Comments (3)
Okay, I wanted this too, so I spent the day and have a working patch. Def experimental, but I'll link this issue once I make it a proper PR.
Plan is to leave it behind a config option that you explicitly need to enable. By default you won't be able to route traffic via nebula even if the certificate has a valid set of subnets
defined. Will document and make clear that this is not as good as running nebula on all hosts, but I understand why folks might want it.
from nebula.
Or, hot off the presses, given issues like https://seclists.org/oss-sec/2019/q4/122 - perhaps we should consider never allowing routing of traffic destined for non-nebula IPs through nebula.
from nebula.
Or give the ability to switch it on and off as some people like to route traffic through VPN overlays.
At the moment I'm just using an ebgp routeserver and FRR but would be good to be able to negate having to use BGP at all and have routing built in.
Cheers!
Jon.
from nebula.
Related Issues (20)
- Feature Request: Utilize golangs pgo to improve performance
- Read ssh public keys from an `authorized_keys` file HOT 2
- Feature reuqest: Use configuration folder HOT 3
- 🐛 BUG: Node(windows 10 laptop not lighthouse) continuously receiving the following information HOT 2
- 🐛 FEATURE REQUEST: Distribute Nebula binaries more securely HOT 1
- 🐛 BUG: nebula1 tunnel is not detected as a network interface in Windows 11 HOT 7
- 🐛 BUG: Client to Client connection doesn't work HOT 4
- 🐛 BUG: Simultaneous reload caused connection failure between two hosts HOT 2
- 🐛 BUG: ContextualError wrapped errors ironically drop error context
- 🐛 ignore not applicable HOT 3
- Feature/Info: NetworkManager plugin for nebula HOT 1
- Using nebula for site-to-site VPN over multiple WLAN links: is it anti-pattern? HOT 1
- Support access using SSH certificates + groups HOT 2
- Help: SG group management for one big cluster. HOT 1
- 🐛 BUG: Cannot reconnect after successfully establishing connection HOT 2
- 🐛 BUG: Logging is very heavy if certificate has expired. HOT 1
- 🐛 BUG:How do I get the client virtual ip after the relay? HOT 12
- 🐛 BUG: tun cannot be unset on mac os HOT 4
- lighthouse.dns.host does not accept ::, but listen.host does HOT 2
- 🐛 BUG: Runtime Panic HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nebula.