LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-10-2020, 03:36 PM   #1
unquietwiki
LQ Newbie
 
Registered: Oct 2004
Location: Los Angeles, CA
Distribution: Ubuntu / Debian
Posts: 10

Rep: Reputation: 0
Question Looking for ZeroTier VPN user feedback


Hey everyone. I've been getting Happy Birthday messages from here for years now, and like to stop by on occasion. Last week, I started working for ZeroTier as a Community Support Manager and trying to get the team more feedback on how folks use the software; as well as any problems they're having. Any and all is appreciated.

https://github.com/zerotier/ZeroTierOne/labels/Linux => Github issues page

https://www.reddit.com/r/zerotier/ => I know folks here aren't big Reddit fans, but I did go over a backlog of older threads there, that might highlight some issues you may be interested in.

Thanks!
 
Old 08-13-2020, 09:35 AM   #2
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Pi OS & Android
Posts: 11,775

Rep: Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387
I looked at the Github page, and came away wondering "What is zerotier? What does it do"

'A smart ethernet switch for planet earth' cuts no ice.

BTW, with 7 posts in16 years, it looks more like every 2 years.
 
Old 08-13-2020, 05:57 PM   #3
unquietwiki
LQ Newbie
 
Registered: Oct 2004
Location: Los Angeles, CA
Distribution: Ubuntu / Debian
Posts: 10

Original Poster
Rep: Reputation: 0
Hey business_kid. 13 years ago, I wrote up http://tinc-vpn.org/examples/ipv6-network/ ; this is like a managed, smarter version of that software. And yeah, I could be more active: I pretty much divided the bulk of my time between Slashdot and Reddit.
 
Old 08-14-2020, 01:35 PM   #4
business_kid
LQ Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Pi OS & Android
Posts: 11,775

Rep: Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387Reputation: 1387
Quote:
Originally Posted by unquietwiki View Post
Hey business_kid. 13 years ago, I wrote up http://tinc-vpn.org/examples/ipv6-network/ ; this is like a managed, smarter version of that software. And yeah, I could be more active: I pretty much divided the bulk of my time between Slashdot and Reddit.
So, zerotier is an ipv6 vpn?
 
Old 08-14-2020, 01:41 PM   #5
unquietwiki
LQ Newbie
 
Registered: Oct 2004
Location: Los Angeles, CA
Distribution: Ubuntu / Debian
Posts: 10

Original Poster
Rep: Reputation: 0
P2P virtualized Ethernet, using the TUN/TAP driver. When I've used tinc, it generates SSH-style keys to use for security; with IPv4, IPv6, and raw frame deployment options. What I liked about this before I started working for them, is that it has those options, except you can build out a managed mesh topology, vs having to edit a bunch of key files. Either option is superior to OpenVPN IMO. I could see WireGuard supplanting tinc & OpenVPN for 1-to-1 connections.
 
Old 08-14-2020, 01:42 PM   #6
unquietwiki
LQ Newbie
 
Registered: Oct 2004
Location: Los Angeles, CA
Distribution: Ubuntu / Debian
Posts: 10

Original Poster
Rep: Reputation: 0
Regarding IPv6 support, specifically...

Quote:
Multicast-Free IPv6 Addressing Modes

IPv6 uses a protocol called NDP in place of ARP. It is similar in role and design but uses narrow multicast in place of broadcast for superior scalability on large networks. This protocol nevertheless still imposes the latency of an additional multicast lookup whenever a new address is contacted. This can add hundreds of milliseconds over a wide area network, or more if latencies associated with pub/sub recipient lookup are significant.

IPv6 addresses are large enough to easily encode ZeroTier addresses. For faster operation and better scaling we’ve implemented several special IPv6 addressing modes that allow the local node to emulate NDP. These are ZeroTier’s rfc4193 and 6plane IPv6 address assignment schemes. If these addressing schemes are enabled on a network, nodes locally intercept outbound NDP queries for matching addresses and then locally generate spoofed NDP replies.

Both modes dramatically reduce initial connection latency between network members. 6plane additionally exploits NDP emulation to transparently assign an entire IPv6 /80 prefix to every node without requiring any node to possess additional routing table entries. This is designed for virtual machine and container hosts that wish to auto-assign IPv6 addresses to guests and is very useful on microservice architecture backplane networks.

Finally there is a security benefit to NDP emulation. ZeroTier addresses are cryptographically authenticated, and since Ethernet MAC addresses on networks are computed from ZeroTier addresses these are also secure. NDP emulated IPv6 addressing modes are therefore not vulnerable to NDP reply spoofing.

Normal non-NDP-emulated IPv6 addresses (including link-local addresses) can coexist with NDP-emulated addressing schemes. Any NDP queries that do not match NDP-emulated addresses are sent via normal multicast.
 
  


Reply

Tags
linux, networking, vpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ZeroTier nodes on same network give "No route to host" errors penyuan Linux - Networking 4 08-24-2019 01:46 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration