WingNews logo WingNews
top | item 42989747

ZeroTier – home VPN without a public IP address

66 points| to3k | 1 year ago |blog.tomaszdunia.pl

64 comments

order

bclemens|1 year ago

Also consider Nebula: https://github.com/slackhq/nebula

ZeroTier does not use an OSI approved open-source license. It is under a freedom-restricting "Business Source License". Nebula is MIT licensed.

Nebula is much simpler and in most cases faster than ZeroTier.

lostmsu|1 year ago

I tried Nebula, but ended up with Yggdrasil instead. https://yggdrasil-network.github.io/

Unlike Nebula, it gives you an IPv6 address (actually, millions of them per node, if needed).

They now also have a userspace only SOCKS 5 proxy server that can connect your app to the whole network without forcing user to install drivers or to mess with their network configuration.

jstasiak|1 year ago

Adding +1 to the Nebula recommendation.

The last time I tried ZeroTier (years ago, I admit) it wasn't possible to self-host all of it I think and I couldn't make it reliably use my own relays for good performance of non-direct connections.

I've been happily using Nebula for a while now, pretty easy to configure and self-host.

lukaslalinsky|1 year ago

Thanks for the recommendation! I wanted a VPN like this for a long time, to manage HA in a remote propery, and this seems like a great option. Even the hosted service is very reasonably priced - https://www.defined.net/pricing/

FieryTransition|1 year ago

Is nebula actually good to use now?

Do they route announcements over the network? Can I just setup two machines and expect them to just work by finding each other?

Does it support name resolution?

exceptione|1 year ago

How does Nebula compare to Wireguard?

savikko|1 year ago

Hugged to death but what i like about zerotier is that I can access my Home Assistant instance (and other home services) with same ip address (resolved from dns and then TLS terminated with traefik) from home network and from zerotier.

And it does not matter if I have ZT network connected when home.

Not sure if that is possible with tailscale (from my understanding, it generates always tailnet ip for hosts).

chabad360|1 year ago

Tailscale does support this. Using the Subnet routing feature you can expose other devices on the network to the Tailnet. I had to use this for a while with TrueNAS because of the way it handles TS integration (eventually I moved to using a reverse proxy).

notpushkin|1 year ago

> from my understanding, it generates always tailnet ip for hosts

It does, but it should connect over LAN when both devices are on the same network. The tailnet IP doesn’t exist outside the WireGuard network, so it’s up to the WireGuard routing algorithm.

bastard_op|1 year ago

I've been using Zerotier personally and professionally for some 10 years or more and as a network engineer I love the product, and have long recommended it. I've compared it to Tailscale, and while Tailscale has a lot more enterprise-y features, they too miss some key features of Zerotier like being able to use route ANY subnet IP addresses, not just limited to their 100.64/10 addressing Tailscale limits you to. Tailscale also requires you to use an oauth account for users, which has never been compelling for personal use.

I also believe it was around before Tailscale, or at least I knew of it before Tailscale, but I've never seen a compelling need to move from Zerotier to Tailscale.

speakspokespok|1 year ago

I’m considering setting up a Digital Ocean virt with the static IP and then wireguard connection back to a host on my network.

I want to connect a local bare metal k8s cluster to the internet but completely walled off from the rest of my network.

natebc|1 year ago

I did this a few years ago and it's still chugging along great. Haproxy instance on a $6 droplet proxying back over wireguard to a taefik proxy.

Could probably redo it and skip the double proxy but honestly it's fine.

LelouBil|1 year ago

Very useful for remote lan gaming !

We used to have Hamachi, but the limited networks, the unintuitive UI and the need to create an account are all things that ZeroTier does best.

Need someone to join the network ? Just send them the ZeroTier download link, and the network ID. No account, no complicated prompts, nothing !

And you can customize everything on the backend, like ip addressing and routing.

And it's even self hostable ! (But then the users need to set the url to your server so this adds a bit of setup obviously)

ramarnat|1 year ago

Also great to bypass Netflix/Hulu/Disney geo or VPN restrictions. I run ZT on my travel Amazon firestick, connect to my home network, turn on use default gateway and all traffic goes via my home router.

Using a similar setup, a friend in Oz and I also share ZT networks, so either he or I can use them to watch content that is only available regionally. The traffic uses home IPs, so it won't get blocked or detected.

It just works.

(Disclosure: was part of the first angel round investment in ZT)

Krasnol|1 year ago

Very nice and detailed guides.

The guide for Shellys [0] is highly appreciated. I always thought about touching those, but all the guides I've found required knowledge I didn't have. I guess it's a precaution because one can cause real damage doing this wrong, but I feel now, I could do it.

Dzieki.

[0] https://blog.tomaszdunia.pl/shelly-smart-oswietlenie-eng/

Diti|1 year ago

Do you have any feedback regarding lag? I like the potential of Shelly products, but every single light I bought from them has a 2-second lag, as the devices seem to want to light up only AFTER being connected to the WiFi.

to3k|1 year ago

It’s really nice to here that you like my guides I have 0 money from making them but a lot of dopamine coming from such comments!

to3k|1 year ago

You don’t have a public IP address, but you want to remotely access your Home Assistant? No worries, you can do it using ZeroTier and I have a tutorial for you.

Hikikomori|1 year ago

Error establishing a database connection

aborsy|1 year ago

How does it with the darlene of HN, Tailscale?!

Tailscale has magic DNS. Can you use a custom domain and DNS entries in any of these mesh VPNs?

throw3948493|1 year ago

ZeroTier charges by device. Tailscale charges by user.

ZeroTier is a lot cheaper if you only need to connect a single device for each employee. It gets a lot more expensive if you have a lot of devices.

Tailscale is the opposite. Cheaper if you have a lot of devices, but if each employee only has a single laptop which needs to be connected, then it's a lot more expensive.

Tailscale's documentation is way better and walks you through it like a beginner. ZeroTier's documentation assumes you are already knowledgeable about networking.

timrichard|1 year ago

I think the ZeroTier free tier is much more generous. I also like the client app, which lets you be connected to more than one network without switching. The API is also nice... I've hooked it up to an Ansible play, and it works well.

mkl|1 year ago

ZeroTier is great. It just works. Makes it really easy to SSH in or access Samba shares from anywhere.

hei-lima|1 year ago

You can use it for remote LAN gaming, just like we used Radmin or Hamachi to play Minecraft.

john_alan|1 year ago

How is this better than DDclient + WireGuard?

k8sToGo|1 year ago

Not all ISP provide a public IP address.

Some ISP force you to change your IP every 24h. So you'd have to reconnect your VPN.

rook1e_dev|1 year ago

Tailscale or pure WireGuard is cool.

EVa5I7bHFq9mnYK|1 year ago

tailscale clone?

randunel|1 year ago

The other way around. Tailscale cloned zerotier, but they diverged quite a bit. You can find VPN connected hardware with zerotier if you've got such needs, and that's simply not possible with tailscale.

fragmede|1 year ago

which like, they're open source, so hosting your own is totally possible