ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZeroTier / Software VPN question

    IT Discussion
    8
    24
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by

      Your stated design is LAN-less. AD is jsut your specified centralized auth mechanism.

      That has nothing to do with the network design.

      1 Reply Last reply Reply Quote 1
      • dafyreD
        dafyre @scottalanmiller
        last edited by

        @scottalanmiller said in ZeroTier / Software VPN question:

        @joel said in ZeroTier / Software VPN question:

        @jaredbusch said in ZeroTier / Software VPN question:

        @joel said in ZeroTier / Software VPN question:

        Forgive me, whats an SDN?
        When you say set my DNS records to ZT addresses, do you mean on my DNS server (my DC) set the DNS for the FS01 to point to ZT IP?

        For a more positive answer, you can hybrid the approach, but things get very complicated as you need to be very certain of connectivity and DNS settings for everything.

        A hybrid approach means putting ZT on all your servers that devices will need to reach over the ZT subnet.

        Then you setup all the laptops with ZT.

        Then you need to setup DNS to handle it. In my case I do not want to fuck with AD's normal functionality, so I hardcode some settings in the hosts file of the laptops that need it.

        Okay thanks.
        So if we have all users moving onto a laptop (no more office based desktops). They want to be able to work inside and outside the office and access all the same resources, have all group policies working etc regardless of where they are. In this scenario would the hybrid be best option then? eg. install ZT on my DC and FS, then change DNS to point to ZT IP's and then install ZT on all laptops?

        I'm looking for the best way to do this. Its a small network so if i have to edit host files on laptops i can but what do you think is best way to have everything running with full access regardless of where users are.

        What's the goal in using any LAN IPs here? I don't see any reason to avoid ZT's virtualized IP space.

        You can use ZT to bridge it's IP space and the corporate LAN space... basically, the DHCP server on your internal LAN will give out IP addresses for the devices directly connected...

        IE: Corporate Lan 10.0.0.0/19

        Corporate DHCP Server goes 10.0.0.100 - 250
        ZT Range is 10.0.1.100-250.
        (The Full Subnet range is 10.0.0.1 to 10.0.31.254)

        When doing it this way, there's no need to install ZT on Desktops and Servers. Only the travelling devices need it.

        You don't have to worry about AD getting mucked up with a bunch of unnecessary ZT entries and such.

        1 Reply Last reply Reply Quote 0
        • black3dynamiteB
          black3dynamite
          last edited by

          Any objections with setting up OpenVPN instead of using ZeroTier?

          JaredBuschJ 1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch @black3dynamite
            last edited by

            @black3dynamite said in ZeroTier / Software VPN question:

            Any objections with setting up OpenVPN instead of using ZeroTier?

            I dislike how OpenVPN is a pain in the ass inside Windows.

            But it does work well.

            I prefer to use L2TP/IPSEC.

            1 Reply Last reply Reply Quote 1
            • 1
            • 2
            • 2 / 2
            • First post
              Last post