Easy, magical NAT traversal.
Edit: Oh wow. I just ran into innernet. Looks like a self-hosted FOSS alternative to tailscale, and also cool blog
I use this for sharing a media server with family and friends and it works great!
Perhaps the definition of "self-hosted" varies from person to person. The definition I subscribe to for "self-hosted" peer-to-peer is that I have to supply the publicly reachable IP address and run a supernode on it. (I prefer supernodes that only provide IP:port information for peers to directly connect and do not pass any traffic once the peers are connected.) Many of the so-called "peer-to-peer" projects I see today provide the IP address of a server run by a third party as part of their default configuration, with the option that a user could run their own server on their own IP address. (How many users do that.) Under the definition I subscribe to, nothing is for "free". I have to pay for the publicly reachable IP address and run the supernode from that address. Under another person's definition of "self-hosted", a third party might be hosting a necessary server. If they stop providing that service, the "self-hosted" solution no longer works.
If you checked Nebula's readme you'd see the following:
> Nebula lighthouses allow nodes to find each other, anywhere in the world. A lighthouse is the only node in a Nebula network whose IP should not change. Running a lighthouse requires very few compute resources, and you can easily use the least expensive option from a cloud hosting provider. If you're not sure which provider to use, a number of us have used $5/mo DigitalOcean droplets as lighthouses.
Beyond that, innernet does not run on nebula.
This puts Nebula in a relatively small group of what I would call true self-hosted overlay networks (by the definition of "self-hosted" I subscribe to). Kudos for that.
What drew my attention was the remote IP address in
No idea why that is there.
Anyway, while I would not necessarily choose to run Nebula myself (I prefer smaller overlay networks, for example), it is certainly an exception to the pattern I see in so many other "self-hosted" peer-to-peer projects. I apologise if the comment I submitted implied otherwise.
Note I never suggested innernet "runs on Nebula". The words I used were "innernet relies on Nebula." Of course, that, too, is incorrect. The blog post was just comparing innernet to Nebula. My bad! I am just too cynical about peer-to-peer projects since so many fall into the same patterns I dislike; hence I skimmed where I should have read more closely.
That's a test file.
It has the advantage that only the server needs to run a program. It also does a few tricks like mapping each client's public IP to a LAN IP like 127.5.21.3 so ip banning / whitelisting still works in game.
It does mean you can unlock predownloaded time-gated games about 18 hours early, though.
Mobile hotspot//USB tether forwarding your VPN.
Plus its open source
The users we have vary quite drastically in terms of their network access and computer hardware.
I can’t imagine providing a free unique static IPv4 for 4000+ active servers would be a sustainable business model. IPv6 of course would be fine, if residential ISPs ever leave the Stone Age. (Looking at you, Bell Canada)
Minecraft is quite nice as it supports SRV records so the provided tunnel address doesn't need to show the port number. For other games you'll notice you have the non standard port.
Oh that's nifty!
a script to set it all up (debian 8):
ssh -f -N -T -R 8080:localhost:80 email@example.com
All ports are unblocked and you can choose plans with guaranteed speeds of 500Mbit. It’s great for people who self-host, and don’t want to manage a cloud VPS.
Zerotier seems like a fine tool, but I feel like learning how to use wireguard has more opportunity to come in handy later. Not to mention how wireguard is a part of the kernel now, which makes things a bit more convenient as well.
The latest version, v4 is performing really well and is helping me keep costs low while we're getting more users.
- let me self host with binaries, public IP server on Linux, private IP server on Windows
- map IPs so that the gameserver running on Windows can issue IP bans
- I don't need hostname-picking or unique ports
As for banning IPs, public IPs are mapped to local IPs (for example 127.3.5.6) so in game banning should work. I have thought about creating a premium tier that lets you add firewall rules to the edge (our tunnel servers) so the traffic you filter never gets tunneled to you.