From Nebula’s new github repository:
I’ve been using Zerotier for several months, and here’s how I feel about it:
Zerotier ver. 1 Pros:
- comes as a snap
- super easy to add new members to a Zerotier network, has a web admin interface to show Zerotier network members, and approve of their joining with a single mouse click.
Zerotier ver. 1 Cons:
- that super-handy web admin interface for managing ZeroTier networks is unfortunately centralized on Zerotier’s own servers (“Zerotier Central”), and you can’t have your own “central” servers as of yet (but ver. 2 claims to allow this, which may come out any time now)
- the relays that your traffic passes through, should firewall-punching not work, are also unfortunately centralized on Zerotier’s own servers, and you can’t have your own relay servers as of yet (but ver. 2 claims to allow this, which may come out any time now)
- No third-party security audit as of yet.
Although Nebula does not come as a snap yet (as of this posting, you have to “git clone” it, and then you have to manually set up your own system service for Nebula), it does let you set up your own “lighthouse”, which apparently acts as a relay server (if necessary, when firewall punching doesn’t work), as well as a central management server (it’s a so-called “certificate authority” for the other machines which you join to your Nebula network). This central management facility is not web-based at this time, unlike Zerotier.
Nebula also claims to have undergone a third-party security assessment. From this blog post:
Nebula has undergone a paid security vulnerability assessment, along with numerous internal security reviews. We are adding Nebula to our official bug bounty program, where we welcome submissions related to security bugs found in our software. (Note: while we may look at suggestions related to best practices, unless they constitute a vulnerability, these will likely not qualify for a bounty payment).
Anyone else out there find Nebula really interesting? I think I’ll wait a bit, and maybe a snap or docker container might materialize, before I start prototyping it and testing it for my own use (on my cloud servers, and some local VMs).
Note: It seems this initial public release of Nebula is very well-timed to jump out ahead of Zerotier’s upcoming ver. 2 release, possibly stealing the thunder away from Zerotier in a big breakthrough moment they were about to have (where Zerotier was about to empower their users to have their own relays and central management).
PS: I want to thank today’s linuxheadlines.show podcast for mentioning Nebula.