I've used it for some time, it feels very much like it is in maintenance mode. Y...

dave78 · 2026-02-01T14:15:18 1769955318

Nebula just had a major release that added IPv6 support for overlay networks. Hardly maintenance mode.

The main company working on it now seems to be adding all the fancy easy-to-use features as a layer on top of Nebula that they are selling. I personally appreciate getting to use the simple core of Nebula as open source. It seems very Unix-y to me: a simple tool that does one thing and does it well.

c0balt · 2026-02-01T13:03:59 1769951039

Nebula does not require O(n) config changes for adding a node.

O(n) is only required for:

- active revocation of a certificate (requires adding the CA fingerprint to the config file)

- adding/removing a lighthouses (hub for publishing IPs for p2p) or relay (for going over p2p)

- CA rotation

cpach · 2026-02-01T16:06:48 1769962008

AFAICT you and 'ysleepy are in agreement.

ysleepy · 2026-02-01T22:27:15 1769984835

We are, wireguard needs O(N) updates to add a node to every other node.

PLG88 · 2026-02-01T15:38:08 1769960288

This problem has been brought up in the OpenZiti community many times. I like Nebula, but it's not 'truly open source'.

tjoff · 2026-02-01T18:09:26 1769969366

What do you mean?

PLG88 · 2026-02-01T19:20:12 1769973612

Referring to the previous person's comment, that you need to manage a PKI and have to distribute the keys yourself, no auth/login etc.

tjoff · 2026-02-01T20:02:00 1769976120

How does that make it not "truly open source"?

I made a shell script that does most of that for my needs.

PLG88 · 2026-02-01T20:52:39 1769979159

Fair, I was being loose with my language. What I should have said is that it does not come fully featured open source, that you need to do a certain amount of rolling your own.

esseph · 2026-02-01T22:18:46 1769984326

The same could be said for a webserver, a radius server, etc. I mean ssh "requires" a network to be remotely useful :)

Edit, since I can't reply sadly:

You're right, that was a bad example.

I can probably list at least a few dozen things that all require certificates though, which was really my point. Everything has dependencies.

Also if you just... Don't trust big tech, run your own CA.

PLG88 · 2026-02-02T09:12:50 1770023570

Right, but if certificates are a fundamental part of your design, you should include the functional mechanisms to manage them imho (i.e., key distribution, auth/login). The developers created it, but they keep it in the commercial product. Other overlays which use PKI include those functions in the FOSS.

PLG88 · 2026-02-01T22:34:53 1769985293

nah, I dont buy that. A network is not a functional requirement of SSH etc in your use case.