Like many of you, I use a VPN for my home lab at home and to manage servers at work.
For a long time I was using OpenVPN Access Server as my VPN, but recently I discovered the Tailscale product and I found its features more useful than OpenVPN. Especially the fact that it is built on the Wireguard protocol, the distributed-mash structure and the ability to connect servers behind NAT/CGNAT is more useful than OpenVPN.
After discovering Tailscale, I did some more research and found that other products like ZeroTier and Netmaker have the same structure.
I’d like to ask you, have you used and experienced any VPN services before and what are their pros and cons?
I am using Opera VPN. But as for sure, it doesn’t seems to work as expected in normal site then I create GX Profiles to surf on linuxcommunity and similar platforms without VPN. If a site ban my country I open Opera GX my opera profile where I was subscribed to VPN option. I think OpenVPN is beginner VPN set up or people does not have money to purchase a VPN. This is my point of view only.
I dont use a VPN, instead I use OpenZiti. I actually was using Cloudflare ZeroTrust but I did not like the idea of them holding my private keys. Who knows, disgruntled employee gets his hands on your private keys, then its tits up from there! OpenZiti, I am in total control of everything.
VPN’s still suffer from access to devices and applications. With Openzizti I can lock down application level by embedding zero trust into the app SDK’s!
Definitely the most secure way!! If you prefer,you can use tunnelers to network devices and manage access that way…
Hi Haydn - not so much disgruntled employee, Cloudflare actually decrypts the info before encrypts it again before you can get to your network/or devices. Much more from a privacy issue… anyway not saying dont use them, I dont want them to see inside my packets…
I agree with the trust concerns of Cloudflare, although it is not that important to me. I think Cloudflare tunnel is still the best option for publishing local web applications to the public. It’s easy to set up and privacy is not that important for the public application.
Conversely, using the local network away from it is rather messy. You should install Cloudflare WARP and the access control is hard to manage. I think privacy is more important when it comes to local networks. That’s why I switch to Tailscale.
I’ll also take a look at Openziti too. It looks like Tailscale but I wonder what it offers.
I see Open Ziti is a docker based VPN. Means first of all you need to install Docker first of all. After that, you process installation process. Except the first option, other options needs to have docker installed to manipulate their VPN.
I watched the video you shared @hydn I think he uses the old version of the Tailscale because, in the new version, there is an “Apps” section that allows you to redirect only some domains to the exit node. In this way, you don’t need to route all your traffic to the exit node, Tailscale just realizes the App domains and redirects them only. Very cool feature actually.
I also examined OpenZiti @saoussen5765, I think it is not for general usage like the others, but more like for DevOps.
As you said, it is generally used with Docker and designed to work with application communication. It saves a lot of firewall settings and it makes the applications communicate easily between servers. It’s worth a chance if you develop any disrupted applications.