I might be late to the party, but I just found ZeroTier. I mounted folders on my OneProvider/Online servers as NFS shares on my local servers and I’m streaming 1080p media via Plex and Kodi with fantastic results!
Can’t praise this enough!
I tried ZeroTier for a while… It’s pretty good!
However, one thing I didn’t like about it is that it’s reliant on their “ZeroTier Central” server (my.zerotier.com) for network configuration. I’d rather not rely on external servers for any part of my VPN.
I tried a few alternatives and ended up choosing Tinc. It’s similar to ZeroTier and has many of the same advantages: It’s a mesh network and hosts directly communicate with each other where possible, using UDP hole punching. You do need to write some config files and some of their docs are quite old (their Windows tutorial has screenshots from Windows 98), but it’s pretty easy to configure, and works well as long as you have at least one host that’s accessible externally (either directly or via port forwarding). The hosts will all discover each other automatically.
I have a desktop running Windows 10, a laptop running Windows 10, a few Linux servers, and a server running Windows Server 2016 all on the VPN via Tinc, and it works really well.
I’ve looked at tinc a few times, and looked over their docs which, honestly, are what turned me off. I’m also not crazy about Zeotier’s proprietary server thing, but here we are. I’m not running anything sensitive through, just some ISO’s. Although the service does claim to encrypt your data on transfer.
The tinc site isn’t very useful, but the docs in PDF form are pretty good. I’m using the alpha version of tinc 1.1 which makes configuration a bit easier. Just need to spend a little bit of time configuring it, but after that it works quite well. It’s significantly easier to configure than OpenVPN.
I use it for any services I don’t want to expose publicly. For example, RDP (remote desktop) for my Windows servers, munin (server monitoring software), and the UI for Duplicati (backup software) are firewalled to only be accessible over the VPN. Makes me feel a bit safer.
I’m following this with some interest. I recently had my esx server at home throw a disk and it got me thinking maybe I should join my dedi to my home network to create a “secondary DC”. Am I best looking at this or a site to site VPN?
I think tinc would be perfect for that.
Looks like they will both do what you want, so it’s just a preference thing for you now. I’ll be interested to know which one you choose and how it works out.
Went site to site openvpn in the end. Works a treat! Unifi USG to OPNsense. Easy to setup and working exactly as I need it
Still using ZeroTier, and I like it more every day. Some concerns:
I slapped this docker, ztncui, on my server and I’m currently running my own controller. It’s a breeze to use, and it removes the 100 devices limit imposed by ZT’s hosted controller. Unlimited networks and you choose your own IP pools.
It’s neat!
This looks pretty cool. I’m really happy with Tinc at the moment, but I’ll try the ztncui Docker container if I ever get some free time to play around with it. Thanks for the link!