No video
452 The definitive Guide to Zerotier VPN and why it is "better" than Wireguard (Tutorial)
Рет қаралды 113,753
Жыл бұрынToday, we will strike back! Not with a commercial of NordVPN or similar. No, the VPN we will build is free of charge! And it can be built by everybody in minutes. Very different from Wireguard, which is
complicated. Sounds like a deal? In addition, you will learn a lot about the internet.
My second channel: / hb9blawireless
Links:
Raspberry Pi 4: amzn.to/3nlHfvc
Cheap Proxmox server: ebay.us/h7WmoB
Proxmox Mini PC: s.click.aliexp...
IOTstack Zerotier Wiki: sensorsiot.git...
Proxmox Video: • 443 I found an Excelle...
IOTstack Video: • #295 Raspberry Pi Serv...
Remote Station video: • A Simple to Use And Ex...
Zerotier Wiki Article: bit.ly/3JWXyGm
RUTX14: 4G RUTX14:: teltonika-netw...
Patreon supporter companies:
passiv-energie...
www.welectron....
yosmart.com/
KZbinr Patreon: / @makersmashup
The links above usually are affiliate links that support the channel (at no additional cost to you).
Supporting Material and Blog Page: www.sensorsiot.org
GitHub: www.github.com...
My Patreon Page: / andreasspiess
Discord: / discord
If you want to support the channel, please use the links below to start your shopping. No additional charges for you, but I get a commission on your purchases to buy new stuff for the channel
My Amazon.com shop: www.amazon.com...
For Banggood bit.ly/2jAQEf4
For AliExpress: bit.ly/3MtXUY8 (just go on from here to your product)
For Amazon.de: amzn.to/2r0ZCYI
For Amazon UK: amzn.to/2mxBaJf
For ebay.com: ebay.to/2DuYXBp
www.facebook.c...
/ spiessa
www.instructab...
Please do not try to email me. This communication channel is reserved for my primary job
As an Amazon Associate, I earn from qualifying purchases
#no#midroll#ads
@MarkArnold-England Жыл бұрын
I've been using ZeroTier for several years and have found it to be very stable and efficient. Thanks for promoting an alternative to Wire guard!
@MrMo3557 Жыл бұрын
Zerotier is so good I haven't felt the need to checkout anything else
@AndreasSpiess Жыл бұрын
Thank you for sharing your experience!
@lyc2520 Жыл бұрын
do you think it is secure enough? have you experienced any secure issue so far? I am new to Zerotier and planning to use it for long time but of course I have no idea if it is good at secure/privacy concern. thx
@currentfaves65 8 ай бұрын
Do you use Zero Tier to connect your laptop to your bank?
@MarkArnold-England 8 ай бұрын
@@currentfaves65 I use it from my phone when connected to public WiFi - I rarely travel with a laptop, but yes, I would use it for anything, banking, shopping etc.
@TMS5100 Жыл бұрын
This only works if you trust public zerotier service. If you don't trust zerotier, the alternative is to run your own zerotier instance on your own public server. But if you're going to host your own public server, you might as well just run wireguard. Which in fact is exactly what I did. I disagree wireguard is complicated. I'm not going to put trust in someone else's servers in exchange for convenience. another huge plus in favor of wireguard is since it's native to linux, tons of network appliances speak it natively.
@AndreasSpiess Жыл бұрын
I agree with your judgement. If you do not trust Zerotier, Wireguard is the better solution.
@user93237 Жыл бұрын
Though what sensitive data do you actually share with the zero-config VPN providers such as ZeroTier? Please correct me if I'm wrong, but isn't the WireGuard connection mediated by ZeroTier still end-to-end encrypted with keys stored locally in the clients, so ZeroTier does not have access to your VPN. The most sensitive points may be that you need to trust that the client apps do not leak your keys, but since it's open-source and they have an interest to maintain their reputation that is unlikely to happen. So the only sensitive information may be the public IP addresses (and hence potentially geolocation), the names and count of your devices, as well as your internal VPN topology, but this is typically not very sensitive data.
@jarodsmith9116 Жыл бұрын
@@Darkk6969 untangle UTM
@beathorn6720 Жыл бұрын
the experience also shows, that sooner or later a free service may change to a paid one. Its always best not to rely on third party services.
@thebugg333 Жыл бұрын
I ran a couple of the free services, I stopped using it when my home PBX found my phone (but was unable to complete the call) when I received a call while my phone was not connected to the service. Then looking at my firewall and saw the service talking to locations outside of the country so I enabled geo blocking. Once I get time, Ill use wireguard since the other free services like talking to other nodes on their network making this free and easy tools not secure.
@WereCatf Жыл бұрын
I'm going to have to correct some things: for one, OpenVPN, Wireguard and the likes *also* create a virtual private network. That's where the whole term "VPN" comes from and as such, the slide at 2:10 isn't entirely correct -- Tailscale, Cloudflare, OpenVPN, Wireguard etc. all create a virtual private network. You also don't need to open multiple ports for OpenVPN/Wireguard/etc. -- you only need one. I don't disagree with the general gist of the video, ie. Zerotier/Tailscale/whatever is certainly easier for the less knowledgeable to set up and they work even behind CGNAT, but I am nitpicking about the specifics a little.
@AndreasSpiess Жыл бұрын
I agree and if it was not clear in my presentation, I apologize.
@zuighemdanmaar752 Жыл бұрын
to be more nitpicky, wireguard is a tunnel protocol not a vpn. but yes i agree with the half explenation of the term vpn
@christiannickel9801 Жыл бұрын
Agreed, plus WG is still very easy to setup and doesn't require any 3rd party system to manage. Many routers have it built in now.
@WereCatf Жыл бұрын
@@christiannickel9801 I use OpenWrt on the LAN-side routers and Internet-facing system is running pfSense, ie. I don't run consumer-grade routers with stock firmware, so I don't know what features they ship with these days. I'll take your word for it. That said, I have run Wireguard for a while now on my pfSense-box and it's been a great experience -- stable, secure and very fast.
@Darkk6969 Жыл бұрын
@@WereCatf I use pfsense as a VM behind our corporate firewall and got it loaded up to 250 users so far. Very fast and rock solid which is why I picked it in the first place. Also been using pfsense at home for years without issues.
@dishendra. Жыл бұрын
I have been using zerotier for more than a year now, installed it on my router running openwrt. Works like charm, fulfilling the requirements.
@AndreasSpiess Жыл бұрын
Thank you for sharing your experience!
@Anavllama Жыл бұрын
All good comments below, wireguard is far easier than most other VPNs and zerotier is not that simple (perhaps from a single user device setup but so is WG). Where zerotier really shines IMHO is for Layer2 connectivity that is harder to accomplish over L3 tunnels such as wireguard ( think mDNS and discovery in general ). Thanks for the video!!
@longinus665 Жыл бұрын
Yeah, ZeroTier seems much more complicated if you have multiple servers/devices in your home network, since they all need the ZT software installed. Wireguard works much better to fully access your network remotely. (but as mentioned, mDNS is problematic)
@AndreasSpiess Жыл бұрын
I agree. That is why I positioned Zerotier for the "IT-noobs" where it can be a good solution. It saved my a... because it was the only possibility to work with VITA49 (layer 2) for my remote radio. Wireguard did not work :-(
@adriangunnarlauterer4254 Жыл бұрын
Will make a call out to headscale. It is an opensource implementation of the tailscale server part. Really neat if you want to be entirely independent of others and want to run your own zero config vpn. It even has a unofficial webui and can be easily setup with docer. If you do not want tailscale on every machine you can add a relay node that can bridge local net to the mesh network.
@AndreasSpiess Жыл бұрын
Thank you for your additional info!
@Tntdruid Жыл бұрын
You share data whit ZeroTier, WG is still better for my setup.
@AndreasSpiess Жыл бұрын
No problem with me if you can manage it.
@DemocracyManifest-vc5jn Жыл бұрын
Can you please clarify by “data” what data exactly is shared?
@hamadico Жыл бұрын
Headscale will let you selfhost the tail scale control server. No need to uae Tailscale servers
@mormegil231 Жыл бұрын
I have been using Zerotier for quite a while indeed i am very happy with it. The website GUI is a bit anachronistic and a less technical person might have difficulties with it. But i have not had any other issues. It works really great. Α small correction is that Zero tier is not exactly open source. It has a business source license which does not fit all criteria for open source. Every version of the software starts proprietary with source code available and limited rights and becomes open source using the Apache license after a specific number of years.
@deterdamel7380 Жыл бұрын
Thanks for this info.
@AndreasSpiess Жыл бұрын
Thanks for the info and sharing your experience!
@Thommelbommel 10 ай бұрын
Please don't leave out the summary! I love it!
@AndreasSpiess 10 ай бұрын
Thank you for the feedback!
@Trught Жыл бұрын
Zerotier is end-to-end encrypted anonymous cloud managed (can be self-hosted, docker or server) tunel, have some limitations like data limit, client limit in cloud version. Wireguard is self-hosted non-anonymous tunel which need at least 1 public IP for server, no limits, no clouds, fast and light server can run directly on router. Usage depends at preference and conditions.
@AndreasSpiess Жыл бұрын
Thank you for your additional information!
@zuighemdanmaar752 Жыл бұрын
not completely true. zerotier is a complete package for sd-wan networks. it connects clients to a virtual network on which those clients can communicate with each other. Wireguard is a tunnel protocol which you use to connect two devices together. With wireguard you do not need a central server. contrary to what you say about anonymity. wireguard would be more anonymous since you don't rely on a third party (zerotier in this case) to connect these devices with each other. although with wireguard you dont get the advantages of the whole zerotier package, like access management and hole punching.
@tonyhawk123 Жыл бұрын
I'm curious why Zerotier would have a “data limit” if its just there to initialise the direct connections?
@Trught Жыл бұрын
@Zuig hem dan maar In case of metadata, is ZeroTier is more anonymous, your ISP see only connecting to zerotier cloud, otherwise self-hosted wireguard is peer to peer, your ISP see IP address of yours peers.
@Trught Жыл бұрын
@@tonyhawk123 I think no, data flow through their infrastructure because packets are encapsulated, but you can self host own zerotier server.
@DemocracyManifest-vc5jn Жыл бұрын
First of al you did an incredible job explaining the network, internet and some do the challenges thereabouts. These extend to corporate and cloud applications as well. I wish I had this in college, amazing job
@AndreasSpiess Жыл бұрын
Thank you! I am glad you liked it.
@renobodyrenobody Жыл бұрын
Thanks for the video. I use zerotier since years and Tailscale for the last six months. I want to add I am in China and everything is difficult behind the great numeric wall. I found Tailscale quite easy to use especially with the exit node (never been able to configure it with zerotier).
@AndreasSpiess Жыл бұрын
Thank you for your information. Another comment asked exactly what you answered: Does it work in China ;-) Concerning the exit node, I just added a route (0.0.0.0/0) to Zerotier... But I agree, documentation is not always easy to find.
@renobodyrenobody Жыл бұрын
@@AndreasSpiess Yeah, Zerotier and Tailscale are working fine from China. I have a server in France and I can use it as an exit point for internet. In fact, I use a VM on the server to use it as the exit point for internet, because if you miss something, the server could be unreachable. At the opposite you could always stop and restart a VM. This solution is far better than any VPN because it works all the time and you can manage it. Nord VPN is not working, True VPN is not working and plenty of VPNs are either ultra expansive or unusable (sometimes both). The less expansive one working fine in China is Mullvad. In China you need at least one VPN, but using a machine elsewhere in the world with tailscale is a better daily solution. Andreas, I am an old engineer guy, I love computer science and code, and I really enjoy your channel. Thanks a lot for all the resources published!
@ryankendrick4147 Жыл бұрын
Some notes: Zerotier can only be used for non-commercial uses for free & you're capped at 25 nodes unless you self host the controller. Zerotier does require open ports or relays, but the open ports only have to be on one-side at least & can be achieved via UPnP. Side note: At work, I own the roadmap for a scalable network orchestrator that deploys Wireguard and IPsec tunnels to Linux boxes via Ansible. I know that there is a bit of a learning curve for home-labbers but well worth it to learn network automation for the CV. I use both Zerotier and Wireguard for my home lab, but for different use cases. I've also used OpenVPN and Hamachi back in the day.
@AndreasSpiess Жыл бұрын
I agree that Zerotier is more for noobs like me. If you have enough knowledge, Wireguard is a good thing...
@ewm5487 Жыл бұрын
Thank you Andreas, as always you inspire!👍For the time being I'm very happy with WireGuard running on 2 SBCs and connecting 2 locations since 2 years without interruption. I'm a little scared to register at some service. But will look into ZeroTier!
@AndreasSpiess Жыл бұрын
Never change a winning team ;-) If you managed the setup, Wireguard is a good solution.
@canadianwildlifeservice8883 Жыл бұрын
Great video. Unfortunately sometimes firewalls will block UDP traffic (even UDP on port 443...the QUIC protocol), Since Wireguard uses UDP, this is where the problem is and is why Wireguard is known for not working when attempting to bypass firewall restrictions. OpenVPN, which can use either UDP or TCP, is not so easily blocked. So many times, people will still choose to use OpenVPN on TCP port 443 over Wireguard. TCP on port 443 is known as HTTPS and is what is used for normal secure web browsing and is not blocked by firewalls since doing so would basically break the internet as we know it.
