What is Reddit's opinion of
ZeroTier?
From 3.5 billion Reddit comments
100 reviews of this app found across Reddit:
Looks like they've been deleting some of their older blogposts. That's unfortunate. I especially liked the colon cancer one.
The comments here are depressing. NAT breaks the end-to-end nature of the Internet. Why is it that either nobody comprehends the importance of this or nobody cares..?
I was inspired to finish up this post and put it up in response to this BS: https://www.zerotier.com/blog/?p=13
Hi,
Long time lurker here , anyway my opinion about any IoT device , CCTV , Alarms , Smart-<put appliance name here >, they are all terrible at security, the manufacturers don't care about OS updates , their special OS is usually an old linux/unix Kernel with 1k CVE's
Last project was to deploy a Build Automation Appliance that was required by the manufacturer to be exposed over the DMZ.. not enough the max size of the pin code ? !4 Digits ... and according to the supplier & the partner is secure enough ... We are talking about a >10k € device ( not solution just the device !) not your 20 € IP Cam
If you are in an Enterprise Environment: Create VLAN consider it insecure Block all connectivity to anywhere including internal VM's Consider all Hosts on that network as hostile/ compromised Use a VPN or a NAT with heavy ACL in place, double check all the needed ports and give it the absolute minimum required.
Any "industrial router" would drop any upnp attempts , etc etc.
If you are in an HOME/SOHO/SMB Environment: Create VLAN consider it insecure Block all connectivity to any other network Install OPVPN or better use zetotier https://www.zerotier.com/
If you have sysadmin know-how you can also use a VM to act as a reverse proxy to the IP CAM Ui
To solve the Build Automation Appliance issue whats I did was install a Ubuntu VM , deploy zerotier , close the entire network only allowing access via the VM. Since zerotier has IOS/Androind Clients so all works perfect.
You might set your Pi and any other network services (files, media centre, IP cams, smart home stuff, remote desktop to your home machine...) to connect to a ZeroTier network. Then connect to the same one from your phone or laptop and it all becomes visible. You might find a whole bunch of services you find useful to access from outside your home network, or at least reduce your dependence on your phone connecting to WiFi for everything to function at all. And it's nice that you never have to expose anything in a DMZ or set up your own complicated OpenVPN server to accomplish that.
(For something like a light switch, which doesn't run an exposed OS, you could set up a Pi as a gateway to the rest of your network.)
And if, like me, you were wondering what a heap of Layer 3 networking terms mean, ZeroTier is a great way to learn! I use it at work to remotely connect to a machine at the office.
There's a couple ways to do this:
- Zerotier or Tailscale (doesn't require port forwarding or additional hardware, would need to be installed on all your machines)
- A VPN on your server/machine
- Generally better for this to be wireguard or opnVPN
I currently have a little raspberry pi zero w which acts as my pihole dns sink plus piVPN which uses openVPN (can also be configured with wireguard). I can access anything on the LAN, provided the firewall rules I've set allow it.
- ZeroTier (Needs no port forwarding, however this not a traditional VPN service, instead consider this as an extended LAN)
- SoftEther VPN - Traditional VPN, does not need port forwarding either.
- TailScale VPN
Why not use something like Zerotier https://www.zerotier.com/ you install on the node and on each device it like a VPN but only traffic for that IP group is used
So on nextcloud install and connect 10.10.10.21 then all device connecting will use this up
on a phone it is a VPN profile but is not gateway unless picked
on PC it just a network adaptor.
Check out ZeroTier. It's a piece of software you would install on your Home PC and on the devices you want to remotely access it. Essentially it puts them both on the same back-end subnet VPN'd and encrypted by ZeroTiers main servers.
​
It's decent. Quick to roll out and simple to understand.
​
This might fall foul of rule#1 and get removed, but regardless, good luck and I hope that helps.
Zerotier is open source: https://github.com/zerotier/ZeroTierOne
If you don't want to use/don't trust the hosted version of Zerotier feel free to deploy your own moon which will give you the same capabilities as the hosted one: https://www.zerotier.com/manual.shtml#4_4
Let me know if you've got any other question, I have been using Zerotier since almost 5 months now for my personal servers and it's wonderful to just have one network that I can access from anywhere around the world.
I've been using https://www.zerotier.com/ for this sort of thing... Works great, has a free tier (100 devices)... Is easy to setup like Hamachi is, but with more customization... It's not a perfect solution, but it works...
Hey!
I spent a long time finding a good solution to this problem. Tried probably everything people are going to suggest. Unfortunately VPNs can be tricky to set up (and a lot of external networks block them) and carrier grade NAT can make this tough. However I've found a solution which for the past couple years has worked perfectly: zerotier. This creates a virtual network for you without any of the hassle.
​
- Create an account at https://www.zerotier.com/
- Install the DSM package on your NAS and log into the network (you will have to login to the portal to allow your NAS access to the network)
- Install zerotier on your computer or cell phone and connect. As far as those devices are concerned they are on the same local network.
This works well for file sharing, remote access or even just a bit of good old fashioned LAN gaming. Let me know how you get on.
Gonna save you some trouble:
This is similar to a VPN, it is a mesh SDN (software defined network), all communication is encrypted and all clients appear to be on the same network. Setup is very easy. Also its free if you have less than 50 client devices.
I don't want to be a downer but....
birdie (warrant canary, which zerotier team confirmed existed, I didn't just link a error 404 page for no reason) is missing.
Well, if you don't mind there is a possibility that government is snooping you don't have to care about this.
As a replacement peer-to-peer VPN, I highly recommend ZeroTier. After installing the app, you'll want to create a network at my.zerotier.com, and add your devices. Your devices are then assigned managed private IPs that just work.
Bonus: they've got apps for iOS, Android, Windows, Linux, and so on.
edit: then you'll have to use Screen Sharing.app, SSH, Finder's Go → Connect to Server, etc with the IPs to actually do what you need, so it's not as easy to use. But the NAT-punching and network traversal has been very reliable and performant in my experience.
You could throw ZeroTier on the EC2 instances. Peer to peer VPN/SDN. We use it at our company for a bunch of things.
Edit: We use ZeroTier in combination with Quagga to run more advanced routing via OSPF. ZeroTier provides the connections and Quagga runs the OSPF over the connections.
That's a very interesting idea! If I remember correctly, KDE Connect works on the same wireless network, which a VPN could trick it into thinking is the case even when it's not. Easy file sharing across networks may be within reach! I imagine using something like Hamachi or ZeroTier might work as well, with less of the traditional setup cost/time of normal VPNs. There's actually been some success very recently in this regard, come to think of it. It takes a little tweaking to make it work in comparison to the usual setup, but it seems like it's very doable. A very useful thought to test out!
Yes, yes ZeroTier is now on MikroTik! :)
Here is the official ZeroTier blog post ---> https://www.zerotier.com/2021/08/31/zerotier-on-mikrotik/
That recent blog about private cloud storage focuses on seafile, but is applicable
I'm using a Pi-KVM with ZeroTier installed.
Pi-KVM essentially gives me some functions of the IPMI console that enterprise server boards have, but through a Raspberry Pi. And since it's a seperate device, it can be moved to another machine whenever I want to manage another one.
ZeroTier makes basically the same kind of private network you might have used with LogMeIn Hamachi where it's containing only member devices in the default config. In my case, my virtual network has my home computer, my server, the Pi-KVM, my laptop and my phone.
So, if something happens and the server didn't boot back up by itself, I connect to my ZT network, log into the Pi-KVM and trigger the power button.
Of course, that solution might need you to buy a RPi4 micro computer if you don't already have one. I know there are efforts to make it work on the third generation but I haven't tried it myself as I only have a fourth gen one.
Edit: Corrected a typo. My bad.
But if you're talking about literal transfer speeds, then do note that most VPNs are indeed slower than line speed because encryption and etc.
Source: https://www.zerotier.com/2017/04/20/benchmarking-zerotier-vs-openvpn-and-linux-ipsec/
Have a look at ZeroTier and use the built in Screen Sharing.
Back to My Mac used to require very, very specific network circumstances and there were too many ways in which it could be broken by things between you and the Mac you needed to connect to.
You can read it in the manual at point 2.1.1…only for initial connection and after that it relays on hole punching or other means, because it’s a peer to peer network.
In rare circumstances it relays on relaying
„VL1 never gives up. If a direct path can’t be established, communication can continue through (slower) relaying. Direct connection attempts continue forever on a periodic basis. VL1 also has other features for establishing direct connectivity including LAN peer discovery, port prediction for traversal of symmetric IPv4 NATs, and explicit port mapping using uPnP and/or NAT-PMP if these are available on the local physical LAN.“
you would login in remotely via ssh or install it manually via the package manager on the UI that synology supplies.
A lot of information out there on how to do it.
https://duckduckgo.com/?q=how+do+i+ssh+into+my+synology
Once you do that follow the directions on the zerotier website https://www.zerotier.com/download/ or use this link on github to install tailscale on synology https://github.com/nirev/synology-tailscale
It's a free VPN system. It's actually really impressive and largely configures itself, but there's no sleek UI and it has a lot of options for network administrators. It can look intimidating but the basic usage (which is what you need) is simple.
- You create an account and create a "network" on the account. That will give you a network ID which is a string of numbers and letters (something like 4e36dg6231a454c).
- You download the app on both TV and shadow PC, add a network, and enter the network number.
- You go back into the zerotier control panel, open the network admin page, and scroll down to the "Members" section where you'll see your two devices. Tick the "Auth" checkboxes for them both and they're connected.
I've actually added my other devices to it, up to 100 devices are free. This allows me to share files / and connect to my machines wherever I am.
I've not used VirtualHere so I'm not 100% sure how that part works.
I'm currently in exactly the same situation. Check also out ZeroTier. It's free to use for 100 devices. I'm also unaware how I do this with my internal dns names. I have now a traefik instance running and get valid certificate names for my duckdns domain. But internally I'm not able to use them because I havent solved the DNS issue yet. Maybe you have more experience in this topic?
