No we are not dead. Quite the opposite. We're growing a lot and have been very busy.

(1) We did finally push a Chocolatey package update but it got kicked back. We're going to have to institute more of a process for maintaining our vast surface area of ports and packages. It's horribly annoying since every package manager and package repository has its own unique way of being a pain in the you-know-what.

(2) Windows auto-updates as of 1.2.0. 1.2.6 will be coming pretty soon.

(3) Yes we did rev our community system yet again. We're trying to iterate toward something as low-friction and interactive as possible.

Since you folks have been interested in ZeroTier we've decided to announce our new hardware product here:

https://www.indiegogo.com/projects/zerotier-edge-open-source-enterprise-vpn-sd-wan/x/17167082#/

It's a layer 2 bridge SD-WAN appliance powered by ZeroTier. We've just launched a pre-order campaign for it and we haven't announced it more generally yet. We'd like to announce it to customers and users first. (Feel free to pass it around if you'd like.)

@dafyre We've considered making a little appliance for this, or a ready-to-run Raspberry Pi image.

@FATeknollogee Two ways:

1. Run ZeroTier on the device(s) themselves. Right now this varies in terms of do-ability, but we're planning more in the future here.

2. Bridge them with an auxiliary device.

Bridging is a subject that needs more documentation, but it's not terribly hard to do.

Let's say you have a ZeroTier network with the IPv4 subnet 10.10.10.0/24 and you have ten devices you want to bridge in.

The simplest thing would be to:

1. Edit the network's IP auto-assignment configuration and reduce the assignment range to reserve, say, everything above 200 for non-ZT devices.

2. Set up ZT on a Linux machine such as a Raspberry Pi or a Linux VM on your network. (If it's a VM, be sure the hypervisor allows bridging. Some like VMWare have a setting for this.) Designate this device as an "active bridge" at the network controller level, which means it's allowed to bridge other things in. (The active bridge setting also alters its behavior in terms of multicast a bit. Bridges use slightly more bandwidth since they see more multicast traffic.)

3. Create a Linux bridge device (instructions differ by Linux distro) br0 and add zt0 and eth0 (or wlan0, etc.) to it.

4. Assign your phones and other devices IPs like 10.10.10.201, 10.10.10.202 manually and attach them to the network that is bridged to ZeroTier via the ZT bridge you configured above.

ZeroTier emulates L2 Ethernet, so what you've done is created a single Ethernet network consisting of a physical wired or WiFi network bridged to a virtual ZeroTier network by a bridge device. The bridge device "glues" them together, passing packets back and forth and such. Linux's bridging driver is very good and handles a lot of edge cases like MTU mismatch, etc., and we've found that it works pretty good in practice.

Now a ZT device with IP 10.10.10.100 should be able to ping 10.10.10.201, etc.

Raspberry Pi's work great for this kind of thing. They're great for cheap DIY low-power network devices like bridges, routers, NAS boxes (connect a USB drive), etc.

Also IRC isn't gone. The IRC FreeNode #zerotier channel is linked to that chat system's #general channel bidirectionally by a bot.

@dafyre Well here I am! (Author/founder of ZeroTier)

Reading the above, it seems the issue is active directory DNS. While I know tons about networking, I am not unfortunately an AD expert.

Pertino it seems highjacks DNS. This stuff is in the category of things we want to avoid-- ugly, nasty hacks that fix one thing but likely break everything else. This "enterprise" approach is how Windows networking got in such a bad state to begin with -- in digging into Windows one can see how this or that hack was put in place to make this or that work in an "enterprise" environment, and each hack results in a fractal explosion of edge cases that in turn demand more and more ugly hacks, and so on, until the entire thing becomes the ridiculous ball of garbage that it is today.

But in some cases we have simply been forced to do it. In all such cases we've tried to build such hacks as far from the ZeroTier core as possible. Here's one from WindowsEthernetTap:

https://github.com/zerotier/ZeroTierOne/blob/master/osdep/WindowsEthernetTap.cpp#L902

So let me explain my understanding of this Windows AD DNS issue:

Windows AD DNS likes to automatically register DNS entries for all adapters in the system. When ZT adapters are added, these can collide with, override, or pollute the DNS space with undesired entries. Is this the problem?

