I typically don't shill around here, but why isn't ZeroTier on that list? I suppose we don't have a giant marketing budget (yet). We do have a product used by hundreds of thousands for years and it has microsegmentation and other nifty stuff like multicast.
Also not everything on that list is the same. Some of those are app-level gateways, IAM infrastructure, etc. That's a bag of stuff for different use cases.
Some of that stuff is also cloud proxy based, not mesh based. Maybe some people don't care but I'm heavily biased toward peer-to-peer mesh. I find it offensively stupid for packets to travel 1000 miles to reach a system next to me or in the same city. Of course I guess everything has a use case. I might opt for a cloud proxy if the bandwidth were low, the users and/or customer were non-technical, and it was all web stuff.
> I find it offensively stupid for packets to travel 1000 miles to reach a system next to me or in the same city.
1. Security isn't an absolute.
2. Defense in depth.
PDR (protect, detect, respond) is a well regarded strategy, for good reason. All of these are easier when done centrally (cloud proxy based). Detect can be particularly difficult to do well in mesh. You probably find it offensively stupid because zerotier doesn't have a Detect component, nor integration for one, nor any kind of consideration for it at all.
I've been using ZeroTier for a small collection of two devices plus two servers. Honestly, the main pain points I have are UX: Android and Dashboard. Other than that, I have no complaints.
Thank you 'api. I have been using zt at the university group of about 60 users. Must say it is very reliable. As for UI, we are OK with it. But one thing is firewall config is too complex. Not enough examples:
Recently I saw that zt-laduke posted a simple bridge tutorial on reddit. Would be great if you made some examples in your wiki.
1. Allow only samba traffic
2. Allow only ssh traffic
3. Allow only RDP
I am sure is kinda popular at r/datahoarder and related communities. May be you need to apply for a GSOC type project - so that academics start using it (will then later get used in corporate).
> I typically don't shill around here, but why isn't ZeroTier on that list? I suppose we don't have a giant marketing budget (yet).
now you know, nothing here is just coincidental, not even the timing the posts are submitted or the type of comments that get quickly upvoted or buried to derail the discussion in a certain direction or even the links injected in comments of popular threads to improve the SEO of some companies and projects. Every, again EVERY, WireGuard post over the past 2 months has instantly converted into a shilling party for this company that literally has no product to offer, its source-code is pre-alpha state yet the party is persistent for every thread, it seems that the owners have really powerful friends all over the place and that's why they're having free ride despite having no product. This recipe for having a popular startup name with no actual product has really worked very well in the easy times of 2014-2020. Let's see how things work out this time
https://www.zerotier.com/
Also not everything on that list is the same. Some of those are app-level gateways, IAM infrastructure, etc. That's a bag of stuff for different use cases.
Some of that stuff is also cloud proxy based, not mesh based. Maybe some people don't care but I'm heavily biased toward peer-to-peer mesh. I find it offensively stupid for packets to travel 1000 miles to reach a system next to me or in the same city. Of course I guess everything has a use case. I might opt for a cloud proxy if the bandwidth were low, the users and/or customer were non-technical, and it was all web stuff.