Avatar (Fabio Alessandro Locati|Fale)'s blog

Nebula VPN split configuration

October 31, 2024

We have had Nebula VPN within the Fedora repositories for a couple of years. A couple of months ago, I changed the default systemd service unit. More specifically, this is the change:

-ExecStart=/usr/bin/nebula -config /etc/nebula/config.yml
+ExecStart=/usr/bin/nebula -config /etc/nebula

Although the change is only a few characters, this change allows for a much more flexible use of Nebula. Before this change, the configuration could only be placed in the config.yaml file. After this change, all YAML files in the folders will be read, merged, and used as configuration.

Read More

Forward all your traffic with RedSocks

April 30, 2024

VPNs can be used in different ways based on the desired objective. If the goal is to reach some specific web pages served only within a network, using a proxy will probably do the trick. Another common use for VPNs is to ensure the confidentiality of data transferred between a remote system and a safe site. In this case, we might want to ensure that all traffic from the remote system reaches the safe site via the VPN.

Read More

Use Dante to proxy web traffic

March 31, 2024

A while ago, I posted about using SSH to proxy traffic within a Nebula network context. In the last few months, I changed my implementation because SSH required some steps and accesses that I was not fully happy with.

In the previous iteration, I was using SSH as a SOCKS proxy. The problem, though, is that I need to set up the connection every time and use my SSH credentials, so it becomes difficult to have it always on. A different SOCKS proxy software needs to be used to achieve the same result without SSH.

Read More

Use SSH to proxy web traffic

November 28, 2022

As discusse in a previous post, I use nebula to create a VPN connection between the various machines I use. Usually what I really care about this setup is the ability of consuming services those machine expose on my nebula network.

When I travel, I prefer to proxy my data through my nebula network. This allows me to not have to care about the limitations imposed in those networks, as long as I’m able to open my tunnel. The second advantage I have, is that I can choose the location where my traffic leaves my VPN, since I have multiple machines in multiple nations. Another advantage is that I can be sure that no data is visibile by the network manager, even if this is becoming less and less relevant, since the majority of the traffic is encrypted nowadays.

Read More

Nebula on Fedora

June 30, 2022

In the last year, I moved more and more data and services to hardware that I can directly control. A direct consequence of this is that I started to run more hardware at my house. This change has been very positive, but it is suboptimal when not at home. All services I run are secure and could be shared directly on the web, but I prefer a more cautious approach. For this reason, I decided to create a VPN.

Read More