If not, can someone explain the issue in a bit more detail? What precisely is going on under the hood? Maybe we can figure out and document a fix that's more elegant.

We recently improved our docs on this: https://github.com/zerotier/ZeroTierOne/tree/master/controller

Do an update. We released new binary builds for Linux that should address this.

@Dashrender "That is no lie - So I can't get what I want, you'll give me this little thing over here, OK I'll just create a way to get what I want through that little thing.. done.. yeah - huge problem!"

You can't secure things by breaking them. People will find ways around your barriers because they need things to work, and the things they cobble together will probably be less secure than what you started with. You have to secure things by actually securing them.

Fundamentally the endpoint is either secure or it is not. If it's not, all someone has to do is get into something behind your firewall and they own you. Increasingly that something could be a printer, a light bulb, or a microwave oven. How often do you patch your light bulbs? If the cloud killed the firewall, then IoT will dig it up and cremate it and encase it in concrete and re-bury it.

My approach to security is: secure everything as if it will be totally exposed on the public Internet, then add firewalls and such as an afterthought if appropriate. If something is not secure enough to be exposed to the public Internet without a firewall, it's not secure enough to be connected to any network ever.

Yeah that's in our feature queue but after a ton of other stuff.

Do an update. We released new binary builds for Linux that should address this.

Since you folks have been interested in ZeroTier we've decided to announce our new hardware product here:

https://www.indiegogo.com/projects/zerotier-edge-open-source-enterprise-vpn-sd-wan/x/17167082#/

It's a layer 2 bridge SD-WAN appliance powered by ZeroTier. We've just launched a pre-order campaign for it and we haven't announced it more generally yet. We'd like to announce it to customers and users first. (Feel free to pass it around if you'd like.)

Forgot to mention... not only is the Windows installer the product of a lot of work but we are reluctant to touch it. Every single time we touch it we get problem reports since every Windows machine is a special snowflake with special requirements.

The whole Windows installer subsystem should be burned. Then the ashes should be mixed with copious amounts of water and injected into a deep subsurface well in a geographically stable region to ensure that they remain sequestered for thousands of years and do not harm future civilizations. Unfortunately MS would have to do this.

Personally I suspect that Chocolatey will die now that Windows has the Linux subsystem for developers.

You're partly right. We get requests to support literally dozens of platforms and package managers, and Chocolatey is making things hard. It's also not something we get a lot of requests for, so it gets bumped to the back of the line behind... too many targets to list. We've considered just pulling the package.

The ZeroTIer Windows installer as it stands was not easy to build at all. It involved the use of a $1000+ product called Advanced Installer (the only installer maker that even came close to our needs) combined with weeks of developer time to put together a package. The MSI is designed to install on both 32 and 64 bit machines and to handle a huge variety of edge cases and Windows "spins."

We can look into silent installing drivers but as with absolutely everything else about Windows packaging I'm sure it's painful. Windows is by a huge margin the most painful platform to build an installer for unless your app is trivial. (Debian based Linux comes in second.)

Also IRC isn't gone. The IRC FreeNode #zerotier channel is linked to that chat system's #general channel bidirectionally by a bot.

No we are not dead. Quite the opposite. We're growing a lot and have been very busy.

(1) We did finally push a Chocolatey package update but it got kicked back. We're going to have to institute more of a process for maintaining our vast surface area of ports and packages. It's horribly annoying since every package manager and package repository has its own unique way of being a pain in the you-know-what.

(2) Windows auto-updates as of 1.2.0. 1.2.6 will be coming pretty soon.

(3) Yes we did rev our community system yet again. We're trying to iterate toward something as low-friction and interactive as possible.

We're about to push binaries for 1.2.4 which is a minor bug fix and performance improvement update. We'll be updating Chocolatey for that, or at least we'll attempt it. (Their auto-validator chokes on our package and requires manual intervention.)

https://chocolatey.org/packages/zerotier-one/1.1.14

Seems approved.

https://chocolatey.org/packages/zerotier-one/1.1.12

I also just learned that this works:

msiexec /i https://download.zerotier.com/dist/ZeroTierOne.msi

Didn't know msiexec could do that.

We're revamping our web site and will have one-liner installs for most platforms.