thank you for the great video. I used Tailscale in the past but switched to Netbird for many reasons. You already mentioned a lot already. For me there is one killa-feature and that is, that the company behind NetBird a German company so they have to stick to the GDPR. I love it!
@prakashpoudele3 ай бұрын
I had tried getting started with tailscale/headscale combo always ended up running into issue, I tried netbird and it instantly worked, with netbird since then
@durgeshkshirsagar1162 ай бұрын
मला पण सांगशील का मित्रा कसे setup केलेस? @@prakashpoudele
@tjsimsgm9 ай бұрын
Been running netbird from v0.6.0 and it’s great it’s come along way and it’s been extremely stable, the addition of IOS and Android has been amazing
@netbirdio9 ай бұрын
Thank you for the kind words from the NetBird team :)
@sudochkinnotuos2148 ай бұрын
@@netbirdio I really like your product, but there is no exit node When it is ?
@NonyaDamnbusiness9 ай бұрын
ZeroTier is also available for ASUStor NAS devices, OPNsense, and even some retro gaming handheld custom firmwares like ArkOS.
@pankaj21069 ай бұрын
He knows but intentionally did not mention to show pfsense in good light
@PowerUsr19 ай бұрын
My only issue with Tailscale is the ACL syntax isn’t clear from the documentation. The default is a permit any which isn’t great and it doesn’t integrate with firewall rules in pfsense the way ZeroTier does with opnsense. I’m not writing json rules for ACL…there needs to be a better way to do it and clearer documentation
@curtispavlovec9 ай бұрын
Thank you and I agree 100%. TS needs a better and clearer way to define rules and ACLs beyond JSON - we’re not all developers.
@_vr7 ай бұрын
I use ZeroTier for everything network myself. So amazing! People just need to be more willing to learn. OpenWRT does firewalling really good in a GUI where I configure my ZeroTier.
@Reducer9 ай бұрын
Timely vid! I've dabbled with Tailscale, primarily because they have a good Terraform module, but I have yet to actually do stuff with this other than testing accessing my home setup from the office. Will check out alternatives.
7 ай бұрын
Tailscale with headscale as coordination server works very well for me. I would like to test netbird but currently it lacks some features that are important for me. E.g. exit nodes (will be available in march) and dual stack networking with IPv4 and IPv6. These features are already running fine with Tailscale and headscale. GoodiesHQ is currently working on an ACL UI Builder which will be integrated into the open source Admin-UI. Interesting times to come :)
@randomnoobpt8 ай бұрын
Opened this video exactly because I was made aware of Twingate, but the content I find is sponsored. Will be trying netbird, seems really easy to get things done and should be enough for my needs
@JasonBrown5275 ай бұрын
Thanks for the video. Would really like to see a performance test comparing Tailscale and Netbird in terms of throughput and LATENCY. Everyon tests throughput, but for some reason you rarely see latency info included. Edit: Netmaker has phone apps for iOS and Android now.
@DarkNightSonata9 ай бұрын
is the "Exit Node" feature on the roadmap in Netbird ? I think that is a very important feature to have, or at least its a more common usecase. hopefully it is, because netbird looks very promising.
@roadkill110009 ай бұрын
Agree. Exit node is the killer feature that would keep me from trying Netbird.
@netbirdio9 ай бұрын
We will deliver this! Thank you for pointing this out
@majorgear10219 ай бұрын
What is the use case for an exit node? I’m looking at self hosted VPN to access my home network from public networks.
@LionelSchinckus7 ай бұрын
@@netbirdioDo you have an issue on GitHub to follow this?
@Daz22815 ай бұрын
@@majorgear1021Exit node allows you to route out of your overlay network making it an actual tunnel network. Without the exit node you could still VPN to get access to your internal resources but you would exit locally depending on where your device is located.
@taoi119 ай бұрын
Would love to see a follow up to this of the performance of these networks. simple speed tests even.
@marcomoraschi39726 ай бұрын
very very nice disclosure at beginning. no sponsor here. by the way, nothings bad about sponsorship, I trust some youtubers and also with sponsor it's ok, but knowing before is a great choice. Thanks, now I can ssee the rest of the video.
@kofteistkofte7 ай бұрын
I've been using Tailscale for a while. Their ACL syntax does require a bit getting used to but does the job really well. But their error messages when I mess up could be better. But after this video, Netbird peaked my intrest. I might try it with a test environment sometime.
@chrisumali98419 ай бұрын
Thanks for the demo and info. I am using Twingate, but will try Netbird. Have a great day
@netbirdio9 ай бұрын
Thank you from the NetBird team :)
@sagarsriva9 ай бұрын
I use both zerotier and tailscale on same machines. They work together! zerotier and tailscale also work on my openwrt router
@ForestNorgrove9 ай бұрын
Why?
@majorgear10219 ай бұрын
Yeah, why?
@iglapsu889 ай бұрын
good timing. I'm a newbie to networking and just put express VPN configuration files on my Beryl Travel Router using OpenVPN. It was super easy. Not sure if this is related or not, but thought it was cool to be able to do that.
@user-hk3ej4hk7m9 ай бұрын
Zerotier here is the only option here that allows you to self host your controller without having a public IP address, even behind CG NAT. The "coordination" layer is split into routing and a controller. The routing handles connecting the nodes, and the controller (which counts as another node) authorizes nodes into the network, meaning that you don't have to give them the power of managing your network, just self host your controller and let them do the routing for you. The whole architecture is pretty well though out. Also there's a self hosted controller web GUI called ztnet that recently popped up, it looks pretty modern and has a lot of features.
@ReturnJJ9 ай бұрын
You could use Headscale with the upstream Tailscale DERP relays, which is just about the same as using ZeroTier’s roots while using your own controller. ZeroTier kept disconnecting and crashing on both iOS and Android (doing a speedtest, the VPN literally disconnects mid test and requires a reconnect, which suggests it crashed), which is a shame because I wanted to use it for L2.
@user-hk3ej4hk7m9 ай бұрын
@@ReturnJJ Thanks for correcting me! I wasn't aware of the DERP thing. Is that relatively new? Back when Headscale came out I did some research to switch but I wasn't able to find an alternative to the whole controller-roots paradigm.
@majorgear10219 ай бұрын
Sounds great. I’m trying Netbird first, thought.
@bltavares9 ай бұрын
I haven't found anything similar to ZeroTier's 6PLANE addressing for container based routing. It's especially useful as it makes use of IPv6 NDP emulation for finding the shortest route between container. I haven't found any Wireguard-based solution similar yet, but I guess it would not be as seamless as zerotier automatic adressing
@JamieStuff9 ай бұрын
I've been a happy Tailscale user for quite some time, and have considered going the Headscale route. However, I may well give Netbird a try. (That's what homelabs are for, right?)
@NonyaDamnbusiness9 ай бұрын
ZeroTier *does* have a 3rd-party open-source web UI called "ZeroUI". I haven't touch the ZeroTier website web UI in over a year.
@sagarsriva9 ай бұрын
I use it too.
@unmanned-uav9 ай бұрын
You might want to test ztnet web ui.
@AlexandruVoda7 ай бұрын
Apparently NetBird will receive exit node functionality in March 2024. Also, for NetMaker you can use Ingress Gateway nodes to allow any Wireguard capable device (e.g. smartphones) to connect to the network.
@MrCody7609 ай бұрын
Exit node is possible on netbird on with Linux os right now
@HectorMartinez-xv4re6 ай бұрын
Would love to see NordVPNs meshnet in vids like this, I’ve been using it for a while now and have no complaints, super easy to setup and get going on all platforms including Linux/CLI.
@michelangelop39239 ай бұрын
Nebula could be mentioned as well, it's what i personally use as it's very easy to setup and provision new clients, it's only available as selfhosted and it's fully open source. Plus the fault us deny all and you allow the port/protocol/host that will have access and the lighthouse/manager node can be more that one, providing grrat availability.
@LAWRENCESYSTEMS9 ай бұрын
I forgot to add it to the list, but it's mentioned verbally in the beginning and my video on it is in the forum post.