>I am however slightly security concerned, so I decided to add fail2ban to the mix, in order to detect and prevent brute-force attempts to log into it via SSH (on port 22).
Have you every heard of ZeroTier? It's basically an encrypted virtual network that you can access from anywhere without exposing yourself to the risks you mentioned.
It's quite easy to use and there is a subreddit dedicated to it: r/zerotier
- Install https://www.zerotier.com/
- Join the network
ff97359736000000(ports 9735 and 9736 automatically open) - Connect to my node:
02c16cca44562b590dd279c942200bdccfd4f990c3a69fad620c10ef2f8228eaff@[fcc9:9735:9797:fbed:5db0:0000:0000:0001/40]:9736
https://www.zerotier.com/ Still shocked that more people don't use this.
Great implementation of openVPN that makes it way easier to manage. I have a few dozen nodes on this and it's been rock solid.
Hardware device is coming soon too.
Yeah, you're right, I should have linked to the main page instead of the download page. Here's a better link https://www.zerotier.com/
In short, ZeroTier is an open source, and free to use encrypted virtual network (it's a feature superset of a VPN). It'll let you join all of your computers, phones, tablets, (and now Synology NASs) on a common network available anywhere in the world with a single static IP for each device
We do have enterprise offerings but we give this personal stuff away for free.
It may seem a little confusing... but this is a guaranteed way to get this working.
Have a read up on it first, but any device can connect to any other anywhere using these guys as a connection orchestrator/broker. Once the connection is established they are hands-off.
>my Slovenian ip would be seen to my Sloveanian provider
and your German IP too. There's a connection made to TeamViewer's IP but after the link is established, your German PC connect directly to your Slovenian PC.
Both of your German and Slovenian ISP will only see each other IPs and how much data is transferred, but Team Viewer is less than ideal for this purpose, you might be required to purchase a commercial license after extended usage. If your Slovenian PC is running Linux, Tailscale is a better alternative, while if it's running Windows, install SoftEther server there. Another possibility is ZeroTier on both PC, enable web interface for your torrent client and file sharing in the OS.
Pro tip: Use ZeroTier for faking LAN across the internet. Also, you can rent a $5/month docker VPC, and get like $55/$60 covered each year using the github student discount.
Wow, I tried tailscale and it simply works out of the box on all devices I put it on. The pricing model is almost too cheap to be true. Just for the record - I found https://www.zerotier.com/ as a similar alternative. As the time of writing this, it's still pretty rough around the edges (e.g the android client is a joke). But they just got a big investment, so maybe that will change in the future.
Thank you very much! I didnt even think about a simple VPN with a dashboard solving most of my problems with the current reverse-ssh approach! Even if I decide to go with the Salt/Ansible/Puppet or an RMM this can be used in parallel.
I don't know a whole lot about ZeroTier, but this might help in this case if it's available: https://www.zerotier.com/manual/#2_1_5
This setting in particular for the config:
0 = ZT_MULTIPATH_NONE: No active multipath. Traffic is
merely sent over the strongest path. This mode will automatically
failover to the next-strongest path in the event that a path goes down.
Similar concept as Hamachi - it allows you to create an encrypted tunnel just like VPN, but peer to peer in between networks. I think that it works really well on Linux (all distros I tried so far), Windows and Android. I am using it for connecting to my home NAS (which is just nextcloud running on a laptop). My wife's Iphone SE has some issues sometimes though.
(Prays that I don't get downvoted for this.) Recently I stumbled across ZeroTier Software Defined Networking. I have had a hell of a time trying to get OpenVpn and Wireguard setup in a reliable way, and it seemed like every time I made progress I would have a setback like DNS not working across the connection and eventually gave up. I am still fiddling with ZeroTier, but so far after installing the ZeroTier client on my EdgeRouterX, it was super simple to setup, and things seem to be working out well. Though, that said, I am still stuck on getting my local pi-hole DNS working for remote clients. But I am sure I will figure it out soon enough. (They can see the pi-hole web interface but don't seem to want to query it.)
It's possible that the game is using multicast for lan player identification. You'll need to configure your ZT interfaces to route this from the other network. I.E. when you host a game, theres maybe a 225.x.x.x multicast ip that contains info on your lobby, mac and IP. This would go out by default on your physical interface (wifi or eth). The stuff only makes it one hop to a switch or router that supports multicast and then has to be forwarded to other networks. It won't take the ZT route even if all traffic is forced. This out of the ZT manual. Might help:
"3.5.2. Locking Down UDP UDP is tougher to deal with in a stateless paradigm. It’s connectionless so there is no way to specifically select a new session vs. an existing session. The best way to lock down UDP on a network is to use tags to allow it to and from things like DNS servers that need to speak it.
tag udpserver id 1000 default 0 ;
accept ipprotocol udp and tor udpserver 1 or chr multicast ;
break ipprotocol udp; First we define a tag called udpserver with a default value of 0. We don’t set any enums or flags for this tag since it will be used as a boolean. For servers that need to respond to DNS queries, set the udpserver to 1.
Then we accept UDP traffic if the value of the udpserver tag is 1 when both sender and receiver tags are ORed together, or if UDP traffic is multicast. This allows multicast mDNS and Netbios announcements and allows UDP traffic to and from UDP servers, but prohibits other horizontal UDP traffic."
Have a look at this: https://www.zerotier.com/manual/#2_1_4
The section is called Trusted Paths for Fast Local SDN if your browser does not jump to it automatically. That does not tell you how to actually configure it so look at Local Configuration Options (https://www.zerotier.com/manual/#4_2) which shows an example local.conf including the trusted paths attribute.
It’s not super well documented so let me know if you have any trouble
Sounds like you guys had an awesome time! If you're looking for another arena shooter like UT2004, I can't recommend Xonotic enough. It's a modern and free send-up of arena shooters of the late 90s/early 2000s. It supports LAN play and online play, and has one of the most welcoming communities I've ever encountered in a game.
If you or your sons wanted to get any other local or long-distance friends involved with your gaming, you could consider ZeroTier. It basically fakes a LAN connections for any old school games you want to play like you would back in the day. Great for games that don't really support online play.
By “regardless of where I am connected to” do you mean from anywhere outside your home - I.e. in effect anywhere with an internet connection? And what device(s) are you sending files from?
If so, the simple answer is “yes” - but first you have to set things up so that such access is secure. Opening SSH to the internet would be exceptionally unwise and pretty well guarantee your Pi being exploited by others if not properly secured.
I can suggest three ways of doing this... - install OpenVPN using the instructions here https://pivpn.io - install Zerotier - instructions here https://www.zerotier.com - set up SSH to be secured with a key - see this https://www.ssh.com/ssh/key/ and open your router firewall to allow this.
Using the first you get SSH access and web etc. access to devices in your network plus you then have you own VPN when out and about back to your usual ISP as if at home.
Using the second is similar, but access is easiest to other devices running Zerotier. You can set it up to pass through access to other devices, but it’s a bit harder than achieving that with OpenVPN.
You can set up OpenVPN or Zerotier in under 30mins if you just follow the instructions. (Personally I use the OpenVPN option, not Wireguard in the former.)
The third just does what it says on the tin - gives you SSH access and nothing more. (It’s sensible to use keys to secure SSH however you use it!)
All three can be used from PC, Mac, phone and tablet.
Personal view - I use both of the first two for various reasons (I have two networks remote from one another.) For ease of setup + breadth of resulting solution I would suggest OpenVPN.
PS - a hard drive unless SSD will most probably need to be connected via a powered USB hub.
Hope that helps!
You're on CGNAT, also happens with me but in the country I live it's used by almost everyone (Brazil). First talk with your ISP, see if it's possible for you to get a dynamic public ipv4, there's no need for an static since you can get a domain and use ddns, if your ISP refuses this, you can look at stuff like ZeroTier, it should work even if you are on CGNAT.
You can fully route everything through ZeroTier, it's a bit tricky but works, and it's also encrypted.
I don't know if you live in Brazil but since a lot of people that have the same question is from here, there's a law that prohibit your ISP from putting you in CGNAT while not giving you public ipv6.
I use https://stablebit.com/CloudDrive (only on Windows) for my Backups, because the Google Drive account can be used just like an external drive with a drive letter. And, more importantly, everything is encrypted before upload and can be transparently decrypted.
One account can only be connected to one computer. Therefore, I let a Windows root server at a provider with 1Gbit UL/DL up- and download everything from my home FTP server.
I can use the internet root server at the provider just as a local computer with https://www.zerotier.com on all computers I need access to the root server,
you are just incapable technically. Straight from the ZeroTier website:
"To enable multipath, edit (or create) local.conf and add a setting called multipathMode with a value of 0, 1, or 2."
First I will echo what everyone else is saying. Don't EVER expose RDP to the internet. Regarding VPNs, have you looked at something like ZeroTier? https://www.zerotier.com/ It's an OpenSource piece of software (lightweight Agent based) that allows you to create virtual networks over a WAN (a la old school Hamachi), in essence giving you a VPN like solution.
I cannot comment on security however I do use ZeroTier behind cgnat which means I do not have a usable public IP address. To counter this I’ve setup a server on digital ocean and setup a ZeroTier moon having all of my networks orbit the moon https://www.zerotier.com/manual.shtml#4_4
I also setup my own ZeroTier controller . You can find a simple ui for this here https://github.com/key-networks/ztncui don’t forget to export yourmvolumes to local storage so you can easily back up your networks.
What is your NAS running? If you can get ZeroTier (or similar) running on it, that might work for you. Means you can then access it from anywhere, might be easier than the VPN and/or VPS route.
Kind of similar to the old Hamachi "virtual LAN" application.
I use ZeroTier One myself, and then setup my .ssh/config like this:
Host desktop.home HostName 192.168.0.XX Host desktop.zt HostName 172.27.XX.XX
Hello, thanks for using ZeroTier.
Without knowing more details about what your security team wants to see it's hard to draw a single picture. But the gist is that our root servers merely orchestrate the creation of a direct P2P connection that takes over and is encrypted from end to end.
Here's a few links to key sections in the manual which might help:
Cryptography: https://www.zerotier.com/manual.shtml#2_1_3
Peer Discovery: https://www.zerotier.com/manual.shtml#2_1_1
Network Rules Engine (if you're using these): https://www.zerotier.com/manual.shtml#3
Evolve is the #1 liked alternative at AlternativeTo, for what that's worth.
You may also want to check out DynVPN or ZeroTier, which are the #1 and #2 Open Source offerings.
If you do decide that a Synology box is right for you, I think I can help with your third requirement.
It'll do exactly what you want and it's free, open source, and your traffic will be encrypted.
I'm the principle developer of their package for Synology devices and would be happy to answer any questions you have. We have enterprise offerings but this sort of stuff we give away for free.
We currently have support for Intel x86_64, x86_32, and recent ARM chipsets.
Good luck on your search!
ZeroTier is great, although not as user-friendly as it's more aimed at professional users rather than gamers. It doesn't do anything else (like spying on you or showing ads...) and is very small. It also support Linux and Mac.
I was already thinking convertible debt. I think what I'm trying to estimate is partly for my own benefit.
For fund raising maybe I should just look at what other similar-sized and similar-stage businesses are raising in terms of seed rounds and what their convertible debt interest rates are.
The thing in question: https://www.zerotier.com/
Quick summary: there is a trickle of actual revenue, many users, positive user feedback, some "natural" word of mouth growth, and a technically capable product. I'm looking to go to the next stage, which involves full time work rather than bootstrapping. For that I'll need money. (Working on cofounders and partnerships too, but money is the question here.)
The second reason I want this kind of market research is to decide which markets to go after most aggressively. The product already exists in the consumer VPN space, but I don't see that as a huge growth market. It just happens to be the most straightforward to access, a quick path to some revenue. Beyond that I have several choices of varying difficulty since there are a number of different things the product could (already in some cases) do, and I want to know which of these is the most rapidly growing and largest. There is some public data available but in-depth and hype-free market survey data would be nice.
ZeroTier One - https://www.zerotier.com/
Ethernet Virtualization - create virtual Ethernet networks that work everywhere
Not new -- posted here once before -- but web site just got a huge facelift and is now much more usable. It's a sole founder project. Exiting beta soon.
Looking for feedback and beta users. Feedback about the pricing structure is also welcome since I'm really not sure about it. Too much? Too little? It's more expensive than Hamachi (but also simpler and faster and better in many ways) but far less expensive than carrier-grade and enterprisey managed solutions.
No coupons yet, but I'll tell you a secret: the ten user limit is not enforced yet. Won't be until the beta banner vanishes. :)
This is good too. All sorts of nightmares arise because... say... you want to VPN into a 10.0.0.0/24 network from a 10.0.0.0/24 network. The address space limitations of IPv4 also create nightmares when it comes to private and domain-specific networking.
In ZeroTier One, the Earth public network ( https://www.zerotier.com/earth.html ) uses bogarted DoD addresses from 28.0.0.0/7 for this reason. Some may frown on this practice. Let me know if you have a better idea. But since ZT1 emulates a full-function L2 LAN, IPv6 link-local addresses work too.
https://www.zerotier.com/ 50 euros pour le pro et l'entreprise doit etre a 400 euros / mois si tu appels un commercial.
Et c'est 4 minutes par poste si tu as pas de script ensuite un admin sys qui s'en occupe et c'est bon.
Hmmm, that's not the typical address range for CGNAT but just the same, it's not a true public IP so port forwarding will be a problem. Another simple option is to run ZeroTier, which creates a sort of VPN and bypasses the port forwarding problem.
If you can't port forward on your router it's going to be complicated. I have heard of folks having luck with ZeroTier but I haven't tried it myself.
You could also get a small VPS from a provider on the internet and setup a tunnel or VPN connection to that to allow connections IN through that VPS to your home network. It's not super complex to setup, but unless you're pretty familiar with linux you may struggle with it.
I use zerotier for my home and public servers' SSH access, which fulfils the role of a VPN without some of the downsides and is also pretty performant.
I think that firstly as a general rule one should be doing that (restricting SSH to some degree of VPN only) - but also personally I need a stable "backdoor" in case that fails for some reason on a per-site basis (on for my home network, one for each of my remote servers), for that I have a port that is NATed from the internet to a clean SSHd [docker] container with all the usual security best practices like no root login, an AllowUsers directive for the one user, passwordless auth, passphrase protected private key etc - that runs on a non-standard port which I can use as a ProxyJump host.
It's last ditch, last resort stuff, but personally I need it, so I don't have to do something like use remote hands or come home from hundreds of miles away just because maybe something failed with zerotier (though it has been stable for me, I don't want to be in that position if something goes wrong).
