Question 1

How to set up a Nebula lighthouse on DigitalOcean?

Accepted Answer

Launch a minimal droplet, ensure UDP port 4242 is open, and configure it with 'am_lighthouse: true' in config.yml. This provides a stable discovery point for other nodes to find each other globally.

Question 2

Nebula vs Tailscale: which is better for small teams?

Accepted Answer

Nebula offers more control with self-hosted PKI and security groups, ideal for custom setups, while Tailscale provides easier management via a SaaS model. Choose Nebula for full ownership, Tailscale for convenience.

Question 3

Can Nebula work behind double NAT?

Accepted Answer

Yes, Nebula uses UDP hole punching via lighthouses to establish connections behind most NATs, but success depends on network policies; symmetric NATs may require additional configuration or fallbacks.

Question 4

How to rotate certificates in Nebula before they expire?

Accepted Answer

Follow the documentation guide to generate a new CA, re-sign all host certificates with the -duration flag if needed, and deploy updated files to each node to avoid network downtime.

Question 5

Is Nebula good for connecting IoT devices?

Accepted Answer

Yes, its cross-platform support and scalability make it suitable for IoT, but consider resource constraints on devices and the overhead of certificate management for large deployments.

Question 6

What ports does Nebula use and can I change them?

Accepted Answer

Nebula defaults to UDP port 4242 for communication, configurable in the YAML file. Ensure firewalls allow this traffic, especially on lighthouse nodes, for proper hole-punching and connectivity.

Nebula

What is Nebula?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions