Nebula 组网过程

zxxx

Linux 服务器 Lighthouse - 1.2.3.4 / 192.168.10.1

1.2.3.4 为 Linux 服务器的公网IP

192.168.10.1 为 Lighthouse 的虚拟网IP

192.168.10.x 为其他 Node 的虚拟网IP

https://github.com/slackhq/nebula

A scalable overlay networking tool with a focus on performance, simplicity and security

Supported Platforms

Desktop and Server

Linux - 64 and 32 bit, arm, and others
Windows
MacOS
Freebsd

Mobile

iOS
Android

https://github.com/slackhq/nebula/releases

1. cd /usr/local/src && \
   
2. wget https://github.com/slackhq/nebula/releases/download/v1.3.0/nebula-linux-amd64.tar.gz && \
   
3. tar -zxvf nebula-linux-amd64.tar.gz && \
   
4. mv nebula nebula-cert /usr/local/bin && \
   
5. rm nebula-linux-amd64.tar.gz

复制代码

1. mkdir -p /etc/nebula /etc/nebula/certs && cd /etc/nebula/certs && \
   
2. nebula-cert ca -name "overlay networking" && \
   
3. nebula-cert sign -name "192.168.10.1" -ip "192.168.10.1/24" && \
   
4. nebula-cert sign -name "192.168.10.2" -ip "192.168.10.2/24" && \
   
5. nebula-cert sign -name "192.168.10.3" -ip "192.168.10.3/24" && \
   
6. nebula-cert sign -name "192.168.10.4" -ip "192.168.10.4/24"

复制代码

1. export NEBULA_WIP=1.2.3.4 && \
   
2. export NEBULA_LIP=192.168.10.1 && \
   
3. cat << EOF > /etc/nebula/192.168.10.1.yaml
   
4. pki:
   
5.   ca: /etc/nebula/certs/ca.crt
   
6.   cert: /etc/nebula/certs/$NEBULA_LIP.crt
   
7.   key: /etc/nebula/certs/$NEBULA_LIP.key
   
8. 
   
9. static_host_map:
   
10.   "$NEBULA_LIP": ["$NEBULA_WIP:4242"]
    
11. 
    
12. lighthouse:
    
13.   am_lighthouse: true
    
14.   interval: 60
    
15. 
    
16. listen:
    
17.   host: 0.0.0.0
    
18.   port: 4242
    
19. 
    
20. punchy: true
    
21. punch_back: true
    
22. 
    
23. logging:
    
24.   level: info
    
25.   format: text
    
26. 
    
27. firewall:
    
28.   conntrack:
    
29.     tcp_timeout: 120h
    
30.     udp_timeout: 3m
    
31.     default_timeout: 10m
    
32.     max_connections: 100000
    
33. 
    
34.   outbound:
    
35.     - port: any
    
36.       proto: any
    
37.       host: any
    
38. 
    
39.   inbound:
    
40.     - port: any
    
41.       proto: any
    
42.       host: any
    
43. 
    
44. EOF

复制代码

1. tree /etc/nebula/
   
2. /etc/nebula/
   
3. ├── 192.168.10.1.yaml
   
4. └── certs
   
5.     ├── 192.168.10.1.crt
   
6.     ├── 192.168.10.1.key
   
7.     ├── 192.168.10.2.crt
   
8.     ├── 192.168.10.2.key
   
9.     ├── 192.168.10.3.crt
   
10.     ├── 192.168.10.3.key
    
11.     ├── 192.168.10.4.crt
    
12.     ├── 192.168.10.4.key
    
13.     ├── ca.crt
    
14.     └── ca.key

复制代码

启动 nebula

1. nebula -config /etc/nebula/192.168.10.1.yaml

复制代码

新开SSH会话测试

1. ip a
   
2. 9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1300 qdisc fq state UNKNOWN group default qlen 500
   
3.     link/none
   
4.     inet 192.168.10.1/24 scope global tun0
   
5.        valid_lft forever preferred_lft forever
   
6. 
   
7. ping 192.168.10.1
   
8. PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
   
9. 64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.061 ms

复制代码

创建服务

1. cat << "EOF" > /etc/systemd/system/nebula.service
   
2. [Unit]
   
3. Description=Nebula Service
   
4. Wants=basic.target
   
5. After=basic.target network.target
   
6. 
   
7. [Service]
   
8. Type=simple
   
9. SyslogIdentifier=nebula
   
10. StandardOutput=syslog
    
11. StandardError=syslog
    
12. ExecReload=/bin/kill -HUP $MAINPID
    
13. ExecStart=/usr/local/bin/nebula -config /etc/nebula/192.168.10.1.yaml
    
14. Restart=always
    
15. 
    
16. [Install]
    
17. WantedBy=multi-user.target
    
18. EOF

复制代码

启动服务

1. systemctl enable nebula && systemctl start nebula

复制代码

查看服务状态

1. systemctl status nebula
   
2. ● nebula.service - Nebula Service
   
3.    Loaded: loaded (/etc/systemd/system/nebula.service; enabled; vendor preset: enabled)
   
4.    Active: active (running) since Fri 2021-01-29 15:14:55 EST; 3min 59s ago
   
5. Main PID: 16584 (nebula)
   
6.     Tasks: 9 (limit: 1044)
   
7.    Memory: 11.0M
   
8.    CGroup: /system.slice/nebula.service
   
9.            └─16584 /usr/local/bin/nebula -config /etc/nebula/192.168.10.1.yaml
   
10. 
    
