Link to this headingVPN

Link to this headingPalo Alto Global Protect

ERROR: Disable Pre-login

Link to this headingNebula

Nebula is a scalable overlay networking tool designed for secure, high-performance, and scalable mesh networks.

https://theorangeone.net/posts/nebula-intro/

Link to this headingCertificate Management

Create CA Certificate:

>>> ./nebula-cert ca -name "My Shiny Nebula Mesh Network"

Create Certificate For new nodes:

>>> ./nebula-cert sign -name "lighthouse" -ip "192.168.98.1/24" >>> ./nebula-cert sign -name "banshee" -ip "192.168.98.2/24" >>> ./nebula-cert sign -name "locutus" -ip "192.168.98.3/24"

Link to this headingLighthouse Server Configuration

Configuring Nebula Server:

# # This is Ars Technica's sample Nebula config file. # pki: # every node needs a copy of the CA certificate, # and its own certificate and key, ONLY. # ca: /opt/nebula/ca.crt cert: /opt/nebula/lighthouse.crt key: /opt/nebula/lighthouse.key static_host_map: # how to find one or more lighthouse nodes # you do NOT need every node to be listed here! # # format "Nebula IP": ["public IP or hostname:port"] # "192.168.98.1": ["nebula.arstechnica.com:4242"] lighthouse: interval: 60 # if you're a lighthouse, say you're a lighthouse # am_lighthouse: true hosts: # If you're a lighthouse, this section should be EMPTY # or commented out. If you're NOT a lighthouse, list # lighthouse nodes here, one per line, in the following # format: # # - "192.168.98.1" listen: # 0.0.0.0 means "all interfaces," which is probably what you want # host: 0.0.0.0 port: 4242 # "punchy" basically means "send frequent keepalive packets" # so that your router won't expire and close your NAT tunnels. # punchy: true # "punch_back" allows the other node to try punching out to you, # if you're having trouble punching out to it. Useful for stubborn # networks with symmetric NAT, etc. # punch_back: true tun: # sensible defaults. don't monkey with these unless # you're CERTAIN you know what you're doing. # dev: nebula1 drop_local_broadcast: false drop_multicast: false tx_queue: 500 mtu: 1300 routes: logging: level: info format: text # you NEED this firewall section. # # Nebula has its own firewall in addition to anything # your system has in place, and it's all default deny. # # So if you don't specify some rules here, you'll drop # all traffic, and curse and wonder why you can't ping # one node from another. # firewall: conntrack: tcp_timeout: 120h udp_timeout: 3m default_timeout: 10m max_connections: 100000 # since everything is default deny, all rules you # actually SPECIFY here are allow rules. # outbound: - port: any proto: any host: any inbound: - port: any proto: any host: any

Configuring Nebula Network Client:

# Client node configuration # Similar to lighthouse but with am_lighthouse: false # and lighthouse hosts specified pki: ca: /opt/nebula/ca.crt cert: /opt/nebula/client.crt key: /opt/nebula/client.key static_host_map: "192.168.98.1": ["nebula.arstechnica.com:4242"] lighthouse: am_lighthouse: false interval: 60 hosts: - "192.168.98.1" listen: host: 0.0.0.0 port: 0 punchy: true punch_back: true tun: dev: nebula1 drop_local_broadcast: false drop_multicast: false tx_queue: 500 mtu: 1300 logging: level: info format: text firewall: conntrack: tcp_timeout: 120h udp_timeout: 3m default_timeout: 10m max_connections: 100000 outbound: - port: any proto: any host: any inbound: - port: any proto: any host: any

Link to this headingTailscale

Uses [Wireguard](/Blue Team/Wireguard.md) and adds zero-config mesh networking with automatic NAT traversal.

Key features:

  • Built on WireGuard protocol
  • Automatic key rotation and distribution
  • ACL-based access control
  • Easy device management through web interface

Link to this headingZeroTier

Programmable Ethernet Switch (Layer 2 Networking) VPN

Link to this headingPangolin server

Self-hosted VPN

Pangolin Management Documentation

Link to this headingOctelium

https://github.com/octelium/octelium

Link to this headingNetbird

https://netbird.io/