@krystophv9 ай бұрын
Defined Networking now offers a non-selfhosted Nebula service, but doesn't seem to have open source clients (dnclient).
@jeff82079 ай бұрын
Only issue I have with Tailscale is on a mobile device...when moving between Cellular and WiFi sometimes traffic does not move through Tailscale until one stops and restarts the Tailscale client. Easy enough to do but annoying. Would be great if Tailscale client would deactivate in known WiFi SSIDs and reactivate when moving to unknown WiFi SSIDs or cellular. When doing an internet search this has been mentioned multiple times by users.
@jackthibo76449 ай бұрын
Thanks so much for this video! I'm really excited about netbird, as I haven't seen yet an open source solution which you can easily self host. I just wonder what security aspects you got to look out for, such as separating directories of the DB files and the web server fikes etc. looking forward to Your video about netbird!! Shame is, that zerotier and any other wire guard based solution, doesn't work great.... Tinkered a lot with excluding IP ranges from zerotier, but still doesn't seem to work alongside.....
@user-qr4jf4tv2x4 ай бұрын
ok so which one would work best in a self hosted game server?
@brucemoriarty9 ай бұрын
actually running it myself and loving netbird but i had 2 issues which is now 1 issue and you share the same is that that need to have an option for exit node
@netbirdio9 ай бұрын
We will deliver this feature! Thank you for the feedback
@brucemoriarty9 ай бұрын
@FabioSpeltaАй бұрын
Thank you for the transparency about twingate. Instant sub.
@Mikesco39 ай бұрын
Totally appreciate your channel!
@LAWRENCESYSTEMS9 ай бұрын
Glad you enjoy it!
@CristianHeredia09 ай бұрын
Curious as homelaber , running pfsense+WireGuard, when would it make sense to use netbird?
@LAWRENCESYSTEMS9 ай бұрын
if you have more devices at more locations that all need to be connected .
@etienne44039 ай бұрын
Great video again. They seem to be good tools. As a noob, why do I as a home user want to use these over say a Wireguard VPN included in some modem/routers like a Fritzbox? It is fast and pretty easy to setup.
@LAWRENCESYSTEMS9 ай бұрын
If what you have works for you, keep doing it.
@netbirdio9 ай бұрын
Using these tool is mostly about removing the configuration/maintanence parts and controlling access. E.g., you won't need to manually distribute WireGuard keys with let's say NetBird.
@DaveHart-G9 ай бұрын
Is there any guidance on the horsepower required for the machines doing the wireguard encryption / decryption to ensure that this does not limit transfer rates.
@antikommunistischaktion9 ай бұрын
Wireguard's overhead is effectively non-existent. I have a Raspberry Pi running as a Wireguard server at home and you can't tell any difference between the VPN being on or off. Any overhead will be unrelated to Wireguard itself and how Wireguard is implemented. For example Tailscale does some really weird things with it for NAT traversal which does slow it down a little.
@DaveHart-G9 ай бұрын
@@antikommunistischaktionthanks for the comparison. Sounds like a case for point-to-point wireguard VPN for large file transfers
@scbtripwire9 ай бұрын
My experience with Tailscale: works fine with one user, but I tried adding someone else as a user and couldn't figure out why it didn't work even with expiration turned off on everything.
@jinx689 ай бұрын
Wouldn't consider netmaker as a stable product. It struggles with NAT traversal, broken GUI in windows and the web interface had a lot of bugs.
@JamesT659 ай бұрын
Great video I have created a small gateway with dpdk, vpp and use zerotier to route over it. Runs 100% line rate locally and maxs out the internet with little cpu use. Also makes my security bulletproof. I will add ipv6 as a next step.
@bradgriffiths75079 ай бұрын
I'd like (another) video comparing VPN and Network Overlays. My concern has been the need for Multiple Authentication methods which is fine in VPNs (eg either certificate + user creds or user creds + OTP), but network overlays seem to only be certificates which has been why I haven't taken them up. My use case involves an AD environment with remote users changing passwords and computer policies that run prior to users logging in.
@GabrielSouza-iu3pd7 ай бұрын
Thanks for this! Awesome explanation as always
@jyothishkumar30984 ай бұрын
Netbird's Android app is a little buggy (from my experience prior to Aug 2023). But it works and is cool.
@syruce769 ай бұрын
j'apprécie votre indépendance
@F0XH0UND0079 ай бұрын
I'd like to see a Twingate review.
@LAWRENCESYSTEMS9 ай бұрын
Network Chuck did a sponsored video on it kzbin.info/www/bejne/f4rQiYN8aL2IrdEsi=_qkDhCqpuO7iGRVZ
@MortenEghj9 ай бұрын
How do you see this in the context of the commercial environment where site to site VPN / IPSec is still the standard ?
@LAWRENCESYSTEMS9 ай бұрын
It's becoming very popular with companies due to the added individual controls.
@elalemanpaisa2 ай бұрын
looks pretty much like cloudflare tunnels to me.. haven't found any comparison to tailscale and cloudflare tunnels so far.
@brandonchappell15359 ай бұрын
Tailscale works great for my needs, its was super easy, even for me, to setup (most this command prompt stuff gives me a headache) and it just Works !! Just tunneled in checked up on my server from my phone while at the beach!! Would be nice if they made a Core plugin too though! as sometimes i dont have both NAS' turned on, and can only tunnel in if scale nas is on
@DaveHart-G9 ай бұрын
In the review there is mention of BSD support. I’m also a GUI guy, not brave enough to try stuff that requires significant CL interface. I run an Ubuntu VM on my TrueNAS Core with Tailscale and use it to provide access to other services on the TrueNAS server
@brandonchappell15359 ай бұрын
@@DaveHart-G yeh, i have seen people do custom jails with it in, using scripts etc, so it is possible but id prefer plug in. Running it from my VM could work though, thats good idea !! Can it still become the exit node, and give u access to rest of your network?
@alphakamp9 ай бұрын
has tailsacle + headscale gotten closer to raw wireguard performance. last I looked it wasnt worth it
@antikommunistischaktion9 ай бұрын
It can't use the kernel module so it hasn't, but it's still probably the fastest overlay network I've used. I've used NFS via Tailscale and as long as my laptop is on a good connection it's relatively pain free.
@RogerioPereiradaSilva778 ай бұрын
@@antikommunistischaktion Agreed. Performance has never been a problem with Tailscale for me. I have a self-hosted Jellyfin instance that I can reach from anywhere using my laptop or tablet which has been a life saver when traveling and/or staying over a relative's house for a couple of days and that worked well even on saturated public networks. It did stutter and had to buffer a little bit every now and then which forced me to transcode to 720p on the latter case but it worked surprisingly well considering the limitations. Much better than I expected.
@RuiFungYip9 ай бұрын
Though tailscale (hosted by them) has a bunch of convenient features such as Tailscale SSH, taildrop and funnels. And for the most part, I think trusting that the coordination server hasn't been compromised is what tailnet lock is supposed to be for? According to them anyway. (I've actually integrated tailscale into my home network with full subnet routing and everything.)
@LAWRENCESYSTEMS9 ай бұрын
It's a new beta feature but looks promising.
@RuiFungYip9 ай бұрын
@LAWRENCESYSTEMS tailnet lock? I've had it enabled since they introduced it. They've improved the ux for signing new nodes since then. Now you can click a button in the admin panel that will open the deaktop client /mobile app to prompt you to sign nodes. Not sure if they've addressed that one ux issue regarding shared nodes and tailnet lock though. (Nodes accessing your shared nodes need to have their keys signed too, it was missing ux, not sure if its changed though.)
@GerbekSergey8 ай бұрын
What we need are VLESS Reality based mesh network solutions
@jakobholzner9 ай бұрын
Thanks for the video. Kinda missed some talking points about integrating OPNSense. And also wanted to ask is there any reason you use the google chrome browser on your Linux machine?