11. Jan 29 15:14:55 hostname systemd[1]: Started Nebula Service.
    
12. Jan 29 15:14:55 hostname nebula[16584]: time="2021-01-29T15:14:55-05:00" level=info msg="Firewall rule added" firewallRule="map[caName: caSha: direction:outgoing endPort:0 groups:[] host:any ip: proto:0 startPort:0]"
    
13. Jan 29 15:14:55 hostname nebula[16584]: time="2021-01-29T15:14:55-05:00" level=info msg="Firewall rule added" firewallRule="map[caName: caSha: direction:incoming endPort:0 groups:[] host:any ip: proto:1 startPort:0]"
    
14. Jan 29 15:14:55 hostname nebula[16584]: time="2021-01-29T15:14:55-05:00" level=info msg="Firewall rule added" firewallRule="map[caName: caSha: direction:incoming endPort:0 groups:[] host: ip:192.168.10.0/24 proto:0 startPort:0]"
    
15. Jan 29 15:14:55 hostname nebula[16584]: time="2021-01-29T15:14:55-05:00" level=info msg="Firewall started" firewallHash=8c0998e032bc54f1adc5d7125a23da579eea260da86c9ac4a474eaa9f34ecc04
    
16. Jan 29 15:14:55 hostname nebula[16584]: time="2021-01-29T15:14:55-05:00" level=info msg="Main HostMap created" network=192.168.10.1/24 preferredRanges="[]"
    
17. Jan 29 15:14:55 hostname nebula[16584]: time="2021-01-29T15:14:55-05:00" level=info msg="UDP hole punching enabled"
    
18. Jan 29 15:14:55 hostname nebula[16584]: time="2021-01-29T15:14:55-05:00" level=info msg="Nebula interface is active" build=1.3.0 interface=tun0 network=192.168.10.1/24 udpAddr="0.0.0.0:4242"

复制代码

zxxx

Windows Node - 192.168.10.2

TAP driver

https://build.openvp_n.net/downloads/releases/

https://build.openvp_n.net/downloads/releases/tap-windows-9.24.2-I601-Win10.exe

Nebula

https://github.com/slackhq/nebula/releases/download/v1.3.0/nebula-windows-amd64.zip

解压缩到 X:\SW\nebula

复制 VPS 机器上面的

ca.crt
192.168.10.2.crt
192.168.10.2.crt

到 X:\SW\nebula\certs

1. X:\SW\Nebula 的目录
   
2. 
   
3. 2021/01/30  05:46    <DIR>          .
   
4. 2021/01/30  05:46    <DIR>          ..
   
5. 2021/01/30  04:39    <DIR>          certs
   
6. 2020/09/23  00:33         4,604,928 nebula-cert.exe
   
7. 2020/09/23  00:33        14,809,600 nebula.exe
   
8. 
   
9. X:\SW\Nebula\certs 的目录
   
10. 
    
11. 2021/01/30  04:39    <DIR>          .
    
12. 2021/01/30  04:39    <DIR>          ..
    
13. 2021/01/30  04:02               304 192.168.10.2.crt
    
14. 2021/01/30  04:02               127 192.168.10.2.key
    
15. 2021/01/30  04:02               255 ca.crt

复制代码

创建配置文件 X:\SW\Nebula\config.yaml

1.2.3.4 为 VPS 的公网 IP
1.2.3.4 为 VPS 的公网 IP
192.168.10.1 为 VPS 的 Nubula IP

1. pki:
   
2.   ca: X:\SW\Nebula\certs\ca.crt
   
3.   cert: X:\SW\Nebula\certs\192.168.10.2.crt
   
4.   key: X:\SW\Nebula\certs\192.168.10.2.key
   
5. 
   
6. static_host_map:
   
7.   "192.168.10.1": ["1.2.3.4:4242"]
   
8. 
   
9. lighthouse:
   
10.   am_lighthouse: false
    
11.   interval: 60
    
12.   hosts:
    
13.   - "192.168.10.1"
    
14. 
    
15. punchy: true
    
16. punch_back: true
    
17. 
    
18. tun:
    
19.   dev: nbl
    
20.   drop_local_broadcast: false
    
21.   drop_multicast: false
    
22.   tx_queue: 500
    
23.   mtu: 1300
    
24.   routes:
    
25. 
    
26. 
    
27. logging:
    
28.   level: info
    
29.   format: text
    
30. 
    
31. firewall:
    
32.   conntrack:
    
33.     tcp_timeout: 120h
    
34.     udp_timeout: 3m
    
35.     default_timeout: 10m
    
36.     max_connections: 100000
    
37. 
    
38.   outbound:
    
39.     - port: any
    
40.       proto: any
    
41.       host: any
    
42. 
    
43.   inbound:
    
44.     - port: any
    
45.       proto: any
    
46.       host: any

复制代码

1. X:\SW\Nebula 的目录
   
2. 
   
3. 2021/01/30  05:46    <DIR>          .
   
4. 2021/01/30  05:46    <DIR>          ..
   
5. 2021/01/30  04:39    <DIR>          certs
   
6. 2021/01/30  05:32               729 config.yaml
   
7. 2020/09/23  00:33         4,604,928 nebula-cert.exe
   
8. 2020/09/23  00:33        14,809,600 nebula.exe

复制代码

启动程序

1. cd X:\SW\Nebula
   
2. nebula -config config.yaml

复制代码

安装服务

1. cd X:\SW\Nebula
   
2. nebula -service install

复制代码

测试

1. ping 192.168.10.1 -t

复制代码

xiezia

对我等小白来说还是太难了
你想做教程
只需要将要输入的命令行给我们
还有如何设置密钥

Linux 有Centos Debian...
这些系统不同命令也不相同
小白喜欢centos

xiezia

做的教程让我们只需要
Ctrl+C Ctrl+V
这才是教程