ZeroTier: is this a good time to use...
-
@FATeknollogee said:
@wrx7m said:
@scottalanmiller Probably meaning the more traditional VPN he is currently using.
Yes
That's a very confusing way to say it. It's just an upgrade to something more modern, not a change of technology.
-
Gateway = bridge mode?
-
@scottalanmiller said:
@FATeknollogee said:
@scottalanmiller said:
@FATeknollogee said:
@scottalanmiller said:
@Breffni-Potter said:
@scottalanmiller said:
Why would you want a terminal server intentionally dropping off of the network?
They want to stop access for over-seas consultants at certain times.
Killing VPN access to the network is not a good way to go about that. Using AD to stop logins would be far better.
I thought we are getting rid of the VPN?
But you are asking about installing a VPN. I'm confused.
Currently, we use a Site to Site VPN & remote users connect using Windows VPN
You are just removing your old VPN and looking at a new one. Both are fully VPNs.
I hear you, that "VPN" moniker is just so yesterday...I much prefer to say ZT
-
But it's still a VPN
-
@Breffni-Potter said:
But it's still a VPN
Yeah, but we need to make it sound like its a really big deal (jk). Like the "cloud"
-
@FATeknollogee said:
@scottalanmiller said:
@FATeknollogee said:
@scottalanmiller said:
@FATeknollogee said:
@scottalanmiller said:
@Breffni-Potter said:
@scottalanmiller said:
Why would you want a terminal server intentionally dropping off of the network?
They want to stop access for over-seas consultants at certain times.
Killing VPN access to the network is not a good way to go about that. Using AD to stop logins would be far better.
I thought we are getting rid of the VPN?
But you are asking about installing a VPN. I'm confused.
Currently, we use a Site to Site VPN & remote users connect using Windows VPN
You are just removing your old VPN and looking at a new one. Both are fully VPNs.
I hear you, that "VPN" moniker is just so yesterday...I much prefer to say ZT
But ones a product, ones a thing. ZT is the brand of VPN you are using.
-
@FATeknollogee said:
@Breffni-Potter said:
But it's still a VPN
Yeah, but we need to make it sound like its a really big deal (jk). Like the "cloud"
then you call it "Software Defined Networking".
-
-
@scottalanmiller said:
But ones a product, ones a thing. ZT is the brand of VPN you are using.
True that
-
@scottalanmiller said:
Yes, at $4 you can't afford not to
I paid the $4 and I am not even over 10 devices yet!
-
@anonymous said:
@scottalanmiller said:
Yes, at $4 you can't afford not to
I paid the $4 and I am not even over 10 devices yet!
Big spender
-
@scottalanmiller said:
Big spender
I support the products I use
Well, when they make it affordable that is..... cough, cough @olivier cough, cough
-
For the really mission critical enterprise bits, they offer support.
https://www.zerotier.com/product-ss.shtml
They are still working on the structure of how they'll do it. But depending on your needs, might be helpful.
-
Wow... 3 pages of replies already, lol.
There's a few things to note... If you install ZeroTier on a device that is part of active directory, by default, it will add the ZeroTier IP address into AD's DNS servers.
To fix that, you go into the Windows Adapters list, and edit the ZT Adapter, and set the IP address, and DNS to "use dhcp" -- they'll just be blank to start with. Then you go in and uncheck the "Register this connection's address in dns" checkbox, and check your DNS server to make sure your ZT IP address is gone.
If you do not do that, any client device has a potential to get the ZT IP address of your server, and that will cause problems.
What I have done is set up my own DNSMasq server on one of my Linux ZT devices, and just add that DNS server to the DNS settings of the NIC in Windows or Linux.
-
-
@dafyre said:
If you do not do that, any client device has a potential to get the ZT IP address of your server, and that will cause problems.
What issue have you seen there?
-
@dafyre said:
Wow... 3 pages of replies already, lol.
There's a few things to note... If you install ZeroTier on a device that is part of active directory, by default, it will add the ZeroTier IP address into AD's DNS servers.
To fix that, you go into the Windows Adapters list, and edit the ZT Adapter, and set the IP address, and DNS to "use dhcp" -- they'll just be blank to start with. Then you go in and uncheck the "Register this connection's address in dns" checkbox, and check your DNS server to make sure your ZT IP address is gone.
If you do not do that, any client device has a potential to get the ZT IP address of your server, and that will cause problems.
Did they fix that - the last time I tried it I couldn't get the adapter to stop registering with DNS - FYI, the server in question was a DC running DNS locally.
-
@scottalanmiller said:
@dafyre said:
If you do not do that, any client device has a potential to get the ZT IP address of your server, and that will cause problems.
What issue have you seen there?
The issue this caused me was that my computer that don't have ZT installed would attempt to connect to the ZT IP instead of the LAN IP.
I'm assuming DNS was answering requests in a round robin effect and causing the problem.
I realize that the desire with ZT is that all machines should be running ZT - but I wasn't ready to pull that trigger.
-
@Dashrender said:
@scottalanmiller said:
@dafyre said:
If you do not do that, any client device has a potential to get the ZT IP address of your server, and that will cause problems.
What issue have you seen there?
The issue this caused me was that my computer that don't have ZT installed would attempt to connect to the ZT IP instead of the LAN IP.
I'm assuming DNS was answering requests in a round robin effect and causing the problem.
This is exactly the problem. I work around it by setting up a DNS server on the ZT IP range using DNSMasq and telling it to not register.
-
@dafyre said:
@Dashrender said:
@scottalanmiller said:
@dafyre said:
If you do not do that, any client device has a potential to get the ZT IP address of your server, and that will cause problems.
What issue have you seen there?
The issue this caused me was that my computer that don't have ZT installed would attempt to connect to the ZT IP instead of the LAN IP.
I'm assuming DNS was answering requests in a round robin effect and causing the problem.
This is exactly the problem. I work around it by setting up a DNS server on the ZT IP range using DNSMasq and telling it to not register.
In this case, you have to manually manage all DNS entries, right? so no chance of using IPv6?