@LAWRENCESYSTEMS9 ай бұрын
OPNSense is slow on security so I don't recommend it lawrence.video/opnsense and I use Chrome for business and Firefox for personal
@NetworkPIMP9 ай бұрын
@@LAWRENCESYSTEMSyou mean opnsense doesn't pay you ... got it
@cltguy12346 ай бұрын
Hey.. thanks for a great video.. Very good comparison and details of the options. I wanted to ask a question... I have a VPN esque setup with Twingate at the moment and it works well. However, it doesn't and seems it can't do on thing I'd like for it to do.. Use my private DNS on my local network instead of using my provider (cell/remote wifi) DNS. I'd like for it to block ads but also appear as if I'm using my home IP rather than somewhere else. Thanks in advance for your time.
@LAWRENCESYSTEMS6 ай бұрын
If you are using Tailscale with pfsense you can choose your pfsense as an exit node.
@timha4102Ай бұрын
Does any of those services offer MDNS? I tried Tailscale and it doesn‘t, unfortunately.
@BlackWolF_13749 ай бұрын
can you make a video to explain how can I controle the traffic over my proxy server which people are connected to via SSH please
@Christos99 ай бұрын
Tailscale adds features at a very fast pace and this looks to me like a security problem.
@LAWRENCESYSTEMS9 ай бұрын
Not if they are doing it right.
@astacc9 ай бұрын
ZeroTier has plugin for Mikrotik routers
@rbartsch8 ай бұрын
What is the IPv6-support situation with Tailscale/Netbird?
@emesny7 ай бұрын
Tailscale supports IPv6 seamlessly. I'm running in on several hosts which are IPv6-only and it works fine.
@Code-Sport8 ай бұрын
Hey do you know if Tailscale is also available for opensence?
@JackWeems9 ай бұрын
Can you compare speed on each? I looked at netbird but was turned off by the fact you have to have an account for the self hosted option. Do you what data they collect when you self host?
@LAWRENCESYSTEMS9 ай бұрын
You DO NOT need an account to self host Netbird.
@netbirdio9 ай бұрын
There is no need for an account when self hosting NetBird. We collect anonymized stats about the control server installation, e.g., number of peers. But you can easily opt out from this when running the NetBird server on your
@maplenet29 ай бұрын
Nice video!
@donwald34365 ай бұрын
Who's Lawrence?
@LAWRENCESYSTEMS5 ай бұрын
I am not clever at coming up with company names so I used my last name as my company name, hence Lawrence Systems.
@97marin9 ай бұрын
Why didn't you just do a 360° rotation ok the first pilar to have the ladder under the non damaged part of the bridge?
@antaishizuku9 ай бұрын
Zerotier has a opnsense module
@antikommunistischaktion9 ай бұрын
This guy has a huge hate boner for Opnsense
@MichaelWDietrich5 ай бұрын
how can netbird cost 5$/user/month if I am selfhosting it? Or is this the "not selfhosted" version?
@LAWRENCESYSTEMS5 ай бұрын
Self hosted is free
@alumseal7 ай бұрын
waiting for self hosted netbird setup and explanation
@sergefedorow84306 ай бұрын
Netbird sounds very promised.
@eidodoos8 ай бұрын
netbird ftw
@grtitann74259 ай бұрын
Your channel is nice and informative, but your pfsense bias it's doing a disservice to other possibly better options, like OPNsense, specially if you care for the morality of the devs or vendors.
@PhrozenN9 ай бұрын
Netgate has bad morals?
@magog68529 ай бұрын
@@PhrozenNlolololol
@xbhollandx9 ай бұрын
He’s gone over it many times before. Because opnsense is downstream, they don’t fix bugs or contribute code. So vulnerabilities take considerably longer to be patched. The support contracts are also sub-optimal when compared with the netgate equivalent.
@Darkk69699 ай бұрын
@@xbhollandx Yep. One of the MAIN reasons why I am still using pfsense. Security is more important than features.
@shammyh9 ай бұрын
@@xbhollandx Opnsense is not downstream of pfsense. It's a fork. And do you have any evidence to back claims about vuln patch cycle times?
@MrAntropex9 ай бұрын
poorly carried out, biased towards pfsense omitting that zerotier also does have an opnsense plugin. also not really showing all mentioned solutions equally. barely a real comparison. sorry, I've seen better, less biased vids from you tom.