Hello! I just watched the Lawrence video on Zerotier.
Apart from regular clients instead of Firewalls connecting to each other, I don’t really understand what the benefits of Zerotier over OpenVPN tap or OpenVPN tun with Avahi for broadcasts are.
Care to explain?
The beauty of ZeroTier is it doesn’t require you to modify the firewall. I have a client who sub leases a internet connection in which he has no control over the router. Zerotier was the perfect solution for him as it uses UDP hole punching and gave him the ability to remote into his office without making changes to the sub leased router (internet connection.)
I have played with ZT a little bit. I thought about using it as a remote support medium and using RDP for that for some of my customers. But even with 2FA and a strong password I worry about the security of ZT.
I think what I am going to do instead (for the clients who aren’t managed) is setup a VPN at each site and do RDP over VPN for added security.
OpenVPN remote access requires that the server have a publicly routable IP address that allows new connections. For many/most people, that’s not a problem.
For some ppl, it’s a problem - for example, the story above about subleasing internet access.
I’m considering zerotier for a similar corner case. I’ve got cable modem as my main internet, but I’d like to set up failover to a cellular modem. I can confirm that the cellular modem works for outbound internet access. The cellular IPV4 address is behind carrier grade NAT, so an openvpn server won’t work. Although I get a routable IPV6 address, all connections to it fail. I think zerotier UDP punching may be the best way to remotely access my network over the backup cellular connection.