Scalable overlay networking tool for connecting computers anywhere with encryption, certificates, and security groups
- Stars17.4k
- Forks1.1k
- Open Issues96
MIT
- Go
- Makefile
- Dockerfile
About Nebula
Nebula is a scalable overlay networking tool that connects computers anywhere in the world, focusing on performance, simplicity, and security. It can link a handful of machines or tens of thousands, across cloud providers, datacenters, and endpoints, without a fixed addressing scheme. It runs on Linux, Windows, macOS, FreeBSD, iOS, and Android.
Nebula is a mutually authenticated peer-to-peer network built on the Noise Protocol Framework. Certificates assert each node's IP address, name, and group membership, and user-defined groups drive provider-agnostic traffic filtering between nodes. Discovery nodes called lighthouses let peers find each other and use UDP hole punching to connect through most firewalls and NATs.
The nebula-cert tool creates a certificate authority and signs host certificates; each node runs from a YAML config file. By default it uses ECDH with AES-256-GCM and Curve25519, with an optional NIST P-256 curve and BoringCrypto builds for compliance needs.
Key features
- Overlay networking from a few to tens of thousands of nodes
- Mutually authenticated peer-to-peer Noise Protocol tunnels
- Certificate-based identity with user-defined security groups
- Lighthouse discovery nodes with UDP hole punching
- nebula-cert creates a CA and signs host certificates
Details
- First released
- 2019
- Platforms
- Win · macOS · Linux · FreeBSD · iOS · Android
- Deployment
- self-hostable
- Encryption
- ECDH · AES-256-GCM · Curve25519
- CLI
- nebula-cert and nebula
- Created by
- Slack Technologies