕ show 1 reply

alt Hacker News

Replies