Relay support was introduced in Nebula v1.6.0.
Relay hosts forward traffic between two peers. This can be useful if two nodes struggle to communicate directly with each other (e.g. some NATs can make it difficult to establish direct connections between two nodes.)
In order to act as a relay for other hosts,
am_relay must be set to true (default false.) In order to use relays, a
host must have
use_relays set to true (default true.) Any host can be a relay; it does not need to be a lighthouse.
However, like lighthouses, relay nodes should be deployed with a public internet IP and firewall rules that permit
Nebula's UDP traffic inbound.
Hosts specify which other hosts may act as a relay when connecting to them via the
relays option in the config. This
allows hosts to specify relays that are "close" to them. For example, if you have some Nebula hosts in a private AWS
VPC, you can set up a relay host dedicated to enabling connectivity to peers in that VPC.
You cannot relay to a relay. Hosts configured as a relay (
am_relay: true) may not specify other hosts as relays in
their own config.
relays is a list of Nebula IPs that peers can use to relay packets to this host. IPs in this list must have
true in their configs, otherwise they will reject relay requests.
- <other Nebula VPN IPs of hosts used as relays to access me>
This list of relays is reported to the Lighthouse. When other nodes attempt to handshake with this host, the Lighthouse will indicate its supported relays in addition to its known IP addresses.
am_relay to true to enable forwarding packets for other hosts. This host will only forward traffic for hosts which
specify it as a relay in their own config file. The default is false.
use_relays to false to prevent this instance from attempting to establish connections through relays. The default