-
superhighway84
USENET-inspired, uncensorable, decentralized internet discussion system running on IPFS & OrbitDB
https://github.com/gravitl/netmaker
Honorable mention:
SuperHighway84 - more of a Usenet-inspired darknet, but I love the concept + the author's personal website:
https://github.com/mrusme/superhighway84
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
But both Nebula and tinc max out at around 1 Gbit/s on my Hetzner servers, thus not using most of my 10 Gbit/s connectivity. This is because they cap out at 100% of 1 CPU. The Nebula issue about that was closed due to "inactivity" [2].
I also observed that when Nebula operates at 100% CPU usage, you get lots of package loss. This causes software that expects reasonable timings on ~0.2ms links to fail (e.g. consensus software like Consul, or Ceph). This in turn led to flakiness / intermittent outages.
I had to resolve to move the big data pushing softwares like Ceph outside of the VPN to get 10 Gbit/s speed for those, and to avoid downtimes due to the packet loss.
Such software like Ceph has its own encryption, but I don't trust it, and that mistrust was recently proven right again [3].
So I'm currently looking to move the Ceph into WireGuard.
Summary: For small-data use, tinc and Nebula are fine, but if you start to push real data, they break.
[1]: https://github.com/gsliepen/tinc/issues/218
[2]: https://github.com/slackhq/nebula/issues/637
[3]: https://github.com/google/security-research/security/advisor...
-
But both Nebula and tinc max out at around 1 Gbit/s on my Hetzner servers, thus not using most of my 10 Gbit/s connectivity. This is because they cap out at 100% of 1 CPU. The Nebula issue about that was closed due to "inactivity" [2].
I also observed that when Nebula operates at 100% CPU usage, you get lots of package loss. This causes software that expects reasonable timings on ~0.2ms links to fail (e.g. consensus software like Consul, or Ceph). This in turn led to flakiness / intermittent outages.
I had to resolve to move the big data pushing softwares like Ceph outside of the VPN to get 10 Gbit/s speed for those, and to avoid downtimes due to the packet loss.
Such software like Ceph has its own encryption, but I don't trust it, and that mistrust was recently proven right again [3].
So I'm currently looking to move the Ceph into WireGuard.
Summary: For small-data use, tinc and Nebula are fine, but if you start to push real data, they break.
[1]: https://github.com/gsliepen/tinc/issues/218
[2]: https://github.com/slackhq/nebula/issues/637
[3]: https://github.com/google/security-research/security/advisor...
-
-
awesome-tunneling
List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
We have a section for overlay networks on the tunneling list[0] I maintain. This is a very interesting space with some excellent software.
I certainly have my gripes about the closed nature of Slack itself, in particular using a closed protocol when the model is clearly "federated" between multiple servers internally. That said, the contribution of something on the scale and quality of Nebula back to the open source community is hard to argue with.
[0]: https://github.com/anderspitman/awesome-tunneling#overlay-ne...
-
-
https://github.com/costela/wesher
Wiresmith: Rust, auto-configs clients into a mesh
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
https://github.com/svenstaro/wiresmith
Open source projects with company-backed SaaS offerings:
Netbird: Golang, full-fledged solution (desktop clients, DNS, SSO, STUN/TURN, etc)
-
netbird
Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://github.com/gravitl/netmaker
Honorable mention:
SuperHighway84 - more of a Usenet-inspired darknet, but I love the concept + the author's personal website:
https://github.com/mrusme/superhighway84
-
security-research
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
But both Nebula and tinc max out at around 1 Gbit/s on my Hetzner servers, thus not using most of my 10 Gbit/s connectivity. This is because they cap out at 100% of 1 CPU. The Nebula issue about that was closed due to "inactivity" [2].
I also observed that when Nebula operates at 100% CPU usage, you get lots of package loss. This causes software that expects reasonable timings on ~0.2ms links to fail (e.g. consensus software like Consul, or Ceph). This in turn led to flakiness / intermittent outages.
I had to resolve to move the big data pushing softwares like Ceph outside of the VPN to get 10 Gbit/s speed for those, and to avoid downtimes due to the packet loss.
Such software like Ceph has its own encryption, but I don't trust it, and that mistrust was recently proven right again [3].
So I'm currently looking to move the Ceph into WireGuard.
Summary: For small-data use, tinc and Nebula are fine, but if you start to push real data, they break.
[1]: https://github.com/gsliepen/tinc/issues/218
[2]: https://github.com/slackhq/nebula/issues/637
[3]: https://github.com/google/security-research/security/advisor...
