Using nebula for site-to-site VPN over multiple WLAN links: is it anti-pattern? #1074
Comments
|
Hi @hth2 - It is possible to expose your private cloud subnet using the It is so-named because, as you guessed, it's an anti-pattern in situations where you are able to install Nebula directly on the nodes you'd like to talk to. This is because one of Nebula's primary features is its certificate-based firewall. When using
Note that while Another concern with using this feature is that all of your traffic will be funneled through the router box, so it will act as a bottleneck. In contrast, normal Nebula connections are peer-to-peer. If possible, we recommend installing Nebula on each host in your cloud network. For services such as RDS, we suggest using One final approach you can take, if you have only one or two services you need access to, but are unable to install Nebula on them directly, is to create a dedicated host on the subnet acting as a port forwarder to the internal service. Then you can protect this host with the regular Nebula firewall. |
I would like to setup a nebula network as in this diagram:
nebula1 & nebula2: are gateways for home network, have unreliable connection to Internet
nebula10: gateway for a private network in the cloud, has reliable connection
my plan is to setup routing for hostA to route traffic to net 192.168.2.0/24 over nebula3, hoping that if nebula1 or nebula2 is disconnected from Internet (only one at a time), the connection from hostA to hostB still works.
Does this seem sensible, or a no-go?
Update: in this diagram nebula3 seems not necessary, however my home net is slightly more complex and hostA is not in the same network as nebula1 & nebula2.
The text was updated successfully, but these errors were encountered: