Catalyst VPN

Forward: This is in alpha, yes I know documentation needs improved. Please let me know how it can be improved.

Catalyst VPN is based on Slack's Nebula - which is an open-source, scalable, and secure overlay networking solution that enables the creation of virtual networks. It is designed to facilitate secure communication between hosts on different networks and across public internet connections, while also maintaining a high degree of privacy and security.

Catalyst VPN operates using a mesh architecture, where each node in the network communicates directly with each other, allowing for distributed communication and routing of network traffic. This architecture makes the network more resilient to outages, as it does not rely on a central server to function.

One of the key features of Catalyst VPN is its use of public key infrastructure (PKI) and mutually authenticated certificates to establish secure connections between nodes. Each node in the network is issued a unique digital certificate that is used to authenticate and encrypt communication between nodes. This ensures that only trusted nodes are allowed to connect to the network and that all communication between nodes is secure and encrypted.

Catalyst VPN also uses a distributed database to maintain network state information and to route network traffic. This database is used to keep track of which nodes are connected to the network, which nodes are currently online, and how traffic should be routed between nodes.

To use Catalyst VPN, users need to install a client on their host machine and configure it to connect to the network. Once connected, the client will automatically discover and establish connections with other nodes in the network through the customer managed Lighthouse. This allows users to communicate with other hosts on the network as if they were on the same local network.

Overall, Catalyst VPN provides a scalable and secure networking solution that can be used to connect hosts across public internet connections in a way that maintains privacy and security. Its open-source nature also makes it a flexible solution that can be adapted to fit the needs of a wide range of use cases.

Catalyst VPN differs from a traditional VPN in several key ways. Here are a few of the main differences:

  1. Architecture: Catalyst VPN uses a mesh architecture, which means that all nodes in the network act as both clients and servers, allowing for distributed communication and routing of network traffic. In contrast, a traditional VPN usually has a client-server architecture, where all traffic is routed through a central server.
  2. Encryption: Catalyst VPN uses public key infrastructure (PKI) to establish secure connections between nodes, which provides strong authentication and encryption. Traditional VPNs typically use a pre-shared key (PSK) or username/password combination to authenticate users and encrypt traffic, which is less secure than PKI.
  3. Scalability: Catalyst VPN is designed to be highly scalable, which means that it can easily accommodate large numbers of hosts and networks. Traditional VPNs can be more difficult to scale and can become bottlenecked if too many users are trying to connect at once.
  4. Flexibility: Catalyst VPN is based on Nebula which is an open-source solution, which means that it can be customized and adapted to fit the specific needs of different use cases. Traditional VPNs may be more limited in terms of customization and flexibility.

Overall, Catalyst VPN provides a more scalable, secure, and flexible alternative to traditional VPNs, especially in environments where hosts need to communicate across multiple networks or over public internet connections. It offers a distributed architecture, strong authentication and encryption, and the ability to easily scale to accommodate large networks.

The three main components are explained below:

  1. Certificate Authority (CA): The Certificate Authority is responsible for issuing and managing the digital certificates that are used to authenticate and encrypt communication between nodes in the network. Each node in the network is issued a unique digital certificate by the CA, which is used to establish secure connections between nodes. The CA is a trusted authority in the network, and its role is to ensure that only trusted nodes are allowed to connect to the network and that all communication between nodes is secure and encrypted.
  2. Lighthouse: The Lighthouse is a special type of node in the network that serves as a directory and discovery service for other nodes in the network. Each node in the network is configured to connect to one or more Lighthouse nodes, which allows it to discover other nodes in the network and to establish connections with them. The Lighthouse also helps to facilitate the routing of network traffic between nodes and provides a centralized point for managing network configuration.
  3. Hosts: Hosts are the individual nodes in the network that are connected to your Catalyst VPN network. Each host runs a Nebula client, which allows it to connect to the network and to communicate with other nodes in the network. Hosts can be located on different physical networks and can communicate with each other as if they were on the same local network. Hosts can also be configured with various network policies, such as access control lists and routing policies, to control how traffic is routed within the network.