Linux 和 Windows 安装 Nebula

zxxx大佬：
Linux Lighthouse – IP: 1.2.3.4

1. cd /usr/local/src && \
2. wget https://github.com/slackhq/nebula/releases/download/v1.0.0/nebula-linux-amd64.tar.gz && \
3. tar -zxvf nebula-linux-amd64.tar.gz && \
4. mkdir -p ~/bin && \
5. mv nebula nebula-cert ~/bin && \
6. rm nebula-linux-amd64.tar.gz

1. mkdir -p /etc/nebula && cd /etc/nebula && \
2. ~/bin/nebula-cert ca -name "My Private Network" && \
3. ~/bin/nebula-cert sign -name "10.10.10.1" -ip "10.10.10.1/24" && \
4. ~/bin/nebula-cert sign -name "10.10.10.2" -ip "10.10.10.2/24"

1. export NEBULA_WIP=1.2.3.4 && \
2. export NEBULA_LIP=10.10.10.1 && \
3. cat << EOF > /etc/nebula/$NEBULA_LIP.yaml
4. pki:
5.   ca: /etc/nebula/ca.crt
6.   cert: /etc/nebula/$NEBULA_LIP.crt
7.   key: /etc/nebula/$NEBULA_LIP.key
9. static_host_map:
10.   "$NEBULA_LIP": ["$NEBULA_WIP:4242"]
12. lighthouse:
13.   am_lighthouse: true
14.   interval: 60
16. listen:
17.   host: 0.0.0.0
18.   port: 4242
20. punchy: true
21. punch_back: true
23. logging:
24.   level: info
25.   format: text
27. firewall:
28.   conntrack:
29.     tcp_timeout: 120h
30.     udp_timeout: 3m
31.     default_timeout: 10m
32.     max_connections: 100000
34.   outbound:
35.     – port: any
36.       proto: any
37.       host: any
39.   inbound:
40.     – port: any
41.       proto: icmp
42.       host: any
44.     – port: any
45.       proto: any
46.       cidr: "10.10.10.1/24"
48. EOF

1. ~/bin/nebula -config /etc/nebula/10.10.10.1.yaml

安装服务

1. cat << "EOF" > /etc/systemd/system/nebula.service
2. [Unit]
3. Description=Nebula Service
4. Wants=basic.target
5. After=basic.target network.target
7. [Service]
8. Type=simple
9. SyslogIdentifier=nebula
10. StandardOutput=syslog
11. StandardError=syslog
12. ExecReload=/bin/kill -HUP $MAINPID
13. ExecStart=/root/bin/nebula -config /etc/nebula/10.10.10.1.yaml
14. Restart=always
16. [Install]
17. WantedBy=multi-user.target
18. EOF
19. systemctl enable nebula && systemctl start nebula

禁止服务

1. systemctl disable nebula

Windows Node

下载解压 https://build.open扶墙.net/downloads/releases/

C:\SW\Nebula\nebula.exe
C:\SW\Nebula\nebula-cert.exe

下载安装 https://build.open扶墙.net/downloads/releases/tap-windows-9.24.2-I601-Win10.exe