I use a non-standard port for that not so much for security but because I like to keep the noise levels down - things really like to bang on the door of port 22 on the internet, and it can get annoyingly noisy, even when they're not getting in; you keep that noise down and it makes centralized logging more useful.
I would image that Mullvad does NOT allow you to run a server through their VPN and blocks inbound connections.
If you want the simplest I would look into ZeroTier. It is open source and free.
This is also a easy option p2p one you do need to have an understanding about firewall / acls though.
​
May not be the right fit if you need to lock things down but nice and simple for just getting things linked up.
See if your ISP can offer you a true public IP. They may charge for it though. If that doesn't work, look into using something like ZeroTier on the miniPC, which creates a type of VPN that would allow a direct connection.
​
you can use https://www.zerotier.com/ not need any vps or other cost.... just create account make network.... and download client for serer(or your router if supported) and your client pc or mobile and connect to netword withyour id
Time Machine should work over the internet if you have good up/downstream on both ends.
I would use ZeroTier and build a WAN based intranet. Use the IP addresses associated with ZeroTier and it will backup over that network.
You can use Zerotier to get access to home network in ISP like Excitel. But it's too limited. As you still can't openly access your media server setup like Emby or Plex easily.
https://www.zerotier.com/ is a perfect tool to give limited access to LAN services outside of your network. Every device just needs to have a ZeroTier client installed, so this wouldn't exactly be "public" but "available to privileged users".
Hey there! Just wanted to tell r/devops about ZeroTier's new integration with HashiCorp Terraform.
Configure multi-cloud network access for up to 9 different cloud providers with ZeroTier's multi-cloud quickstart guide using HashiCorp Terraform. Take advantage of ZeroTier’s Layer 2 SD-WAN networking overlay to connect to Digital Ocean, Amazon Web Services, Google Compute Engine, Microsoft Azure, Oracle Cloud Infrastructure, Alibaba Cloud, IBM Cloud, Vultr, and Equinix Metal.
Learn more: https://www.zerotier.com/2021/10/14/zerotier-central-now-integrates-with-hashicorp-terraform/
you haven't mentioned anything about authentication between the machines and authorization to the operations they can request from each other.
do you expect the number of machines change dynamically, without humans configuring them?
I would definitely build a prototype using prepl or nREPL first, with fixed number of machines, which are connected over a virtual Ethernet switch, like https://www.zerotier.com/ , which can be your authentication later. I wouldn't worry about authorization, since you control all the code, but iirc you can specify the available vars for the evaluation environment of an nREPL server.
where would the end user type a query? browser? swing or javafx app? terminal? REPL client, like an editor?
I would definitely start with getting the communication work from a usual, editor integrated REPL. the user input and the delayed query submission are orthogonal problems to the query execution process. you would want to be able to cancel queries too, though, to stop wasting resources on queries, which were started in the same typing session, at an earlier stop in typing.
The simplest way to go is https://www.zerotier.com/ , which is kind of like 3 but maybe more like a 4th option. It's extremely easy to set up and many guides are out there (it's not jellyfin specific).
5th option is to use Plex and pay for the $5 mobile device unlock, since Plex uses SSL to secure your traffic. But I still suggest Zerotier, or 2 or 3 if you want more control over your own setup.
ARP responses are stored in simple table with MAC=IP pairs (and static\dynamic type). That's called ARP Cache.
Just read what is Zerotier VL2 before asking questions about ZT+ARP:
https://www.zerotier.com/manual/#2\_2
Welcome u/colossus1975!
To answer your question about security: We've had our methods audited by a third party and the results can be found here
> Is it as simple as what I am reading/seeing?
In most cases, yes.
> Would this be a suitable idea to access my home network for home-lab training?
Absolutely
Zerotier requires a bit more work in the sense that you run into things like some links on their github page not working wrg to nas. Package is not in dsm store. Download manually from link below and then put on syno somewhere and browse to it within dsm package manager to install.
Wrg to registration (for managing one or more zerotier networks), download (for windows) and install https://www.zerotier.com/download/
Download the dsm6 package to install manually. I used the dsm6.1.1 generic package at the bottom as the cpu family if my ds916+ and ds920+ were not listed. Required some searches to find a list which syno uses which cpu family, finding that none of them matchdd hence used the generic one.
http://download.zerotier.com/RELEASES/1.4.6/dist/synology/
Wrg to dsm7: "Synology's DSM 7 doesn't allow third-party applications to run as root. Therefore, we now recommend using Docker to run ZeroTier. While this is somewhat inconvenient at first it is undeniably a safer way to run third-party applications on your NAS. Once set up this configuration will be persistent across reboots and DSM upgrades."
https://docs.zerotier.com/devices/synology/
I will have to look into the docker approach myself in the future once I would upgrade to dsm7. For now I used the manual install for dsm 6.
Once you got through the initial hassle however (and the fact they did not update the package for syno beyond 1.4 while for windows it is up2date with 1.6.5), it works really well, maxing out at my upload speed (which is only 2MBps). Can't recall having once run into any issue since setting it up for daily hyperbackups. In my case my own max. upload speed is the limiting factor, not zerotier itself.
