SlackHQ’s Nebula

Description

Nebula is a scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect computers anywhere in the world. Nebula is being developed by Slack.

Packages

OpenWrt repositories contain following packages:

  • nebula: This is the principal binary package. This package is required for nebula peer or lighthouse operations. Unless you want to start nebula manually, you may want to also install either nebula-service or nebula-proto package.
  • nebula-cert: This package contains only nebula-cert binary required to generate certificates not not necessary for the nebula peer or lighthouse operations.
  • nebula-proto: This package contains only OpenWrt protocol/interface support for nebula. You will need to create a new interface for nebula node/lighthouse if you want to use this package. Also router’s reboot is necessary for OpenWrt to recognize the new protocol.
  • nebula-service: This package contains only OpenWrt-specific init.d script for nebula. This package starts a node/lighthouse for each .yml config file it finds in /etc/nebula/ directory.

Requirements

  • nebula: The principal package requires (auto-installs) the following package: kmod-tun and its dependencies.
  • nebula-cert: This package has no dependencies/requirements and can be installed stand-alone.
  • nebula-proto: This package requires the following package: nebula and its dependencies. Reboot is necessary after installation for OpenWrt to recognize the new protocol.
  • nebula-service: This package requires the following package: nebula and its dependencies.

Unmet dependencies

If you are running a development (trunk/snapshot) build of OpenWrt on your router and your build is outdated (meaning that packages of the same revision/commit hash are no longer available and when you try to satisfy the requirements you get errors), please flash either current OpenWrt release image or current development/snapshot image.

How to install

If you want to run the nebula binary manually, you will need to install just the nebula package and it will auto-install all dependencies (kmod-tun and its dependencies):

opkg update; opkg install nebula;

If you want to manage the certificates, you will need to install just the nebula-cert package:

opkg update; opkg install nebula-cert;

If you want to create a manage a new protocol/interface for the nebula, you will need to install the nebula-proto package and it will auto-install all dependencies (nebula, kmod-tun and its dependencies):

opkg update; opkg install nebula-proto;

If, in addition to the nebula-proto, you also want to install luci/WebUI support for nebula protocol/interface, you will need to install the luci-proto-nebula package and it will auto-install all dependencies (nebula-proto, nebula, kmod-tun and its dependencies):

opkg update; opkg install luci-proto-nebula;

If you want to have nebula as a service on your router (with the init.d script), you will need to install the nebula-service package and it will auto-install all dependencies (nebula, kmod-tun and its dependencies):

opkg update; opkg install nebula-service;

Default Settings

  • nebula: This package installs just the principal binary and doesn’t have any settings/actions.
  • nebula-cert: This package installs just the nebula certification binary and doesn’t have any settings/actions.
  • nebula-proto: This package allows you to create a new interface with the nebula protocol pointing to the .yml config file. Here’s an example of the /etc/config/network section:
config interface 'nebula1'
        option proto 'nebula'
        option config '/etc/nebula/config1.yml'

When the nebula interface is brough up, it will automatically open the UDP port referenced in the .yml config file in the router’s firewall.

  • nebula-service: This package contains and init.d/service script which scans the /etc/nebula/ directory for .yml config files and creates a nebula node/lighthouse for each located .yml config file. When each node/lighthouse is started, it will automatically open the UDP port referenced in the .yml config file in the router’s firewall.

Documentation / Discussion

Please head to OpenWrt Forum for discussions of these packages.