@AndreasSpiess Жыл бұрын
Thank you for the additional information! Interesting.
@giorgiog541 Жыл бұрын
Honestly ifail to see the solution presented in the video as better than wireguard, considering that a third party cloud provider is used, and each client have to share each connection with the service. Personally, ive been accessing my network securely from outside for a few years now, by having a (virtual) wireguard client in my local network connect to a server hosted in a vps (which i also use for other things other than hosting wireguard) then i connect to said server from any other wireguard client(for example, from my phone or laptop) to be instantly able to connect to my local network. No need to trust your data to any cloud service or opening more ports for this. Still, i find this video informative an might be a nice option for newbies, but being dismissive of industry standard software such as wireguard because "'convenience'" is bad advice imo.
@AndreasSpiess Жыл бұрын
Your solution is for sure good. But I doubt many non-IT guys like me use it. Most Wireguard videos (including mine) I saw promoted the way I described.
@LackofFaithify Жыл бұрын
I mean...you're paying a company that is, neither a first, nor second party yes? You're entirely sure they cannot access your vps on their hardware in their possession? Even renting a data center rack and installing your own hardware requires a third party...the data center. And your vps also comes with its own private data connection it absolutely does not physically share? Maybe vps means something different in different places?
@giorgiog541 Жыл бұрын
@@LackofFaithify true, there are many vps companies out there. Still, which do you think is more secure, a (correctly configured) vps from any known provider or ZeroTier? With the latter, you're not only sharing your connection and personal data but also you're managing your connections from their website.
@AMian-yf2hn Жыл бұрын
1. An important plus of Zero Tier over other "VPNs" is that ZT, after initial connection to the server, will then connect devices to each other in a shortest path fashion. So you get minimal latency which is crucial for interactive apps like gaming or VoIP. 2. Reading the Tailsacle/Headscale docs tells me that they do deal effectively with CGNAT, vs many comments here about native Wireguad's inability.
@AndreasSpiess Жыл бұрын
You are right. I thought, I mentioned these facts.
@AMian-yf2hn Жыл бұрын
@@AndreasSpiess I didn't notice these comments in your video when I watched some days ago. But you can always add text box comments on the video later 🤗
@the-papaw 6 ай бұрын
Very, very good video. You explain things very well, stay to the point. Very well done!
@AndreasSpiess 6 ай бұрын
Thank you for your kind words!
@erpepl Жыл бұрын
I would disagree if WireGuard belongs to past times...
@AndreasSpiess Жыл бұрын
Me too. But in the not so professional market, I assume, these newer solutions will be a hard competitor.
@jesserockz Жыл бұрын
Me too, Tailscale and CloudFlare tunnels use wireguard to connect everything. You just don't have to manage the keys and connections yourself.
@nescius2 Жыл бұрын
@@AndreasSpiess in _not so professional market,_ hard competitors only need bigger marketing budget.
@hansjoerggraesslin3331 Жыл бұрын
In new fritzbox even WireGuard is built in and can be used with the fritzbox dyndns service without installing anything …
@Howard_Roark Жыл бұрын
Wireguard can’t use dedicated Encryption ASICs which slows it down HUGE compared to other methods using AES encryption.
@Roberto-dd1te Жыл бұрын
Loved the QR acrobatics!
@AndreasSpiess Жыл бұрын
:-))
@Penguinz4LOLZ 2 ай бұрын
10/10 Very educational :=). I'll be setting this up later to access a local SMB drive from outside my local network.
@AndreasSpiess 2 ай бұрын
Thank you!
@Sybux_Origin Жыл бұрын
Time to time depending on your hardware, a very simple solution at zero cost, it to use VPN server installed within your router, or if you have from a Synology (only one port needed). So in that way, you're directly connected to your local network. You only need to install or configure VPN on your device to get connected
@AndreasSpiess Жыл бұрын
Good point. Still, you need a fixed IP or a DynDNS service...
@KarelSeeuwen 11 ай бұрын
I've been using Zerotier One for about 10 years now. Sometimes I need to reboot a device, and sometimes I have to make sure that the zerotier software is updated to the same version on all devices. Apart from that, as the guy with the swiss accent explains everything is just connected in one (big) private network.
@AndreasSpiess 10 ай бұрын
Thank you for sharing your experience!
@elcanner1170 Жыл бұрын
11:30 is wrong. You CAN forward to VPN tunnel only your vpn network's traffic. There is many ways you can route your traffic to VPN or to public internet. For example routes in your OS... It works everywhere, Windows, Mac, Linux... rooted Android. Console commands to print all your routes: Linux - ip route Windows - route print MacOS - dont know, google yourself :) ip route should work, but i'm not sure. Manage routes in OS is simple and easy to google. Anyway THX for video and review of this interesting project.
@AndreasSpiess Жыл бұрын
I agree that it can be done. However, the commercials I saw suggest that this is not the default setup.
@dannymeier6325 Жыл бұрын
Guten Morgen, im Video wurden noch andere Services wie Nebula, Cloudflare oder Tailscale genannte. Was war ausschlaggebend Zerotier zu nutzen, resp. wo unterscheiden sich die anderen?
@AndreasSpiess Жыл бұрын
Der Ausschlag für mich gab, dass es im Teltonika Router vorhanden war. Deshalb kenne ich die anderen Services auch nicht. Es gibt aber videos zu all den andern. Mir war es wichtig zu zeigen, dass wir hier eine neue Art von Netzwerken bekommen haben.
@alx8439 Жыл бұрын
Be careful with Cloudflare. If you’re aiming to send/receive a content other from HTML (like video streaming) they will ban you
@iAnguel 5 ай бұрын
Cloudflare Tunnel ist eher dafür gedacht, exposed services wie Webapps via HTTPS im Internet bereitzustellen. Cloudflare sichert dann die Verbindung und das Login ab und präsentiert sogar ein HTTPS-Zertifikat, man sollte sich aber bewusst sein, dass man darüber nicht riesige Mengen an Daten schicken soll, da man sogar gesperrt werden könnte. Außerdem sollte man wissen, dass Cloudflare den Traffic entschlüsselt und scannt, das hat für die Sicherheit Vorteile, könnte aber aus Datenschutzgründen für manche Anwendungen problematisch sein. Mal bei Heise schauen, da sind so einige Artikel über Zerotier und Co. Es wird auch über DSGVO-Konformität diskutiert, wobei das meines Erachtens viel unproblematischer ist, als eigene bzw. Kundendaten z.B. in die MS-Cloud abzulegen ;-)
@user-uy4ty9vt2x Жыл бұрын
The latency was 300ms to 400ms for Zerotier and 50ms to 60ms for Tailscale. The structure is exactly the same. The difference only Zerotier or Tailscale. I wonder why.
@AndreasSpiess Жыл бұрын
I do not think so.
@cody83462 Жыл бұрын
When using Zerotier, this web service can access your "private" network. So you have to trust it. This is not the case with wireguard, which is more secure. Hosting Zerotier yourself would solve that problem, but then it is not less complicated than Wireguard.
@user93237 Жыл бұрын
Can they really access your private network? Aren't the keys only stored locally on the clients?
@cody83462 Жыл бұрын
@@user93237 I am not entirely sure, but as seen in the Video, you can authorize new clients from the web interface to join the network. I assume this auth information is accessible on the server. So an attacker who hacks this web interface can add his own client.
@cody83462 Жыл бұрын
(And the attacker could be Zerotier itself)
@AndreasSpiess Жыл бұрын
I am no security specialist. And I agree: If you do not trust Zerotier (or the many other people using it), this is probably not the right choice.
@avejst Жыл бұрын
Impressive video as always 👍 Thanks for sharing your expirences with All of us 👍😀
@AndreasSpiess Жыл бұрын
Thanks for watching and commenting!
@doranku Жыл бұрын
Missed opportunity Andreas: If you want to STUN your boss and TURN their world about VPNs upside down: mention UDP hole punching.
@AndreasSpiess Жыл бұрын
I do not understand your point :-(
@doranku Жыл бұрын
@@AndreasSpiess STUN (RFC 8489) and TURN (RFC 8656) are protocols to help with the communication behind NAT problem. So a play of words with UDP hole punching related protocols. And BTW you know so much things I know nothing about myself, that is why I like to watch your content.
@AndreasSpiess Жыл бұрын
Now I understand. Indeed, I am a networking noob! But, with such videos, I catch up a bit ;-)
@zyghom Жыл бұрын
@6:17 - eh, such an error my friend! of course we can have 2 HA with the same port in our home network - just on different IPs internally and then port forwarding on Router accordingly - I am using this approach for years ;-)
@AndreasSpiess Жыл бұрын
Interesting! I thought I only had one IP address for one port on my firewall.
@zyghom Жыл бұрын
@@AndreasSpiess HA1 on IP1, port 8123 - on the router forward i.e. 8123 to IP1:8123. Second HA: IP2, port 8123 - on the router forward: i.e. 18123 to IP2:8123. This way 2 HA working behind the router, both accessible from internet
@q9a Жыл бұрын
Das haben sich die Entwicker bei den SIP Telefonen abgeschaut 🙂 …… dort wird auch mit UDP hole Punhing eine Direktverbindung der Sprachsignale RTP gemacht, um die 100ms für ein natürliches Gespräch zu halten. Beim Carrir grade NAT wird allerdings ein "kleiner" Umweg über den NAT Servers des Telefonanbiehters genommen für den Fall, das ich sowohl zu Hause als auch beim Anbiehter den gleichen Anbiehter haben sollte ………
@AndreasSpiess Жыл бұрын
Gut zu wissen! Ich bin im Moment in einem andern Projekt viel mit SIP Telefonen beschäftigt (AREDN)... Vielleicht wurde dieses "hole punching" ja für VOIP erfunden.
@q9a Жыл бұрын
@@AndreasSpiess Ist die erste Anwendung wo ich das so gesehen habe, dann kamen die IPv6 tricks von M$ …… und jetzt eben das.
@waynereuvers6157 Жыл бұрын
Hi Andreas I love your videos - they are very informative and no wasted time. Thanks!! I am having a bit of trouble in configuring the ZeroTier add-on in Home Assistant to be the Ethernet Bridge. Any ideas on how to do this? Is it even possible?
@AndreasSpiess Жыл бұрын
I am not sure if this is possible because it runs in a container...
@swagger1262 Жыл бұрын
I tried old protocol such PPTP L2TP SSTP as well as OpenVPN IPSec IKEv2 ngrok Wireguard Tailscale Cloudflare tunnel etc. Almost every ISP will give you private IP and it is very likely CGNATed or double NATed and you left with two choices Zerotier and Tailscale. I can say Zerotier is the best way to go. No need port forwarding, dynDNS, no extra tinkering. For most of my project, speed and latency doesn't matter. If you need extra speed and low latency, pay for public IP and use Wireguard but you still need dynDNS to point your dynamic public IP. Unless another extra money
@alx8439 Жыл бұрын
Actually there’re more options. One is mentioned on this video - Nebula. Then there are Tor hidden services and all other overlay networks like GNUNet/FreeNet/IIP
@AndreasSpiess Жыл бұрын
Thank you for sharing your experience!
@swagger1262 Жыл бұрын
@@alx8439 Agree, there are a lot options! Wireguard protocol himself has many variant such as Netmaker and Tailscale Question is, will you deep dive into networking? If not, keep it simple
@italo_coelho Жыл бұрын
Thank you for the great video, as always! I have set up Tailscale subnets for the IP`s range on PCs running in the networks where I have custom ESP projects running in hopes to upload code to them remotely. Even though I have been able to ping them and send HTTP requests I am not able to upload code to them via Arduino IDE or PlatformIO by setting their IP as the Upload Port. In Platformio I get that no response is received but it seems to locate the device and send the invitation successfully. Any ideas on what might be happening here?
@AndreasSpiess Жыл бұрын
Maybe the same issue I had with my radio. I would try Zerotier and enable the Ethernet option. Or do the same if tailscale has this option.
@greg4367 Жыл бұрын
Gretings from San Francisco. Thank you, (useful && interesting), as always.
@AndreasSpiess Жыл бұрын
Thanks for watching! And greetings to SF.
@MrDwienie Жыл бұрын
I don’t know if already mentioned, if your run openwrt on your router you can install ZeroTier on it as well then you don’t need to install anything on your network behind the router. You mentioned also that you can watch tv like at home through ZeroTier but that part I couldn’t get working yet. I think it is because ZeroTier needs ip addresses and not dns names? Or is my config wrong?
@AndreasSpiess Жыл бұрын
You probably just stopped the video before I showed these possibilities ;-)
@arbelarad1980 Жыл бұрын
there is a self hosted version of tailscale as well, called headscale. no accounts needed.
@AndreasSpiess Жыл бұрын
Good to know. Thanks!
@williambonomo 4 ай бұрын
That is exactly what I was looking for. Thank you very much.
@AndreasSpiess 4 ай бұрын
You are welcome!
@McTroyd Жыл бұрын
Around the time we were all talking about the "Fire Sheep" cookie intercepting plugin, maybe 10 years ago, I finally buckled down and forced myself to slog through an OpenVPN configuration on my home server. As someone who is otherwise comfortable with computers, the hardest part was figuring out OpenSSL certificate generation for the first time... OpenVPN itself was actually kinda easy. (At least, it's easier than some of the stuff I've seen you build on this channel.) Not friendly at all to someone who isn't otherwise comfortable with computers, though.
@AndreasSpiess Жыл бұрын
I think, each step of the VPN setup is not too complicated. But you need a few of them and, if it does not work, it is not easy to find the issue if you are no networking specialist. Wireguard is even easier with its QR code certificate distribution.
@JohnWhittle 5 ай бұрын
This has been super helpful. Nice easy presentation to follow. Thanks!
@AndreasSpiess 5 ай бұрын
Great to hear!
@fillempie1501 Жыл бұрын
I think UDP punch-hole is a bad idea. You have to open a 'gate' for the ZeroTier network to reach the clients on your home network. Yes it works for the happy-flow. I understand the simplicity of the solution. But simplicity can be a danger if you dont know what you are doing. My advice, dont show off with UDP punch-hole when talking to your boss :)
@AndreasSpiess Жыл бұрын
Thank you for your advice!
@elalemanpaisa 19 күн бұрын
you don't need to install it on all server you can just simply install it on one server which acts as a router and does the translation in the home network which is pretty transparent
@AndreasSpiess 10 күн бұрын
I agree. But then you lose the "Zero trust" idea...
@laveur Жыл бұрын
I would like to add its not that hard to create a proper VPN depending on what kind of router you have. I have a Ubiquity Dream Machine, and honestly it's a small bit of configuration on my router to set up a VPN that allows me access to my network from a remote device with ease. A UDM is pricy (~$400 US) but it's really worth it for being able to fine tune my network. I added an entire subnet for just IoT devices and things that might be connecting to hostile countries without my knowledge.
@AndreasSpiess Жыл бұрын
Good decision if you can choose. Here, we usually get the router from the utility because it is part of their network (I get internet via coax, for example).
@canadianwildlifeservice8883 Жыл бұрын
That is true. Ubiquity dream machines and Router support Wireguard and recently added support for OpenVPN (I think version 3 of the Unify OS will drop the requirement for the cloud service if it didn't already).
@canadianwildlifeservice8883 Жыл бұрын
@@AndreasSpiess Those ISP modem/wifi/gateway devices. Uhhh...I hate them too. :) You have to put them in bridge mode to be able to use your own router. they are horrible for security.
@AmauryJacquot Жыл бұрын
zerotier is fine for certain usages, that you described. wireguard is used for other use cases which are not a good fit for this zerotier thing.
@AndreasSpiess Жыл бұрын
I agree. As a networking noob I will not create videos about networking for professionals. Just for Makers like me ;-)
@paullacatus8975 Жыл бұрын
Done, Thank you . Connected the IOTStack running pi with Grafana and node red to zerotier network !
@AndreasSpiess Жыл бұрын
Cool! I also will only connect to IOTstack and HA. An additional security layer...
@paullacatus8975 Жыл бұрын
@@AndreasSpiess Only tested as client not router. Also had some problems with latest IOTTstack, had to edit by hand docker-compose.yaml file that had some issues on network definitions
@AndreasSpiess Жыл бұрын
On discord, you should get help. Paraphraser does an excellent job!
@TheMonemone2 Жыл бұрын
You can always map a different port number to another home assistant instance. It doesn’t need to be 8126 on your router.
@AndreasSpiess Жыл бұрын
Thank you for the info!
@rgferreira78 18 сағат бұрын
My use case is remote gaming on my remote PC (windows 11) playing on Apple Vision pro, installing the ZeroTier One app both on windows 11 and VisionOS. It works perfect and super easy to set up, but the speed is capped at roughly 1 Mbps, which is not enough for 2k or 4k remote gaming. Any clues on how to speed this up?
@AndreasSpiess 12 сағат бұрын
Unfortunately, no. I never did speed tests. But I am sure you will find info at specialized sources.
@RuskiRozpierdalacz Жыл бұрын
As I have public ip address I'm going to stay with wireguard - less 3rd party services the better, but good to know there is a reliable alternative. IIRC this NAT traversal is a big pain for example for teamviewer.
@AndreasSpiess Жыл бұрын
In my case, the initial motivation was CGNat that seems to be very hard to "punch"... But now I like its simplicity.
@-Z-.-S Жыл бұрын
@@AndreasSpiess you may get a native ip4 address from your provider (just ask them) - it will change though - but dndns helps in that case
@markuszingg3131 Жыл бұрын
Nice and informative like always. I kind of desagree though when it comes to WireGuard. This is extremly simple to set up, epsecially if one uses PfSense for the firewall. I also trust much more in the ~1550 lines of c source code that WireGuard is composed of. But hey, everybody shall be happy with what ever he or her chooses.
@AndreasSpiess Жыл бұрын
If you are able to operate pfsense, you probably do not need a simple service like Zerotier ;-)
@scotthibbs Жыл бұрын
@@AndreasSpiess You are so cool btw - long time subscriber! I use wireguard with my vpn on pfsense. But my vpn doesn't allow any ports. Got to this video to solve setting up a minecraft server for my extended family with zerotier. However your graphic at 13:43 shows you may have solved me remoting into my 6600 too! Thank you for the videos!!!
@tttuberc Жыл бұрын
I've been using Tailscale. How's Zerotier compared to Tailscale in your opinion? I see you mention that we can host our own server which I think a plus, though I wonder if there are more to it. Thanks
@AndreasSpiess Жыл бұрын
From what I saw they are very similar. I chose Zerotier because of my CGNAT problem. But I did not try Tailscale.
@MeLovingLive Жыл бұрын
Genau was ich brauche für mein Home-Lab. Super Video
@AndreasSpiess Жыл бұрын
Danke!
@dragonclaw88 Жыл бұрын
my problem is i have internet service where i live but no access to the router...so i can do nothing with ports or anything where i need to change a router setting...its annoying and tricky...still havent found a steady and easy enough method to access my pc
@AndreasSpiess Жыл бұрын
With Zerotier you should not need any changes on the router.
@rockking1379 Жыл бұрын
I use zerotier to connect mikrotik devices together. I manage networks for family members so it’s nice being able to connect in without having to go to their house.
@AndreasSpiess Жыл бұрын
Thank you for sharing your experience! Cases like that were in my mind when I made the video.
@CazYokoyama Жыл бұрын
If you use TP-Link router, it provide VPN service and you don't need to have dynamic DNS service such as NO-IP. TP-Link provides.
@AndreasSpiess Жыл бұрын
Good to know. Thanks!
@astrogerard 9 ай бұрын
Wireguard is easy to setup, easy to configure and easy to use. And don't forget, if the product (like zerotier) is free, you are the product.
@AndreasSpiess 9 ай бұрын
Wireguard is also free ;-)
@astrogerard 9 ай бұрын
@@AndreasSpiess True for the software but not for the service. ;-) Keep up the good work!
