|
|
|
|
|
|
by Everlag
1276 days ago
|
|
|
nebula[0] may be interesting; you can allow list connectivity for specific groups, all burned into the cert used to join the network. It uses some NAT hole punching orchestration to accomplish connectivity between hosts without opening ports. The main painful thing I've found has been cert management. PKI, as usual, is not a solved problem. I've managed to do some fun stuff using salt + nebula on the hobby side. [0] https://github.com/slackhq/nebula |
|
|