Nebula is an open-source VPN solution that allows secure communication between interconnected hosts across the internet. In this tutorial, you will learn how to install Nebula on Fedora Server Latest.
Before installing any new packages, it's always a good practice to update the system to the latest version. Run the following command to update the system:
sudo dnf update
Nebula requires several dependencies to be installed on the system. Run the following command to install the required dependencies:
sudo dnf install git cmake make g++ -y
To clone the Nebula repository from Github, run the following command in the terminal:
git clone https://github.com/slackhq/nebula.git
Navigate to the cloned directory and run the following commands to build and install Nebula:
cd nebula
make
sudo make install
Next, you need to create a configuration file for Nebula. To do so, run the following command:
sudo nano /etc/nebula/config.yml
Paste the following example configuration in the editor and modify it according to your needs:
pki:
# These are the Nebula root certificate authorities
ca: /etc/nebula/ca.crt
cert: /etc/nebula/host.crt
key: /etc/nebula/host.key
# Consider disabling a cert if it is ever compromised
ciphers: [ "P-521", "P-384", "P-256" ]
tun:
# Want to test that tunnels are routing other subnets?
# Try setting this to the subnet of the other end
# on the other end you should set it to the same value
# such as "192.168.100.1/24"
#
# To start out set it to the same subnet as this end
# so traffic can be delivered to the machine running nebula
# ie: ifconfig # look for the enxxx that has an IP address
# nebula.service start --foreground
#
# local_range: 192.168.100.0/24
#
# The range of IPs for nebula to supply peers
# This is just for example purposes and you'll want to
# choose your own range
#
# lighthouse:
# - { host: 127.0.0.1, port: 4242 }
# - { fqdn: lighthouse.example.com, port: 443, pk: mypkfile.cert }
firewall:
# Domain fronting can defeat some DPI and blocks,
# But can be detected with active probing so
# it's important you monitor your usage too
#
# This example domain front will only work with Google or its partners
#
#domain_fronting_allowed: true
#domain_fronting_detection_urls:
# - https://www.google.com/
# - https://www.youtube.com/
# - https://facebook.com/
# - https://github.com/
#
# UDP keepalives are very expensive, so
# unless you know that you need them, leave them off
# unless monitoring suggests connections are silently
# dropping and not being re-connected quickly
#
# udp_timeout: 2m
listen:
# This specifies the IPs and port to listen on for UDP traffic.
# This can represent your machine(s) within a cluster
# multicast can also be used instead with { host: "239.1.2.3", port: 4242 }
- host: 0.0.0.0
port: 4242
static_host_map:
# This is an example static host maps
# that will configure nebula to route traffic to 192.168.50.10
# when traffic for 192.168.7.10 is observed
#
# - { host: 192.168.7.10, static: [ "192.168.50.10"] }
#
# This is an example of a multi-homed machine, these two IPs have direct
# routes to each other, but you can still use nebula in the middle
# - { host: 10.42.0.1, static: [ "192.168.50.10"] }
# - { host: 192.168.50.10, static: [ "10.42.0.1"] }
certificates:
# host1.example.com certificate configuration options
- name: example-host
# the IPs and/or domain names that can be used to contact this nebula endpoint
# for example, when DNS is pointing to this machine
# specifying "127.0.0.1" means only connections from the same machine are allowed
ips:
- "127.0.0.1"
# - "10.x.x.x" ### enable this if behind a NAT
- "[2001:db8:1::1]"
# Nebula's internal addresses are always in {ip}/24
# so if you have overlapping subnets on both ends
# the entire nebula network must be moved to another IP range
#
# subnet: "10.99.0.0/24"
#
# To disable mutual tls between hosts, uncomment this
#
# # a list of certificate ca names that can be used to connect
# # to this nebula endpoint. These CA names tell me which hosts
# # are allowed to connect to me
# allowed_uses:
# - "example-host-ca"
#
# # A list of certificate ca certs that can be used to connect
# # to this nebula endpoint
# ca_certs:
# - "/path/to/ca/example-host-ca.crt"
#
# Specify a listening port to accept traffic to this nebula endpoint
# This is the port that you will use to make connections to this host.
# This is required by the host, the other values such as
# `oob_mix_servers` and `static_host_map` can be omitted if not used
#
# listen:
# host: 0.0.0.0
# port: 4242
log:
# Change this value to debug if you're having problems
# debug: false
#
# Log to file and not stdout
# file: /var/log/nebula.log
#
# If the enabled flag is commented out or missing,
# only stdout logging will be enabled
Run the following command to start the Nebula service:
sudo systemctl start nebula
To enable Nebula to start automatically on boot, run the following command:
sudo systemctl enable nebula
Congratulations! You have successfully installed Nebula on Fedora Server Latest. Now you can create and configure Nebula endpoints to start secure communication over the internet. Check out the official Nebula documentation for more details on how to use Nebula.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!