@geerliglecluse5297 4 ай бұрын
If you have a Mikrotik router with version 7 of their Router OS, you can install ZeroTier directly on the router. No need to use a Pi or VM.
@AndreasSpiess 4 ай бұрын
I agree (and use it in the meantime).
@mcconkeyb Жыл бұрын
Nice! This might be the solution that I've been looking for. I've had several problems in the past when I allowed outside connections to my home network. I've been looking for a good security solution that is low cost for quite a while now. 🙂
@AndreasSpiess Жыл бұрын
I hope it will help!
@keithwhite2986 Жыл бұрын
Another interesting and potentially useful to me video. If ever I get around to it Zerotier is on my research and consider list along with decentralised distributed ledger technology VPN options, may be Orchid or Mysterium?
@AndreasSpiess Жыл бұрын
I never heard of Orchid or Mysterium :-( These services seem to work differently and increase our choice...
@cheaterman49 Жыл бұрын
Did you use an AI to read the script? Somehow your voice sounds more metallic than normal haha EDIT: Never mind we can even hear the different mic at one point haha, your speech is just that good :-)
@AndreasSpiess Жыл бұрын
Unfortunately, I was ill the whole week :-(
@cheaterman49 Жыл бұрын
@@AndreasSpiess ouch :-( me too! Get better soon 🤗
@ErikThiart Жыл бұрын
Wiregaurd is the future. With a MikroTik it's unmatched.
@AndreasSpiess Жыл бұрын
If you have the knowledge: I agree.
@dimadiman3093 Жыл бұрын
This is bad! A third-party server is involved!
@remy44444 Жыл бұрын
No, you can host your own coordinator server if you choose zero tier, but in any case in order to initiate connection a port must be open, so for critical application, you will have to pay some $$$...
@giorgiog541 Жыл бұрын
@@remy44444 if you need to host, might as well choose wireguard instead
@AndreasSpiess Жыл бұрын
I thought I mentioned that you can host your server if you want. But then I would not use Zerotier, I think...
@joehopfield 5 ай бұрын
Heh, my clinching interview question at google 17 years ago was about UDP hole punching. Everything old is new again.
@AndreasSpiess 4 ай бұрын
Indeed, some things age good, And some get forgotten fast. Not easy to forecast which ones...
@lordsinclair1st Жыл бұрын
I disagree, I set up wireguard via piVPN on several Raspi's in very short time. My own VPN with above implementation runs smooth and stable since more than 3 years. Furthermore, the point is (for me no.1 priority) to not be dependent on third party services, since I simply do not trust them.
@AndreasSpiess Жыл бұрын
If you do not trust third parties, then your solution is best!
@guypierrette Жыл бұрын
I agree. I installed wireguard by pivpn it was so easy. I am not IT guy
@farmanshaikh6405 Ай бұрын
Great video. Thanks for sharing 👍
@AndreasSpiess Ай бұрын
Thanks for watching!
@user-uy4ty9vt2x Жыл бұрын
I wonder what is the difference from tailscale? I use tailscale for voip and the latency is so good.
@AndreasSpiess Жыл бұрын
From what I know, the differences are small.
@user-uy4ty9vt2x Жыл бұрын
@@AndreasSpiess Tailscale only needs to sign up and an IP address will be allocated automatically . I think Tailscale is simple rather than Zerotier. But Tailscale couldn't allocate an IP address manually.
@ensarija Жыл бұрын
6:20 you mean you can't have it SET in router for port forwarding? Because it wouldn't make any problem on local network (or internet) when you have same port (application) open and multiple computers. IP + port creats enough variance. It would be like saying we can't have more than one port 80/433 (web port) on the internet.
@AndreasSpiess Жыл бұрын
I do not exactly understand your question. For HA you usually have to foreward port 8123 to the IP address your HA runs.
@bub378 Жыл бұрын
When setting up Zerotier on the Teltonika LTE, does every device connected to the Teltonika need to be added manually or is all the traffic routed through zerotier? Would you be able to access the device connected to the Teltonika as you would on a local network?
@AndreasSpiess Жыл бұрын
The trick with using Zerotier on the Modem/Router is that it connects the whole local network to the Zerotier network. This was necessary because my radio does not offer a local Zerotier client (same with printers and many other devices)
@MacLimitRange 8 ай бұрын
Tailscale use the WireGuard protocol, NordVPN uses the Wireguard protocol and Wireguard and OpenVPN are both protocol. So... That's like hahving a LAN via internet, not what a VPN do, VPN are used for totally different stuff. Having a private LAN is nice, but it can't do what a VPN can do.
@AndreasSpiess 8 ай бұрын
Different definitions of VPN exist.
@Glatze603 9 ай бұрын
Using a VPN-Provider and accessing the own homelab are completely different matters! Usecases for a VPN provider are IP address obfuscation, bypassing geo-blocks for streaming reasons. This doesn´t work with Tailscale or Zerotier. For accessing homelab both solutions are nice (headscale instead of the tailscale controller,so it is completely self hosted). Twingate is even better in my opinion because there are more zero trust aspects.
@AndreasSpiess 9 ай бұрын
I agree that VPNs offer additional services. So go for it if you need them. I am not very much in Netflix etc ;-)
@dougbas3980 Жыл бұрын
I am trying to decide what to use. Another source recommended Tailscale. What was your reasoning for picking zerotier? Thanks, Doug
@AndreasSpiess Жыл бұрын
It solved my problem of transporting Level2 messages (VITA49) through CGNAT.
@MrRabbott1 6 ай бұрын
Great video! I use openwrt and found that the full tunnel fails on reboot. Tried different config files to make sudo zerotier-cli set allowDefault=1 permanent after reboot but all fail. Enter through ssh and it’s al fine again. Any ideas what I can do to make it persistent please?
@AndreasSpiess 6 ай бұрын
I use it on my Mikrotik router (which uses a sort of openWRT). Here, it starts automatically after reboot. But I do not know how they do it.
@micky1067 10 ай бұрын
Zerotier selfhosted is ok. But whe you sit in china it is slowly. It uses relay server. I don't know if this can be changed. ???
@AndreasSpiess 10 ай бұрын
From where I live I cannot answer your question :-( . Here, the traffic is routed directly via the internet, not across the Zerotier network.
@InsaiyanTech 11 ай бұрын
Can I not use tailscale with NordVPN? Since NordVPN hides my IP and I just want tail scale so I can access outside my network but I want everything secured
@AndreasSpiess 11 ай бұрын
I do not know :-(
@sunbro4223 6 ай бұрын
When i open zerotier,it opens for a second and disappears.İ was using zero tier before and i was not having any problems,can you help me?
@AndreasSpiess 5 ай бұрын
Unfortunately, I cannot do remote debugging. Maybe they have a help desk?
