Nebula (by Slack) is a hot new competitor to Zerotier (and both are FOSS)

esbeeb · November 21, 2019, 12:10am

From Nebula’s new github repository:

slackhq/nebula/blob/master/README.md

## What is Nebula?
Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security.
It lets you seamlessly connect computers anywhere in the world. Nebula is portable, and runs on Linux, OSX, Windows, iOS, and Android.
It can be used to connect a small number of computers, but is also able to connect tens of thousands of computers.

Nebula incorporates a number of existing concepts like encryption, security groups, certificates,
and tunneling, and each of those individual pieces existed before Nebula in various forms.
What makes Nebula different to existing offerings is that it brings all of these ideas together,
resulting in a sum that is greater than its individual parts.

Further documentation can be found [here](https://nebula.defined.net/docs/).

You can read more about Nebula [here](https://medium.com/p/884110a5579).

You can also join the NebulaOSS Slack group [here](https://join.slack.com/t/nebulaoss/shared_invite/enQtOTA5MDI4NDg3MTg4LTkwY2EwNTI4NzQyMzc0M2ZlODBjNWI3NTY1MzhiOThiMmZlZjVkMTI0NGY4YTMyNjUwMWEyNzNkZTJmYzQxOGU).

## Supported Platforms

#### Desktop and Server

This file has been truncated. show original

I’ve been using Zerotier for several months, and here’s how I feel about it:

Zerotier ver. 1 Pros:

comes as a snap
super easy to add new members to a Zerotier network, has a web admin interface to show Zerotier network members, and approve of their joining with a single mouse click.

Zerotier ver. 1 Cons:

that super-handy web admin interface for managing ZeroTier networks is unfortunately centralized on Zerotier’s own servers (“Zerotier Central”), and you can’t have your own “central” servers as of yet (but ver. 2 claims to allow this, which may come out any time now)
the relays that your traffic passes through, should firewall-punching not work, are also unfortunately centralized on Zerotier’s own servers, and you can’t have your own relay servers as of yet (but ver. 2 claims to allow this, which may come out any time now)
No third-party security audit as of yet.

Although Nebula does not come as a snap yet (as of this posting, you have to “git clone” it, and then you have to manually set up your own system service for Nebula), it does let you set up your own “lighthouse”, which apparently acts as a relay server (if necessary, when firewall punching doesn’t work), as well as a central management server (it’s a so-called “certificate authority” for the other machines which you join to your Nebula network). This central management facility is not web-based at this time, unlike Zerotier.

Nebula also claims to have undergone a third-party security assessment. From this blog post:

Nebula has undergone a paid security vulnerability assessment, along with numerous internal security reviews. We are adding Nebula to our official bug bounty program, where we welcome submissions related to security bugs found in our software. (Note: while we may look at suggestions related to best practices, unless they constitute a vulnerability, these will likely not qualify for a bounty payment).

Anyone else out there find Nebula really interesting? I think I’ll wait a bit, and maybe a snap or docker container might materialize, before I start prototyping it and testing it for my own use (on my cloud servers, and some local VMs).

Note: It seems this initial public release of Nebula is very well-timed to jump out ahead of Zerotier’s upcoming ver. 2 release, possibly stealing the thunder away from Zerotier in a big breakthrough moment they were about to have (where Zerotier was about to empower their users to have their own relays and central management).

PS: I want to thank today’s linuxheadlines.show podcast for mentioning Nebula.