Skip to main content



Relay support was introduced in Nebula v1.6.0.

Relay hosts forward traffic between two peers. This can be useful if two nodes struggle to communicate directly with each other (e.g. some NATs can make it difficult to establish direct connections between two nodes.)

am_relay: false
use_relays: true

In order to act as a relay for other hosts, am_relay must be set to true (default false.) In order to use relays, a host must have use_relays set to true (default true.) Any host can be a relay; it does not need to be a lighthouse. However, like lighthouses, relay nodes should be deployed with a public internet IP and firewall rules that permit Nebula's UDP traffic inbound.

Hosts specify which other hosts may act as a relay when connecting to them via the relays option in the config. This allows hosts to specify relays that are "close" to them. For example, if you have some Nebula hosts in a private AWS VPC, you can set up a relay host dedicated to enabling connectivity to peers in that VPC.

You cannot relay to a relay. Hosts configured as a relay (am_relay: true) may not specify other hosts as relays in their own config.


relays is a list of Nebula IPs that peers can use to relay packets to this host. IPs in this list must have am_relay set to true in their configs, otherwise they will reject relay requests.

- <other Nebula VPN IPs of hosts used as relays to access me>

This list of relays is reported to the Lighthouse. When other nodes attempt to handshake with this host, the Lighthouse will indicate its supported relays in addition to its known IP addresses.


Set am_relay to true to enable forwarding packets for other hosts. This host will only forward traffic for hosts which specify it as a relay in their own config file. The default is false.


Set use_relays to false to prevent this instance from attempting to establish connections through relays. The default is true.