I’ve been playing around with self hosting for file sharing, backups, and a handful of other ideas I might one day get round to. I like the idea of a mesh VPN and being able to, for example, connect a travelling laptop to a ‘host’ laptop nearby, though my only public ip is a VPS in another country.

Of all the options I found, I liked the look of Nebula most. Fiddly in some places, but it’s working nicely for me, and I appreciate some of the simplicity of design.

I’m wondering if people here have much experience of it, though? My biggest concern is over its future. With,

  1. The Defined Networking site focusing on making money off it, and
  2. The Android app doesn’t allow full configuration (including the firewall, so I can’t host a website from a phone) but - I heard - does if you use Defined Networking’s paid service for configuration,

makes me worry they might be essentially trying to deprecate viable FOSS Nebula in favour of a paid or controlled service.

Any thoughts? Insight?

  • sugar_in_your_tea@sh.itjust.worksEnglish
    0·
    2 months ago

    I’m not sure what the point is? Here’s my setup:

    1. wireguard VPN on my edge VPS
    2. lots of services behind my router that connect to that VPN
    3. router DNS to resolve my domains to my internal services when on my LAN

    This gets me like 95% of the benefit of something like Nebula or Tailscale. When connecting to my internal services, I get LAN speeds if I’m on my LAN and WAN speeds if not. I initially started with Tailscale, but realized that I really didn’t care about most of what it provided.

    • milicent_bystandr@lemm.eeOPEnglish
      0·
      2 months ago

      What’s an edge vps? Is that some sort of distributed cdn-style vps? Or just a VPS at the ‘edge’ of your network?

      Biggest points for me of having a mesh, not a central Wireguard hub, are,

      1. I have a VPS in one country, a ‘host’ laptop in a friend’s house in another and a third laptop. I want the two laptops to connect directly to each other not bouncing all packets off the vps.
      2. For backups, ssh, etc, I’d like to be able to just call the VPN IP, whether two machines are on the same LAN or not. Nebula/etc makes that work; a centralised VPN would sometimes be sending packets pointlessly out on WAN and back.
      • sugar_in_your_tea@sh.itjust.worksEnglish
        0·
        2 months ago

        The latter, a VPS at the “edge” of my network. It doesn’t run any services itself other than HAProxy, which just routes connections to services inside my network.

        That use case makes a ton of sense.

        I only have my VPS and internal devices, so using DNS names makes it trivial to always get the best route since the only options are within my LAN (simple router config) or over WAN. If it was any more complex, I’d probably do the same as you.

    • ShortN0te@lemmy.mlEnglish
      0·
      2 months ago

      The benefits are obvious:

      • No port forwarding needed
      • Central Auth management
      • Easy integration of new devices

      Not saying you should do it or that it is better overall, but ignoring those is not fair.

      Personally i would never go for Tailscale since i give away the access control to my kingdom to a company. Exactly what i want to get away from through selfhosting.

      • y0kai@lemmy.dbzer0.comEnglish
        0·
        2 months ago

        Doesn’t selfhosting headscale prevent the keys to the kingdom thing you’re talking about?

        • ShortN0te@lemmy.mlEnglish
          0·
          2 months ago

          Yes. But it removes some benefits. You again open some ports or use a VPS to host it. The benefit of not needing to have open ports on other servers and central auth and management still stands.