@PopovGP Жыл бұрын
There is a huge problem for RDP behind ZeroTier in Mikrotik, it freezes after couple of minutes. Connection to Mikrotik router (and and another end point) works fine. But I want only on ZeroTier connection to my router, after that I want to split connections - ports 3389 to one server, another ports to another. I added a NAT rule, it works for outside connection, but RDP freezes. On WireGuard RDP works fine.
@AndreasSpiess Жыл бұрын
Interesting! I also own a Mikrotik router, and for me, it is so complex that I am always happy if it works ;-)
@danedwards_ee Жыл бұрын
Thanks, might be something I will look into. Had issues with my remote pi not updating the IP on dynDNS.
@AndreasSpiess Жыл бұрын
That is bad. Should not happen.
@danedwards_ee Жыл бұрын
@@AndreasSpiess Found the reason.. The endpoint IP was changed to an IPV6 IP. Damn
@GillesBruno38 Жыл бұрын
Interesting ! Thanks Andreas 👍
@AndreasSpiess Жыл бұрын
You are welcome!
@debnathmriganka2010 Жыл бұрын
Good Morning Sir, Can you help me one thing, I want to access my home pc without port forrowarding, I would like to say i can do this anydesk or teamviewer or any VPN, but i want to know if any simple process using cloudflare tunnel and gucamole I am using gucamole at my oracle cloud server I want to access my home pc via my gucamole account.
@AndreasSpiess Жыл бұрын
I do not know cloudflare :-(
@MisterkeTube Жыл бұрын
That setup of Zerotier seems susceptible to MITM attacks as you don't seem to need manual secure transfer of a secret ... Sure, you still need to accept the connecting host, but a MITM could register itself when you are adding a system and the attacker could get in the middle ...
@AndreasSpiess Жыл бұрын
I am no security expert, but accepting the connection seems to be reasonably secure for me because it needs my credentials (other than the number of the network)
@npgoalkeeper Жыл бұрын
Keys are rotated every 2 minutes with FIPS-compliant key exchange algorithms. I’d say the crypto itself is fine. As far as approving devices go, the admin should check that the ID generated on the device is the same one that appears in the web UI, though anyone at scale should be using SSO which provides all the authentication/authorization/accounting you could ever want.
@julias-shed Жыл бұрын
Thanks for that I wanted to connect my HA pi to the inter webs 😀
@AndreasSpiess Жыл бұрын
Glad I could help!
@tonysheerness2427 Жыл бұрын
Why do we need an intermediary, why can't we connect directly to our devices. Wired routers go to a the cable infrastructure companies such as open reach in the UK part of BT to the old switching hubs. There you have a card with a unique address that id you want to switch suppliers openreach can give the number so the new supplier can connect your router. Why do we need a middleman (VPN supplier) why can't we just access this card by its number?
@AndreasSpiess Жыл бұрын
I gave the explanation I have. I do not know more :-(
@MariusVersteegen Жыл бұрын
Haha - Hi Andreas - I've got an out of context remark: I'm looking forward to your comparison of the Arduino Giga with ESP32-S3 :-)
@AndreasSpiess Жыл бұрын
I do not think these are comparable. They are made for very different projects, I think
@MariusVersteegen Жыл бұрын
@@AndreasSpiess In that case, for some projects it can be viewed as an "ESP32 killer", I'd say :-) Ah well, I guess you mean that the ESP32 should be compared to modules with similar surface dimensions / a similar amount of pins?
@AndreasSpiess Жыл бұрын
And Wifi. And price...
@MariusVersteegen Жыл бұрын
@@AndreasSpiess Ah well, the Giga offers both Wifi and BLE. That is, the Arduino Giga R1 Wifi, which I think is the only Giga version around for now. Ah well, I guess you're right about the price difference...
@meinsda5983 Жыл бұрын
Andreas when do you publish the video about the zerotier and teltonika? I can't finde them. Do you know, you can also install the zerotier on your miktorik Switch you get from me?
@AndreasSpiess Жыл бұрын
1. The Zerotier video is on my second channel (HB9BLA) 2. I anyway would like to chat with you concerning my router. In the next months, I should get "optical internet" and I am thinking about how to proceed with the new situation.
@meinsda5983 Жыл бұрын
@@AndreasSpiess i don't get any reminder of your 2nd channel a long time... i will look. Contact me on discord, there we can talk
@maxmeier532 Жыл бұрын
What if wireguard runs directly on an LTE modem/router (e.g. Fritz!box offers that)? Will wireguard vpn work in that case when your home network is on a cellular carrier?
@AndreasSpiess Жыл бұрын
I was not successful with this scenario. I think you have to try.
@BerndFelsche Жыл бұрын
I set up OpenVPN on the routers of a customer about 20 years ago. All the computers were interconnected as each connected site had its own subnet and site to site traffic was routed transparently via routers using the VPN. Even at the 6Mbps of the slowest Internet connection, it was still way faster than ISDN and frame relay offered by the Telco monopoly. The telco was using fibre MPLS infrastructure so it could have done much better ... but a monopoly is the only game in town.
@AndreasSpiess Жыл бұрын
So you were very advanced! I remember the global networks of my big customers. They usually had to rely on one of the big providers. And it was very difficult to get connections to plants in the "woods" back then. However, connectivity and speed were much more important back then. Today, security seems to be the biggest topic.
@taldmd Жыл бұрын
I've been running my personal VPN for some years now using Wireguard, OSPF (FRR) and a couple of cheap-ass (1-2 €/month) VPS from different providers in different countries. Reliable as hell. Wouldn't change it for a "cloud service" like ZT or TS. Services are bound to disappoint you. If you have the skills to do it yourself, don't trust them. Otherwise, your video is fine.
@AndreasSpiess Жыл бұрын
I agree!
@mikewa9097 Жыл бұрын
Andreas unfortunately I'm not a fan of trusting this type of provider. If you have a good firewall with VPN endpoint capability and a Static Public IP address, you then have more control and visability of whom is connected to your VPN. As well as being able to publish your services directly to the internet. You could always pick a virtual machine hosting company that give public static addresses and stand up a VPN endpoint for your private devices to connect to.
@AndreasSpiess Жыл бұрын
It seems you are very "fluid" in IT. So you do not need a service like Zerotier. BTW: Why do you trust a hosting company? I thought they have many more possibilities to spy on you.
@mikewa9097 Жыл бұрын
If you go with a local ISP that you know and trust, like AussieBroadband for me, then you or I can have more faith in the solution. A virtual server offering where you supply the OS, including static public IP, or the ability to purchase 1RU rack space and a public IP address to host a firewall with VPN server capability will do the trick. Use a known firewall brand like Fortigate to provide your termination point. Then simply have all your external or travelling clients terminate on the same public IP where they will have only access to each other controlled by your firewall rules alone. And Fortigate includes 2 free fortitokens for 2FA. Cheers.