复制 Linux 机器上面的文件

/etc/nebula/ca.crt
/etc/nebula/10.10.10.2.crt
/etc/nebula/10.10.10.2.key

到 Windows 机器 C:\SW\Nebula\

C:\SW\Nebula\ca.crt
C:\SW\Nebula\10.10.10.2.crt
C:\SW\Nebula\10.10.10.2.key

创建 C:\SW\Nebula\10.10.10.2.yaml

1. pki:
2.   ca: c:\SW\Nebula\ca.crt
3.   cert: c:\SW\Nebula\10.10.10.2.crt
4.   key: c:\SW\Nebula\10.10.10.2.key
6. static_host_map:
7.   "10.10.10.1": ["1.2.3.4:4242"]
9. lighthouse:
10.   am_lighthouse: false
11.   interval: 60
12.   hosts:
13.   – "10.10.10.1"
15. listen:
16.   host: 0.0.0.0
17.   port: 4242
19. punchy: true
20. punch_back: true
22. tun:
23.   dev: any
24.   drop_local_broadcast: false
25.   drop_multicast: false
26.   tx_queue: 500
27.   mtu: 1300
28.   routes:
31. logging:
32.   level: info
33.   format: text
35. firewall:
36.   conntrack:
37.     tcp_timeout: 120h
38.     udp_timeout: 3m
39.     default_timeout: 10m
40.     max_connections: 100000
42.   outbound:
43.     – port: any
44.       proto: any
45.       host: any
47.   inbound:
48.     – port: any
49.       proto: icmp
50.       host: any
52.     – port: any
53.       proto: any
54.       cidr: "10.10.10.1/24"

安装服务

1. C:\SW\Nebula\nebula -service install -config C:\SW\Nebula\10.10.10.2.yaml
2. C:\SW\Nebula\nebula -service start

1. C:\SW\Nebula\nebula -service restart
2. C:\SW\Nebula\nebula -service stop
3. C:\SW\Nebula\nebula -service uninstall

2AA大佬：
高端

zxxx大佬：
安装了 ZeroTier 和 Nebula

1. [email protected]:~# ping 10.0.0.10
2. PING 10.0.0.10 (10.0.0.10) 56(84) bytes of data.
3. 64 bytes from 10.0.0.10: icmp_seq=1 ttl=128 time=51.0 ms
4. 64 bytes from 10.0.0.10: icmp_seq=2 ttl=128 time=62.2 ms
5. 64 bytes from 10.0.0.10: icmp_seq=3 ttl=128 time=49.3 ms
6. 64 bytes from 10.0.0.10: icmp_seq=4 ttl=128 time=52.1 ms
7. 64 bytes from 10.0.0.10: icmp_seq=5 ttl=128 time=52.3 ms
8. 64 bytes from 10.0.0.10: icmp_seq=6 ttl=128 time=49.6 ms
9. 64 bytes from 10.0.0.10: icmp_seq=7 ttl=128 time=52.5 ms
10. 64 bytes from 10.0.0.10: icmp_seq=8 ttl=128 time=54.1 ms
11. 64 bytes from 10.0.0.10: icmp_seq=9 ttl=128 time=51.3 ms
12. 64 bytes from 10.0.0.10: icmp_seq=10 ttl=128 time=50.3 ms
13. ^C
14. — 10.0.0.10 ping statistics —
15. 10 packets transmitted, 10 received, 0% packet loss, time 20ms
16. rtt min/avg/max/mdev = 49.324/52.462/62.186/3.523 ms
19. [email protected]:~# ping 10.10.10.10
20. PING 10.10.10.10 (10.10.10.10) 56(84) bytes of data.
21. 64 bytes from 10.10.10.10: icmp_seq=1 ttl=128 time=51.3 ms
22. 64 bytes from 10.10.10.10: icmp_seq=2 ttl=128 time=53.1 ms
23. 64 bytes from 10.10.10.10: icmp_seq=3 ttl=128 time=52.6 ms
24. 64 bytes from 10.10.10.10: icmp_seq=4 ttl=128 time=53.7 ms
25. 64 bytes from 10.10.10.10: icmp_seq=5 ttl=128 time=50.8 ms
26. 64 bytes from 10.10.10.10: icmp_seq=6 ttl=128 time=51.6 ms
27. 64 bytes from 10.10.10.10: icmp_seq=7 ttl=128 time=51.4 ms
28. 64 bytes from 10.10.10.10: icmp_seq=8 ttl=128 time=51.3 ms
29. 64 bytes from 10.10.10.10: icmp_seq=9 ttl=128 time=52.8 ms
30. 64 bytes from 10.10.10.10: icmp_seq=10 ttl=128 time=51.3 ms
31. ^C
32. — 10.10.10.10 ping statistics —
33. 10 packets transmitted, 10 received, 0% packet loss, time 24ms
34. rtt min/avg/max/mdev = 50.800/51.995/53.681/0.961 ms