VPN for Domain Controllers
- 
 @dafyre will be able to help you when he comes online. AD is pretty tricky when using ZT according to him. It's not bad if you're standing up a new AD if i remember correctly. 
- 
 Should be no issue at all unless you are trying complicated things like split horizon. 
- 
 @scottalanmiller said: Should be no issue at all unless you are trying complicated things like split horizon. And you install ZT on every node. 
- 
 @Dashrender said: @scottalanmiller said: Should be no issue at all unless you are trying complicated things like split horizon. And you install ZT on every node. Of course. Trying to use a mesh VPN on just some nodes would solidly fall under "complicated" setups. 
- 
 @anonymous The website is hard to use, although it looks nice and simple. They keep mentioning the running your own controller but I have yet to find the link to download it/instructions on how to implement it. I went around in circles last week going from FAQ to Documentation and back again. 
- 
 Looks like the answer is here: 
- 
 @anonymous said: Looks like the answer is here: Whew... Still recovering from Christmas and catching up on ML between bouts of being drug off by my son to play, lol. I'd recommend using their hosted version. It is free, and easy to manage; the way the encryption is done, I do not believe that they can view your data, but I am no encryption expert and @adam-ierymenko would be the one to answer that question. If you have any problems getting it set up and going, feel free to buzz me back here. Wife and kid are running me every which way but loose, so I'll reply when I can. 
- 
 @anonymous I read that thread and I am taking away that the only way to run a controller is to use a linux box. Is this correct? 
- 
 @wrx7m said: @anonymous I read that thread and I am taking away that the only way to run a controller is to use a linux box. Is this correct? That would make since and seems to be correct. 
- 
 @wrx7m said: @anonymous I read that thread and I am taking away that the only way to run a controller is to use a linux box. Is this correct? Yes. You'd want to do that even if there were other options (unless FreeBSD was an option.) Running something like Windows would add a ton of bloat. 
- 
 @scottalanmiller Thanks. I was hoping there might be a pre-configured virtual appliance. 
- 
 @wrx7m said: @scottalanmiller Thanks. I was hoping there might be a pre-configured virtual appliance. That would be nice. Sounds like a good ML Community project for someone to undertake. Likely that would be perfect for an LXC container. 
- 
 @scottalanmiller said: @wrx7m said: @scottalanmiller Thanks. I was hoping there might be a pre-configured virtual appliance. That would be nice. Sounds like a good ML Community project for someone to undertake. Likely that would be perfect for an LXC container. How long does this take to get setup? Haven't done more than look at their home page so far. I've got a Debian base I use for this sort of thing ready to go, bet I could get something up and running quick. 
- 
 I've not run my own but several people here have, they might have a good idea as to the time and effort involved. 
- 
 @scottalanmiller said: I've not run my own but several people here have, they might have a good idea as to the time and effort involved. After looking at it for 5 minutes this morning, really no need to. It's just a client so far. I'd love to see something like this that you could easily keep everything in-house. 
- 
 Unless I'm missing something, running ZT completely inhouse looks to be pretty easy. Stand up a Linux box, install ZT in controller mode, publish the needed ports to the web, optional - create DNS record for this function, join other ZT clients to the controller. 
- 
 @Dashrender said: Unless I'm missing something, running ZT completely inhouse looks to be pretty easy. Stand up a Linux box, install ZT in controller mode, publish the needed ports to the web, optional - create DNS record for this function, join other ZT clients to the controller. Ah, see the problem with taking 5 minutes to read this stuff  
- 
 @travisdh1 said: @scottalanmiller said: I've not run my own but several people here have, they might have a good idea as to the time and effort involved. After looking at it for 5 minutes this morning, really no need to. It's just a client so far. I'd love to see something like this that you could easily keep everything in-house. Totally in house available too. 