@MrGhost. Жыл бұрын
It's much simpler if you go IPv6, no need to worry about Nat and Cgnat. I use IPv6 for all my systems, and wireguard when i need .
@remy44444 Жыл бұрын
Practically impossible, for many ISP simply won't provide one, on countrary IPv4 on demand for 4$ a month.
@WereCatf Жыл бұрын
Easier said than done. E.g. my ISP is *still* dragging their legs on implementing IPv6 even after years of empty promises. Thankfully, I ain't behind CGNAT and my IP-address hasn't changed either for about 5 years now, so that's not a problem for me personally.
@TMS5100 Жыл бұрын
this is also a valid solution. imo building a vpn through someone else's servers is a bad idea. never exchange convenience for security. and trust no one.
@lucamarcio4110 Жыл бұрын
Hi Andreas, thank you for your tutorial but I have one question, please. Since I also need a PC with Win 10 for everyday duties, my actual hw config is an old PC with i3-3100 CPU, 10 GB RAM, 2 SSD with Windows 10 and HAOS installed on a VM using VirtualBox: I dedicated 2 cores and 4 GB RAM to HA into the VM. Can I install ZeroTier on my PC to reach Windows and HA from remote or I need an additional hw? Thank you.
@AndreasSpiess Жыл бұрын
If you want to connect to your HA, you need to install Zerotier on the HA server (HA add-on).
@lucamarcio4110 Жыл бұрын
@@AndreasSpiess thank you for your reply. I need to connect not only to my HA but also to my windows 10 PC which hosts HA in a VM
@AndreasSpiess Жыл бұрын
Then you need a Zerotier VM or use Zerotier on an IOTstack container. I do not think you can change the routing rules of containers inside HA.
@Jakeenot Жыл бұрын
I know this is pretty dry topic to cover, but I haven't found out is ZeroTier GDPR compliant in any matter. I didn't find any offical information from their website for this question. This might be pitfall for me atleast.
@AndreasSpiess Жыл бұрын
I also do not know :-(
@jirkasvitil2762 Жыл бұрын
Some parts doesnt make much sense to me. The weirdest thing to me is that it switches from the VPN style connection to direct connection between devices. As far as I know that is impossible, it would require public IP address
@AndreasSpiess Жыл бұрын
As I said: They have a lot of networking knowledge...
@notofinterest Жыл бұрын
in every add they tell you with a commercial vpn service you can switch countries and stream ‚foreign‘ content. is this true? is for ex. netflix really that stupid not to bind it to your account?
@AndreasSpiess Жыл бұрын
I never tried. But it seems it works like that. I only know that I cannot watch parts of Swiss TV if abroad. It seems that contracts with film owners are on positions, not on where you live.
@npgoalkeeper Жыл бұрын
Zerotier is mostly designed for creating P2P encrypted tunnels, with an architecture Cisco anyconnect. You can self-host your own “moon” and force all traffic through ZT like in a traditional full tunnel hub-and-spoke vpn, but that’s a lot of effort. Afaik there’s no reason why you couldn’t run zerotier for your own infra alongside a traditional vpn to get around blocks
@muctop17 Жыл бұрын
Trust my crypto company because it’s Suisse! 30 years later: It belonged to NSA & BND 😮😳😂😂
@AndreasSpiess Жыл бұрын
That indeed was an interesting coup!
@1over137 Жыл бұрын
I have used various techs over the years, but even on high speed fibre broadband the latency and QoS tends to be horrendous. OpenVPN endpoint on my WRT3400 router, with Amazon Route53 DNS. I could map my phone onto my LAN easily, but... accessing even a grafana dashboard was like treacle. Like waiting for 10 seconds for the connection, then another 10 seconds for the page even load the javascript. Other times it does quite well. Usually it's barely usable. VNC or RDP I have not tried. I think it might depend on the type of the traffic, how bursty it is and what power saving the phone is doing on it's cellular side. If you don't send data for a few seconds they have a habbit of just dropping the whole 4G data link. I think that even "nice" ISPs have lower quality of service on the outbound legs (your home network pov).
@1over137 Жыл бұрын
Note. UDP is usually the first thing to get dropped. When you tunnel TCP protocols over UDP and the packet loss rate rises from minimal the TCP connections will stall frequently when their window expires for ACKs and retries and reordering has to take place.
@AndreasSpiess Жыл бұрын
I did not do performance tests for this video, I only used my Grafana dashboard and the HA pages. They usually worked ok. I also did not experience a drop of connection. For the remote station I did tests and we got differing speeds (as you describe). I do not know where the limitations come from. But as soon as the installation is permanent I will try speed tests in the middle of the night to learn where the limitations come from.
@ingmarm8858 Жыл бұрын
I use wireguard via a very cheap but very fast domestically hosted VPS that comes standard with a fixed IP. Dirt cheap and avoids the NAT issues. Installation on the VPS and the clients is dead simple and "just works".
@AndreasSpiess Жыл бұрын
I agree. With a fixed IP things are easier...
@ziomalZparafii Жыл бұрын
Few years ago I've spent a few weeks trying to get ZeroTier to work on my RPi 1. It was shown as working in statuses but was not working in real. And after another attempts it just stopped working at all, even after clean reinstall. I gave up. I don't have public IP.
@AndreasSpiess Жыл бұрын
Maybe you try again. I installed it on several machines and so far, it works on all of them.
@ziomalZparafii Жыл бұрын
@@AndreasSpiess they might have introduced a lot of changes since then, true.
@777wsu Жыл бұрын
Guten Morgen Herr Spiess!
@AndreasSpiess Жыл бұрын
Guten Morgen!
@simelanem Жыл бұрын
Thank you, I installed it on Proxmox and my Phone, still struggling to install it on my Windows 11 laptop
@AndreasSpiess Жыл бұрын
I installed Zerotier on Windows 10 and 11 without problems...
@simelanem Жыл бұрын
@@AndreasSpiess there must be something wrong with my laptop 🫣
@allcrafter3747 Жыл бұрын
What I did is use the VPN function of my Router. It works great. Is it a good solution?
@AndreasSpiess Жыл бұрын
If it works it is probably a good solution ;-)
@wboumans Жыл бұрын
Great tip, just what i needed!
@AndreasSpiess Жыл бұрын
Glad it helped!
Lawrence Systems
Рет қаралды 67 М.
Andreas Spiess
Рет қаралды 528 М.
Craft Computing
Рет қаралды 1,2 МЛН
Learn Blue Iris
Рет қаралды 42 М.
Andreas Spiess
Рет қаралды 61 М.
Andreas Spiess
Рет қаралды 1,1 МЛН
Lawrence Systems
Рет қаралды 47 М.