I’d set up WireGuard on the Pi you mentioned you have. I believe it has support for DDNS providers built in. I generally use this approach myself for similar reasons as you describe. Another option is to use ZeroTier (https://www.zerotier.com/). I use this specifically to manage my dad’s computer remotely, but of course once connected with his computer, I can manage stuff in his network.
Another thing I would be very curious to know is if it would be recognized via usb connection. I know it's not bare metal but you can use, either:
which offers a single device trial with only a handful of allowed connections before trial ends. In the client app you would add your pc ip address under "Reverse Clients" without the "http://" (Only the numbers and decimals) and then forward port 7573 to your pc LAN address (I'm not knowledgeable of port opening capabilities on cloud pc. Otherwise you can install and run:
https://www.zerotier.com/download/
on cloud pc and whatever device you can get your hands on and connect them virtually to the same network without the need to open ANY ports.
One more thing to conclude this comment...there is a tab in X360ce that has a hidguard submenu that says "Show Hidden Devices" Try that and see if anything populates the results list. I had that issue and that was the only thing that fixed my issue.
The easiest solution would be ZeroTier. No complex configurations are required. You just need to create a ZeroTier account, create a virtual network for your account, install the client on each device and connect each device to the virtual network. Then, each device will be assigned a fixed IP address, and you can access the HTPC using the IP address assigned for the HTPC
I used to use a program called Evolve, but it has since been deprecated, it was the only one that I found easy to set up and always worked. Before that I used Comodo Unite (which is also deprecated).
I've always found that Hamachi and Tunngle (if that's even still around) were very finnicky and rarely worked. My issue with GameRanger was all the ads built-in to the program (not sure if they still do that).
I recently found a program called ZeroTier which is free and open source; looks promising, but I have yet to use it, haven't had a need in the past 5 years.
Well if they are blocking the PPTP port and you are trying to access that port from the outside then you probably need to find a different solution like OpenVPN.
Someone else recommended https://www.zerotier.com/pricing/
Yeah, I use Nextcloud as my own personal cloud storage. Zerotier makes it accessible when I have my laptop out in the field.
Here's the best place to learn how to get started with Zerotier: https://www.zerotier.com/download/
It's incredibly easy to get started, maybe I'll make a video about it.
> ZeroTier
Thanks for the suggestion but the license seems to preclude running your own network controller for commercial purposes - https://www.zerotier.com/pricing/
> ZeroTier’s software kit is licensed under the ZeroTier BSL, which allows source code access and free use for all with the exception of hosting a network controller for commercial purposes
You'd need dynamic DNS to locate your house, and then a port forward the ssh connection (please use key based authentication).
Alternately, you could run zerotier (5minutes) or nebula (if your more DIY/paranoid) as a nat traversing overlay network vpn and ssh over that so you have a "local" static IP without opening ports. Clients for these are on android and ios. Again, and always I'd suggest key-based auth.
https://www.zerotier.com/download/
https://arstechnica.com/gadgets/2019/12/how-to-set-up-your-own-nebula-mesh-vpn-step-by-step/
https://github.com/slackhq/nebula
As above, syncthing is great, but not available for iphone.
>opentier
Never tested OpenTier - but i use zerotier quite alot.
- Get an account
- Download the qnap package and a installer for your own machine: https://www.zerotier.com/download/
- Create a network on zerotiers website
- Join both machines to the network (you need todo it via ssh on your qnap) and accept entry into the network
Now each machines get a new ip address and you have access without exposing your NAS when you are outside the network - for the more avanced users, you can setup firewall and routing rules directly on the zerotier site.
Learn howto use it and a whole new world opens up to you.
Been a while since I heard of hamachi. https://www.zerotier.com/ is the closest I know. They have a forum where you might ask. You might be able to use a raseberrypi to send the wol packet.
I’ve been using zero tier for my games, and though the setup is marginally more involved than ngrok, it works really great.
Basically all you have to do is 1. Create an account 2. create a network on the website and copy the ID 3. download the app 4. hit join network and paste the ID from step 2 5. in the website, find yourself in the list of connected “nodes” and copy the “managed ip”.
Then your players connect to the network and use the managed IP followed by the port foundry uses to connect to your game.
Alternatively, Zerotier is very powerful and opensource.
But you can always also just turn off the Services manually. It is the same with Hamachi, you just need to know what Service you need to run or turn off.
Take a look at the Rule Definition Language (section 3.4) at this link: https://www.zerotier.com/manual/#3
I'm using the following to restrict traffic to a single server, but you should be able to switch the accept statements to the desired port instead. You'll probably still need to do some trial and error. Most guides for the rules seem to work around the idea of explicitly dropping and accepting certain patterns, then accepting everything else. I wanted my network to be setup to drop anything that is not the specific traffic I'm allowing. (Disclaimer: This is just what I came up with, not sure if it's the "correct" way to do things.)
accept ethertype arp;
drop not ethertype ipv4 and not ethertype ipv6 ;
accept ztdest [zt_server_address]; accept ztsrc [zt_server_address];
drop;
Please, we need some more details of what kind of config you did.
