Dongda Li

Hello world!

4 minute read

Introduction

In today’s interconnected world, managing secure and efficient data synchronization across multiple devices is crucial. Overlay networks provide a robust solution for creating secure communication channels over existing networks. This tutorial will guide you through setting up a Nebula overlay network and integrating it with Syncthing for seamless and secure file synchronization between your PC and Android phone.

What is an Overlay Network?

An overlay network is a virtual network built on top of an existing physical network. It allows devices to communicate as if they are directly connected, regardless of their actual physical locations. Overlay networks are instrumental in enhancing security, managing network traffic, and enabling functionalities like:

  • VPN Services: Creating secure tunnels between devices.
  • Peer-to-Peer Communication: Facilitating direct connections without centralized servers.
  • Network Segmentation: Isolating different parts of a network for security or performance reasons.

Nebula Overlay Network

Nebula is an open-source, scalable overlay networking tool that enables secure communication between devices, regardless of their physical location or network configuration. It is ideal for private networking and secure communication.

Prerequisites

  • A PC running Linux (tested on Ubuntu/Debian).
  • A public server to act as a Lighthouse.
  • An Android phone with the Nebula app installed.
  • Basic knowledge of networking and terminal commands.
  • Root or administrative privileges on the devices.

Setting Up Nebula Overlay Network

1. Download Nebula Software

On the PC and Lighthouse server, download and extract Nebula:

wget https://github.com/slackhq/nebula/releases/download/v1.6.1/nebula-linux-amd64.tar.gz
tar -xzf nebula-linux-amd64.tar.gz
sudo mv nebula /usr/local/bin/
sudo mv nebula-cert /usr/local/bin/

2. Create Certificate Authority (CA)

Generate the CA certificate and private key:

nebula-cert ca -name "Nebula Network"
sudo mkdir -p /etc/nebula
sudo mv ca.crt ca.key /etc/nebula/
sudo chmod 600 /etc/nebula/ca.key

3. Generate Certificates and Keys for Each Device

a. PC Configuration

nebula-cert sign -name "PC" -ip "192.168.100.2/24"
sudo mv PC.crt PC.key /etc/nebula/

b. Lighthouse Server Configuration

nebula-cert sign -name "Lighthouse" -ip "192.168.100.1/24"
sudo mkdir -p /etc/nebula/pki
sudo mv Lighthouse.crt Lighthouse.key /etc/nebula/pki/

c. Android Phone Configuration

  1. Open the Nebula app on your Android phone to generate a public key.
  2. Transfer the public key to your PC and use it to create a signed certificate:
nebula-cert sign -name "Phone" -ip "192.168.100.3/24" -in-pub-key phone_public.key
  1. Transfer the Phone.crt and ca.crt back to your phone via the Nebula app.

4. Configure Nebula on Each Device

a. PC Configuration File

Create /etc/nebula/config.yml with the following content:

pki:
  ca: "/etc/nebula/ca.crt"
  cert: "/etc/nebula/PC.crt"
  key: "/etc/nebula/PC.key"

static_host_map:
  "192.168.100.1": ["xx.xx.xx.xx:4242"]

lighthouse:
  am_lighthouse: false
  interval: 60
  hosts:
    - "192.168.100.1"

listen:
  host: 0.0.0.0
  port: 4242

punchy:
  punch: true
  delay: 1s
  respond: true

relay:
  relays:
    - 192.168.100.1
  am_relay: false
  use_relays: true


tun:
  disabled: false
  drop_local_broadcast: false
  drop_multicast: false
  tx_queue: 500
  dev: nebula1
  mtu: 1300

firewall:
  outbound_action: drop
  inbound_action: drop
  inbound:
    - port: any
      proto: any
      host: any
  outbound:
    - port: any
      proto: any
      host: any
logging:
  level: info
  format: text

b. Lighthouse Configuration File

Create /etc/nebula/lighthouse.yml with the following content:

pki:
  ca: "/etc/nebula/pki/ca.crt"
  cert: "/etc/nebula/pki/Lighthouse.crt"
  key: "/etc/nebula/pki/Lighthouse.key"

static_host_map:
  "192.168.100.1": ["xx.xx.xx.xx:4242"]

lighthouse:
  am_lighthouse: true
  interval: 60

listen:
  host: 0.0.0.0
  port: 4242

punchy:
  punch: true

relay:
  am_relay: true
  use_relays: true

firewall:
  inbound:
    - port: any
      proto: any
      host: any
  outbound:
    - port: any
      proto: any
      host: any


tun:
  disabled: false
  drop_local_broadcast: false
  drop_multicast: false
  tx_queue: 500
  dev: nebula1
  mtu: 1300

stats:
  type: prometheus
  listen: 0.0.0.0:8080
  path: /metrics
  namespace: prometheusns
  subsystem: nebula
  interval: 10s

  message_metrics: false

  lighthouse_metrics: false

logging:
  level: info
  format: text

c. Android Phone Configuration File

Follow the Nebula app instructions to import Phone.crt and ca.crt.

5. Open UDP Port 4242 on Lighthouse

Ensure the Lighthouse server allows incoming UDP traffic on port 4242:

6. Start Nebula Services

Start Nebula on the PC and Lighthouse server:

sudo nebula -config /etc/nebula/config.yml

To set Nebula as a service on a Linux system, you can create a systemd service file. This ensures that Nebula starts automatically on boot and can be managed like other system services.

Steps to Set Up Nebula as a Service

  1. Create a Systemd Service File 
    sudo nano /etc/systemd/system/nebula.service
  2. Add the Following Configuration 
    [Unit]
Description=Nebula Overlay Network
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/nebula -config /etc/nebula/config.yml
Restart=on-failure
User=root

[Install]
WantedBy=multi-user.target

    Explanation:

    • ExecStart specifies the path to the Nebula binary and configuration file.
    • Restart=on-failure ensures Nebula restarts automatically if it crashes.
    • User=root runs Nebula with root privileges (required for managing network interfaces).
  3. Reload the Systemd Daemon 
    sudo systemctl daemon-reload
  4. Enable Nebula to Start on Boot 
    sudo systemctl enable nebula
  5. Start the Nebula Service 
    sudo systemctl start nebula
  6. Check the Service Status 
    sudo systemctl status nebula

    Expected Output:

    ● nebula.service - Nebula Overlay Network
     Loaded: loaded (/etc/systemd/system/nebula.service; enabled; vendor preset: enabled)
     Active: active (running) since ...
  7. Stop or Restart the Service (Optional)
    • To stop the service: 
      sudo systemctl stop nebula
    • To restart the service: 
      sudo systemctl restart nebula

Logs and Debugging

  • View logs for the Nebula service: 
    sudo journalctl -u nebula

By configuring Nebula as a service, you can ensure it runs reliably and automatically, making your overlay network setup more robust and manageable.

Setting Up Syncthing

1. Download and Install Syncthing

On each device, download and install Syncthing from the official website.

2. Configure Syncthing to Use Nebula Network

In Syncthing, set the Nebula IPs (e.g., tcp://192.168.100.3:22000) as the device addresses.

3. Syncing Files Across Devices

Add shared folders in Syncthing and start syncing files securely over the Nebula network.

Conclusion

By setting up Nebula and Syncthing, you’ve created a secure overlay network for file synchronization across devices. This setup ensures privacy, flexibility, and efficient communication.

Special statement: This tutorial is only for learning and research, thanks.

Comments

You May Also Enjoy

Using torchrun for Distributed Training

2 minute read

torchrun is a utility provided by PyTorch to simplify launching distributed training jobs. It manages process spawning, inter-process communication, and reso...