You are here

Nebula Mesh VPN

3 posts / 0 new
Last post
kv4pc
kv4pc's picture
Nebula Mesh VPN

Is anyone looking at this tech for AREDN?

https://arstechnica.com/gadgets/2019/12/how-to-set-up-your-own-nebula-me...

Nebula on github... https://github.com/slackhq/nebula

73; Bob KV4PC

K9CQB
K9CQB's picture
Looks interesting, but how does our traffic run on UDP-only?

Bob,
This looks really interesting to me, especially for another project I'm working on. I love how it uses a UDP-only network to pass through NATed nodes.
I'm not sure how it would work at passing UDP-only traffic over OLSR connected AREDN nodes. I'm sure for VOIP traffic it would be fine as VOIP is mostly UDP.

-Damon K9CQB

kv4pc
kv4pc's picture
Replacement service for tunneling at a WAN Interface

Damon:

I dont think there are any issues with UDP anywhere in an AREDN network except for multicast. And our regular Tunneling is all done inside UDP now.

I was thinking of it as a replacement or supplement service for the current Tunneling at WAN interfaces. As such it wouldnt need to run over RF links at all. The benefit would be that portable mesh equipment and RF islands being relocated through different deployment geography and topology can all find each other and form up a network when the WAN interfaces are connected to the internet somehow. All the nodes check in with the static Lighthouse node in a Nebula network and then automatically find each other with their tunnels by direct routes. OLSR traffic would flow through the tunnels just like it does now with manual tunneling, and build a routing picture for the whole.

Scenario, Team A supporting at the marathon sets up a WAN node at the Starbucks and uses a Tethering node to jump on the public internet using Starbuck's public WIFI, then sets up RF nodes to connect nearby aide stations. Team B is on the other side of town and they tether to McDonalds. The two WAN nodes check in to the Nebula Lighthouse which has a known static address, and when their addresses are both know, direct tunnels are automatically set up between them.

Boom. No special configuration has to be done in the field. It just works. Nebula tunnels can be encrypted too so that hacker sipping coffee in the corner cant break in to your mesh. And the encryption is only running on the wired or Part 15 part of your network so there isnt a Part 97 problem. I get the impression that Nebula only eats one address per tunnel too unlike the current method that eats 4.

Pretty cool, huh?

73;
Bob KV4PC


 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer