与我们联系———————————————– —- +雇用我们参与项目:https://lawrencesystems.com/hire-us/ + Tom Twitter?https://twitter.com/TomLawrenceTech +我们的网站https://www.lawrencesystems.com/ +我们的论坛https://forums.lawrencesystems.com/ + Instagram https://www.instagram.com/lawrencesystems/ + Facebook https://www.facebook.com/Lawrencesystems/ + GitHub https://github.com / lawrencesystems / + Discord https://discord.gg/ZwTz3Mh Lawrence Systems衬衫和赃物——————————- ——————–►?https://teespring.com/stores/lawrence-technology-services会员和推荐链接——— —————————————— Amazon Affiliate Store?https:// www.amazon.com/shop/lawrencesystemspcpickup我们所有的会员都可以帮助我们,并可以为您带来折扣! Kit https://www.lawrencesystems.com/partners-and-affiliates/我们在套件上使用的装备?https://kit.co/lawrencesystems免费试用ITProTV并享受30%的折扣! ?https://go.itpro.tv/lts使用OfferCode LTSERVICES可在at https://www.techsupplydirect.com/ Digital Ocean优惠代码?https://m.do.co/c上获得10%的订单折扣。 / 85de8d181725 HostiFi UniFi云托管服务?https://hostifi.net/?via=lawrencesystems通过VPN专用互联网保护您的隐私?https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS Patreon? https://www.patreon.com/lawrencesystems⏱️Timestamps⏱️0:00开源Mesh VPN 1:46星云Mesh VPN 3:32零层4:43隐私VPN 5:28站点到站点VPN解决方案6:34星云和Zerotier工作10:10 UDP打孔工作原理14:08解决方案摘要https://www.defined.net/ https://slack.engineering/introducing-nebula-the-open-source-global-overlay-network -from-slack / https://github.com/slackhq/nebula#what-isnebula https://www.zerotier.com/自托管Zeroitier工具(我尚未测试)https://key-networks.com/ ztncui /我对Zerotier的评论https://youtu.be/Bl_Vau8wtgc。
开源网状VPN解决方案
35 comments
Comments are closed.
Nebula Links
https://www.defined.net/
https://slack.engineering/introducing-nebula-the-open-source-global-overlay-network-from-slack/
https://github.com/slackhq/nebula#what-isnebula
https://www.zerotier.com/
Self hosted Zeroitier tool (I have not tested)
https://key-networks.com/ztncui/
My review of Zerotier
https://youtu.be/Bl_Vau8wtgc
Cool, you explained the same thing again. But what about performance compared to a traditional VPN? Especially when considering remote desktop.
14:20 You can install zerotier on your routers, this way it basically acts like a bridge between the routers and you don't have to do anything else besides adding some static routes on the zerotier UI. Edgerouters work very nicely for that. And then it's just business as usual configuring your firewalls
After speaking with one of the developers of Nebula their update for IPV6 support will be coming soon, allowing more situations where Nebula will work, especially when involving CGNATs.
I'm running the development branch of their outside_ipv6 and it works flawlessly. Punching through EEs CGNAT.
I moved away from Tailscale as I don't appreciate that they can add any devices to my network0. If/when they open source the server, Ill reconsider.
It reminds me of Hamachi from LogMeIn, not the same but also kind of similar.
I am using the key-networks self hosted controller. It does work as advertised, and I have had no major issues – but it is a little rough. A few issues here and there with values being cached, or taking several attempts to update properly.
I just want to thank you for all of the videos you upload and all of the work you do for us. You help to keep me up to date and informed and you really help to provide stability in sometimes a very all over the place profession of IT. Keep up the great work! I will continue watching and trying to grow and prepare myself in IT thanks to your help! 🙂
tinc is extremely battle-tested. Even 3-letter agencies gave it much praise for building operational networks.
What a complete waste of time that nebula was. I have been testing this over the weekend, don't waste your time. Nebula does not currently support relaying through the lighthouse so with devices behind multiple NAT you just get problems. They have been trying to get hole punching better but it looks like its way behind the current zerotier offering.
Interesting video. It seems like you may get some benefits running this over DMVPN which that local network example you gave. I assume you could just setup on of these servers and possibly point your routed LAN interfaces default gateway to the server and then point the default gateway of the server to your nat firewall then? Are these tunnels pretty much ipsec/gre meshes? It would be interesting to see a video demo on nebula.
Tutorial would be appreciated.
the question is do they include default 'multicast' video and related 'one to many' streaming options to bypass the likes YouTube censorship and passthrough etc, ie a far better data saving than unicast video streaming for the end users and small scale self hosted providers on mass, as per its original intent before the world's consumer isp's unilaterally blocked native end user 'multicast' data streaming at their isp end point routers etc.
basic good multicast real life setup https://www.youtube.com/watch?v=fIg_9wJlQX4
Multicast
30,398 views•Jul 30, 2016,CWNE88
https://www.youtube.com/watch?v=KI0LuIcFM98
Raspberry Pi Multicast TV server
1,415,977 views•Aug 2, 2016,CWNE88
https://www.youtube.com/watch?v=ZPzYKVar13c
TV Technology – Part 10 – Raspberry Pi TCP IPTV Server (aka multicast to unicast video streaming)
16,455 views•Apr 7, 2019,CWNE88
How is UDP punch through different from WebRTC? You have a STUN server that coordinates two clients and sort of spoofs for that initial connection to allow direct client-client UDP traffic (potentially falling back to a relay just like zerotier) and usually firewalls don't matter unless they are blocking the STUN servers. Great video thanks!
i think nebula vpn like wireguard in methodology .isn't it ?
Thanks Tom – Awesome info. I would definitely like to see Nebula in action. I found out about Zerotier from one of your videos and it has been useful to maintain connectivity to my home and work labs. Keep them coming!!
Nebula setup? Yes please!!!!!
One of my ISP Block All UDP Traffic??
Zerotier would be greate on a client Pfsense Box, they are behind a silly ISP who donb't give they an public IP !!
A couple of months ago I did looked into Nebula and thought it's a cool project to link two sites together and room to grow when more sites get added. Would love to see the video about it on here.
You can load Zerotier on a Edgerouter X to work as a traditional VPN / expose your LAN https://kruyt.org/zerotier-on-a-ubiquiti-edgerouter/
My solution to UDP holes is not to allow anything outbound unless a rule says so, mainly 80, DNS server 53, and 443. There is zero reason for anything else unless its vendor related in which you build an outgoing rule for.
• The ability to push DNS configuration to members, a long requested feature that will be valuable in enterprise environments with internal DNS servers or Windows domain controllers. The network controller side of this can be edited in ZeroTier Central by adding ?dns=1 to the end of the /network/<network ID> URL when viewing or editing a network. This will reveal a DNS configuration box in the network settings area beneath multicast configuration. On the client you must allow DNS setting management for a network in the ZeroTier UI or via the command-line interface with zerotier-cli set <network ID> allowDNS <true|false>.
https://stubarea51.net/2020/03/10/remote-workers-rapid-and-cost-effective-vpn-scale-with-zerotier-opnsense-and-frrouting/
https://www.tailscale.com/pricing/ <—– free tier is like how ZeroTier was at first
https://tailscale.com/kb/1081/magic-dns <— nice to have
Definitely more interested in how to fix that firewall/ACL workaround.
I use Zerotier because my ISP have double nat and I can't access my pc through traditional VPN
Interesting concept for sure. I do agree with Tom that a traditional VPN is more suitable for a use case such as connecting to your home (or office) network remotely.
I made the experience that virtual network adapters added by third party software will often be removed by windows updates. Is that an issue with this product?
Love zeroteir. Use it for both my vpn access (split tunnel) to internal resources and cross site transport (eoip for layer 2 bridge + routed subnets)
I was ready to use Zerotier Edge appliances everywhere (cabin, parents house etc.), but now it's EOL so looking for another solution where the client does not have to be on / routing to other non PC devices.
The problem that i can see here is that Wireguard is at least twice fast compared to nebula. I prefer to do more configuration to know that i'm getting the best in terms of speed and performance. If the throughput you need is very low, nebula could be take into consideration. Imagine that i can put Wireguard on Ubiquiti ER-4 and get minimum 300Mbps in throughput (with wireguard) and 70-80Mbps with Zerotier.
Thanks Lawrence. Great video!
Guide would be nice ??
is this similar to n2n – L2 P2P VPN
Great video. Do you have plan to upgrade your video to 2k or 4k any time soon? Hope we can see Hi Res video from you. Thank you!
Nebula Demo please