SoylentNews

19/12/14/2236239 story

Nebula VPN Routes Between Hosts Privately, Flexibly, and Efficiently

posted by chromas on Sunday December 15 2019, @11:11AM   
from the I-didn't-see-what-you-did-there dept.

Fnord666 writes:

Nebula VPN routes between hosts privately, flexibly, and efficiently

Last month, the engineering department at Slack—an instant messaging platform commonly used for community and small business organization—released a new distributed VPN mesh tool called Nebula. Nebula is free and open source software, available under the MIT license.

It's difficult to coherently explain Nebula in a nutshell. According to the people on Slack's engineering team, they asked themselves "what is the easiest way to securely connect tens of thousands of computers, hosted at multiple cloud service providers in dozens of locations around the globe?" And (developing) Nebula was the best answer they had. It's a portable, scalable overlay networking tool that runs on most major platforms, including Linux, MacOS, and Windows, with some mobile device support planned for the near future.

Nebula-transmitted data is fully encrypted using the Noise protocol framework, which is also used in modern, highly security-focused projects such as Signal and WireGuard. Unlike more traditional VPN technologies—including WireGuard—Nebula automatically and dynamically discovers available routes between nodes and sends traffic down the most efficient path between any two nodes rather than forcing everything through a central distribution point.

---

Original Submission

• Reinventing the wheel Reinventing the wheel (Score: 3, Informative) by Unixnut on Sunday December 15 2019, @02:13PM (4 children)

  by Unixnut (5779) on Sunday December 15 2019, @02:13PM (#932365)

  How is this conceptually different to I2P (https://geti2p.net/en/)?

  It is hard enough to get people to make use of one encrypted network overlay, without creating more (non interoperable) variations on the same thing.

  My current employer makes use of slack, and I can say is I hope this new project of theirs is less buggy and better designed. Being open source at least it should be able to be improved by the community.

  • Re:Reinventing the wheel (Score: 0) by Anonymous Coward on Sunday December 15 2019, @04:18PM

    by Anonymous Coward on Sunday December 15 2019, @04:18PM (#932398)

    ..Being open source at least it should be able to be improved by the community.

    So long as you grok Go (which I don't), tried building it from source on two different linux distros (one 32 bit, the other 64)...no fucking joy.
    I think I'll be sticking to zerotier..which also works on *BSDs and Android.

    Parent

  • Re:Reinventing the wheel Re:Reinventing the wheel (Score: 3, Interesting) by legont on Sunday December 15 2019, @04:33PM (2 children)

    by legont (4179) on Sunday December 15 2019, @04:33PM (#932405)

    Yeah, Slack is badly designed; especially compared to Telegram.

    As per their mesh, does it mean that child porn will go through user's computers? I guess... Furthermore, if a bug is discovered, should an innocent expect a swat team in the middle of the night?

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.

    Parent

    • Re:Reinventing the wheel (Score: 0) by Anonymous Coward on Sunday December 15 2019, @10:03PM

      by Anonymous Coward on Sunday December 15 2019, @10:03PM (#932493)

      As per their mesh, does it mean that child porn will go through user's computers?

      As much as it 'go through' the ISP's computers/devices, but they are light on the mesh details though, at least reading through the linked blog.

      Furthermore, if a bug is discovered, should an innocent expect a swat team in the middle of the night?

      Not where I live. Maybe you should re-evaluate where you live or at work to change that kind of "feature" in your society, it is just sad you have to filter your life based on a potential of that situation. My hear felt condolences - truly.

      Parent

    • Re:Reinventing the wheel (Score: 0) by Anonymous Coward on Monday December 16 2019, @01:32AM

      by Anonymous Coward on Monday December 16 2019, @01:32AM (#932601)

      This is tinc with presumably better performance-- a *private* overlay mesh network-- no matter where they are, all your participating machines are available, as if on a private local network-- even when behind NAT. If *you* copy child porn between machines in *your private mesh*, then yeah, child porn will traverse *your* overlay network.

      If this really does have decent perf, I'm looking forward to trying it out. Tinc is awesome, but slower than molasses.
       

      Parent

• already discussed (Score: 3, Interesting) by jmichaelhudsondotnet on Monday December 16 2019, @12:48AM

  by jmichaelhudsondotnet (8122) on Monday December 16 2019, @12:48AM (#932572) Journal

  I do not trust slack. They did not just whip this together. This is not a garage operation. This was not a bunch of guys throwing something together over beers.

  This is a cloud implementation that is so complex gosh they can hardly explain it.

  Slack has connections to all the wrong people to be trusted, at all, for vpn level privacy stuff.

  More things like whatsapp, poison roots, poison product.

  A danger to you and the public.

  Heck, like project veritas and rebel wisdom and ethos capital, we have a pile of money, don't ask anything about our backgrounds.

  https://archive.is/U36hd [archive.is]

  then your data ends up here
  https://archive.is/9wSDi [archive.is]

  or get your news here
  https://archive.is/osDks [archive.is]

  rethink what you consider credible
  https://archive.is/uEvFY [archive.is]

  for fun
  https://archive.is/QBVQJ [archive.is] (i think this got me banned from reddit, more on this soon)