Ubiquiti Security Gateway

FATeknollogee

Is VPN performance "better" with the ER, ER-Pro or ER-Infinity?

JaredBusch

@fateknollogee said in Ubiquiti Security Gateway:

Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.

Is this a correct statement?

No.

The thing that limits speed it traffic control policies, not VPN usage.

Traffic control policies hit limits because in order to inspect the traffic to apply a policy, the traffic cannot be offloaded. Because the traffic is not offloaded, it can only go as fast as the CPU can process it.

scottalanmiller

@fateknollogee said in Ubiquiti Security Gateway:

Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.

These are really weird ways to think about VPN. Site to Site or peer to peer are not older or younger than each other. We've had and used both since day one of VPN being invented decades ago.

Dashrender

@fateknollogee said in Ubiquiti Security Gateway:

Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.

Is this a correct statement?

ZeroTier isn't about a new VPN, it's about making a borderless LAN, i.e. transparent access to the LAN regardless of where you are. And while ZT is newer, this idea is not new at all.

StorageNinja

@dashrender said in Ubiquiti Security Gateway:

@fateknollogee said in Ubiquiti Security Gateway:

Old school VPN usage (eg, site-to-site) can be a problem
but
New school VPN usage (eg, ZeroTier) is not a problem.

Is this a correct statement?

ZeroTier isn't about a new VPN, it's about making a borderless LAN, i.e. transparent access to the LAN regardless of where you are. And while ZT is newer, this idea is not new at all.

Agent based network abstraction is an interesting alternative to traditional VPN. For IoT stuff it's pretty handy (have device bridge itself into a stretched VxLAN), but for other stuff (accessing Citrix) it's kind of an unnecessary kludge vs. an external SSL broker.

scottalanmiller

@storageninja said in Ubiquiti Security Gateway:

Agent based network abstraction is an interesting alternative to traditional VPN.

It's still traditional VPN, though. Other than automating the configuration, it's all stuff you could have done with OpenVPN or whatever decades ago. It's nice that it auto-configures and it is a great product (or was, appears mostly abandoned now) but it's not an alternative or new VPN, it's just a mesh VPN setup.