What I can say for sure is that zerotier works very well on Linux. Actually, for me it's more stable than Windows. Currently I manage a network with about 25 nodes (Linux and Windows mixed) with no problem at all. On Linux side, I'm using Arch Linux, Ubuntu and Debian.
Are you installing zerotier directly on ubuntu? Or are you trying to manage ubuntu Zerotier ingress from another device, from this DD-WRT router for example? Have your ubuntu another services running?
If you are trying to install directly on ubuntu, my advise is to do a clean install of zerotier:
- Remove the ubuntu node from my.zerotier.com
- Run
apt purge zerotier-oneon ubuntu to remove and purge config files - To be sure, check /var/lib/zerotier-one directory on ubuntu for remaining files (delete everything if exists something)
- Install zerotier-one from https://www.zerotier.com/download/ and do the configuration normally
I'm saying to you start from scratch because basic zerotier usage is almost zero configuration, so it's weird this kind of situation you get there.
You can install zerotier to your VMs and used that as the local network for each of them to connect which bypass the need to do changes on the router. Just keep in mind there are limitation but for small setup to learn and stuff this might help. I used it to connect to some of the devices on my homelab remotely like I am on my local network. here the link https://www.zerotier.com/ . Hopefully this helps
2.0 may be on the roadmap but there's v little to show when it may be released - an article on their own site from Nov 2019 says it is 'relatively close' so wonder what that translates to, and another reply by a ZT dev on a ycombinator post from 4 months back doesn't commit to any timeline either, which I can understand.
Yeah I think the gateway option is probably the way to go, but I also still have a lot to learn on it, proving slow going!
The controller has record of this information based on the last request made by the node, not unlike a web server logging a requester’s IP address and time stamp.
See ZT manual for more details.
Zerotier is just easier in my opinion. It doesn’t even eliminate the possibility of setting up a secondary VPN if that is the choice you make. Quite simply it just makes connectivity where you don’t control the gateway hardware dead simple. In a world without port forwarding SDN and UDP hole punching are your allies.
https://www.zerotier.com/2014/08/25/the-state-of-nat-traversal/
https://www.zerotier.com/download/
They have a client for basically everything, even freeBSD. It's creating a private WAN, so the devices are transferring directly to each other over the shortest possible route through the net. If they're on the same network, the data doesn't leave you network. Some metadata does hit their servers, but it's encrypted.
AFAIK it uses mostly its own protocols, as described in the manual. Have a look at for example Node.cpp, it's rather simple and well commented.
With the type of service it is it will not work without a native client, And depending on the game you would likely be better off using some other service.
I can recommend using Hamachi or Zerotier (I think both are in Ubuntu repositories but could be wrong)
Hamachi is fairly easy to set up and use but has limitations, as you cannot connect to the host without a direct connect function in the game.
Zerotier is slightly more involved to set up but does not have the same restrictions so long as it is done properly.
I'm sure there are several guides on how to use both on Ubuntu that you could find with a quick google search.
​
^(i use arch btw)
dumno what is your issue. i use gameranger with win10 without issue tho.
but if the problem persist i suggest you try zero tier:
​
a good alternative to hamachi or even gameranger.
used it to set up fun DOOM2 and heroes of might&magic 5 lan games, works really well.
Layer 3 typically has a dynamic routing protocol, like OSPF or BGP. Layer 2 uses ARP or ICMPv6 to resolve peers. With a layer 3 mesh, you typically need to define a tunnels or a point to point links at layer 2, like a VPN. There are Layer 2 meshes under Linux using a tun/tap device, that redirect the ARP packets to a database of peers. I believe zerotier does this.
I would recommend looking into zero tier. This is what my friends and I use to play games that only support LAN connections. I have a Ubuntu Minecraft server that works perfectly like this. It also removes the need for port forwarding. It's pretty easy to set up and free for small groups.
Edit: here's the link https://www.zerotier.com/download/
As far as I have understood it, the last accept means it should be accepted no? Or do I have to manually enable that? The only mDNS mention I found in the docs was in regards to locking down UDP:
tag udpserver id 1000 default 0 ;
accept ipprotocol udp and tor udpserver 1 or chr multicast ;
break ipprotocol udp;
Section 3.5.2 of the manual: https://www.zerotier.com/manual/
I can suggest installing zerotier on your NAS and then again on any of the devices you wish to take outside of your local network. It can also be used to bypass carrier grade NAT if you are also coming up against it. https://www.zerotier.com/
Zerotier admit and explain why they do not implement “perfect forward secrecy” and point out that if one is then using SSL and/or SSH over Zerotier one achieves that level of security. See https://www.zerotier.com/manual/
I freely admit to limited expertise in this field, but I’m not seeing a compelling difference. If I had found Husarnet first I have no doubt I would be O.k with it, it seems impressive, but I’m not seeing the compelling reason to change since Zerotier is free for all my 10 devices,!