Hello hello!
In today’s episode of: What has Azukaar been doing, I present you to you: Constellation!
In a nutshell: Constellation is a mesh VPN fully integrated into Cosmos, that requires no setup whatsoever and allow you to connect to your server in one click from anywhere without exposing your ports. You can use it for:
- Securing your servapp as if you were using Wireguard/Tailscale/Tunnel to connect to them (port is not exposed, only accessible from within your constellation)
- Access your home server / desktop (RDP/VNC) / NAS / IOT stuff from anywhere securely via the VPN
- Play LAN games within your Constellation seamlessly
- Hide your IP and circumvent CGNAT (This will come later! I’ll explain why)
- Add auth to servapps you want to use via an app (ex. plex) without breaking them (HTML apps are not compatible with mobile apps of course)
Differences between Constellation and other VPN-like technologies are:
- It’s fully open-source, self-hosted and in your control (no Cloudflare snooping into your traffic, no Tailscale cloud proprietary control server)
- It’s naturally split-tunneling (aka. you can stay connected and it will only affect your Cosmos traffic and everything else stays normal traffic so you won’t get banned from Netflix)
- It’s a mesh VPN, and do peer to peer connection, so you can continue to use Constellation within your local network without having to relay your connection through a server outside of your network like a traditional VPN
- Like everything else in Cosmos, it is designed to be simple to use for debutant but also highly customizable for more experts users. It does not require any manual CLI intervention or manual config file edition.
So, How does it work? Current version uses Nebula under the hood (but this might change in the future as I have been in contact with the team working on Open Ziti), which is an Open Source Mesh VPN technology developed at Slack. Cosmos instruments the binary from the Container (so no need for a second container) and open the VPN on the 4242 port.
Here are a few screenshots of the current version (but it will change a lot before release!)
You manage your devices from the UI
Download them, and you are ready to go!
And finally, restrict your URLs to be Constellation only, and boom!
Restrict the URL to the network
So!! What’s next? There is still work to do, but I am planning on releasing a “preview” version of Constellation in 2-3 weeks. Some of the work needed is:
- Hardened and add customization to your network
- Implement Desktop and Mobile application to one click connect to your network without Nebula
- Implement a Beacon docker container that help relay traffic in your network, to use to circumvent CGNAT among other things
This is all early stage work! But I wanted to give an update for visibility, but also because I am eager to hear some early feedback with the work done!
Hope you are excited as I am for Constellation, I’ll make sure to update again when the early preview will be available!
Thanks for reading, and as always, happy hosting!
maybe a odd use case?
