top | item 33980286

(no title)

Everlag | 3 years ago

nebula[0] may be interesting; you can allow list connectivity for specific groups, all burned into the cert used to join the network. It uses some NAT hole punching orchestration to accomplish connectivity between hosts without opening ports.

The main painful thing I've found has been cert management. PKI, as usual, is not a solved problem.

I've managed to do some fun stuff using salt + nebula on the hobby side.

[0] https://github.com/slackhq/nebula

discuss

No comments yet.