brad-defined

@1MachineElf A NAT drops some IPv4 traffic when it doesn't have the internal state tracking to know who to forward the traffic to. This makes it act in some ways...

Nebula 1.6.0 is released with a Relay feature, to cover cases like a Symmetric NAT. https://github.com/slackhq/nebula/pull/678 If you don't want to change the NAT behavior of your OPNsense system, you...

Nebula's unsafe routes feature can get the packets from clients to the unsafe_routes Nebula node. However, it depends on the kernel to perform NAT and get the packets to their...

The way that Tailscale delivers this is by importing a userland implementation of the TCP/IP stack. They use this to terminate the TCP connection at the Tailscale node, and then...

> Is there a reason that Nebula does not do something similar? I.e. is that userland implementation is too slow for Nebula's primary goals, or has it just not been...

@davidflowerday that looks awesome, thanks for sharing!

@clarkmcc Without something like @davidflowerday 's changes, Nebula must create a TUN device to transport traffic If you're in control of the Collector, you could solve your agent connectivity by...

https://www.defined.net/nebula/config/#sshd Check out the sshd configuration setting - it runs an in-memory SSHd server in the nebula process, which supports a number of troubleshooting commands. If you enable this on...

`routines` pins i/o goroutines to dedicated o/s threads, and I don't think they'll provide any performance value set greater than the number of CPU's on the host. I didn't test...

Have you configured your DigialOcean droplet to use a ReservedIP? If so, it's possible/likely that the Nebula traffic inbound is reaching your lighthouse destined for the Reserved IP, but response...