16 Aug 2024 |
K900 | And then just connect to the in-network address | 15:03:21 |
Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me So you should be able to install it on the Windows side Hmmm... Okay... I am tentatively hopeful | 15:03:56 |
K900 | I don't use ZeroTier, but it works fine for me with Tailscale | 15:04:08 |
Aurora Ennie Seidr (she / her) | I will check into that system. That hit a 404 for me, but I can look into that | 15:04:44 |
K900 | Tailscale is basically just a mesh VPN thing | 15:05:07 |
K900 | It should not be any different from any other VPN solution for this use case | 15:05:17 |
nzbr (they/it) | Zerotier is a mesh VPN as well IIRC, just a different protocol. So it should behave similarly | 15:09:20 |
Aurora Ennie Seidr (she / her) | This is supposedly a compare and contrast it seems Tailscale has the edge because I do go between my internal network and the Internet:
Here's an overview of Tailscale and ZeroTier, with a focus on connecting Windows 11 (via OpenSSH), NixOS, and Ubuntu instances:
### **Tailscale: Features and Pricing**
**Protocol and Security:**
- Tailscale uses the WireGuard protocol, known for its efficiency and robust encryption【9†source】.
- It operates on a zero-trust networking model, meaning all devices must authenticate before they can connect, enhancing security.
- End-to-end encryption ensures secure communication across public and untrusted networks【9†source】.
- **MagicDNS** simplifies device connections by assigning domain names to devices, eliminating the need to remember IP addresses【9†source】.
**Key Features:**
- **Granular Access Control:** Tailscale allows administrators to set up access control lists (ACLs) to define who can access specific services.
- **Multi-factor Authentication (MFA):** Adds an additional layer of security not available in ZeroTier【9†source】【10†source】.
- **Device Roaming:** Devices retain connectivity across networks, which is handy for laptops and mobile devices【9†source】.
- **Tailscale SSH:** This feature integrates with your existing SSH configuration, allowing you to connect securely without needing to expose SSH to the public internet【10†source】.
**Pricing:**
- Free tier: Up to 3 users and 100 devices.
- Paid plans: Start at $6 per user/month, which includes more users and additional features like advanced ACLs【8†source】.
### **ZeroTier: Features and Pricing**
**Protocol and Security:**
- ZeroTier uses its own protocol, built on UDP, allowing for peer-to-peer communication and NAT traversal without manual port forwarding【8†source】.
- Security is provided via end-to-end encryption, but Tailscale's WireGuard-based encryption is often considered more efficient【9†source】.
**Key Features:**
- **LAN Emulation:** ZeroTier excels at emulating local networks even over the internet, making it appear as though devices are physically close, even if they are not【9†source】.
- **NAT Traversal:** ZeroTier performs well in NAT environments, though Tailscale generally has a slight edge in complex NAT scenarios【9†source】.
- **Private Networks:** ZeroTier allows the creation of invitation-only networks for enhanced security【9†source】.
**Pricing:**
- Free tier: 1 administrator and 25 nodes.
- Paid tiers: Offer more administrators and nodes in packs starting from $29 per month for 50 nodes【8†source】.
### **Comparison: Tailscale vs ZeroTier**
**Ease of Use:**
- **Tailscale** is generally seen as more user-friendly, with simpler management and an easier setup process【9†source】. Its integration of MagicDNS and zero-trust principles simplifies configuration and access, especially for beginners.
- **ZeroTier** requires a bit more effort to set up but provides greater flexibility in network configuration【8†source】.
**Performance:**
- Both tools provide comparable performance, though **Tailscale** often performs better in NAT-heavy environments due to WireGuard’s efficient NAT traversal【9†source】.
- **ZeroTier** can offer slightly better performance in pure LAN emulation setups where all devices are on the same subnet【8†source】.
### **Use Cases: Windows 11 (OpenSSH), NixOS, and Ubuntu**
1. **Windows 11 with OpenSSH:**
- Both Tailscale and ZeroTier can be used to create secure VPNs, allowing you to SSH into your Windows 11 machine from anywhere.
- **Tailscale SSH** might offer a more straightforward solution for managing SSH access without exposing your machine to the public internet【10†source】.
2. **NixOS:**
- **Tailscale:** Easily installed on NixOS with the ability to integrate directly into the systemd services. You can enable the Tailscale client and configure subnet routers through simple NixOS configurations【9†source】.
- **ZeroTier:** Also supported on NixOS but may require more configuration, especially for managing larger networks【9†source】.
3. **Ubuntu:**
- Both services are easily deployed on Ubuntu, with clear documentation available for setting up VPN connections, SSH access, and remote device management【9†source】【10†source】.
### **Conclusion:**
- If simplicity and security are your priorities, especially for managing SSH access across multiple devices, **Tailscale** is a great choice. Its seamless integration with SSH and zero-trust networking model make it highly secure.
- For more complex LAN emulation or when you need more control over the network structure, **ZeroTier** might be more suitable.
| 15:11:58 |
nzbr (they/it) | @Aurora Ennie Seidr (she / her) fyi: If you want to use pubkey auth, the ssh server ignores ~\.ssh\authorized_keys if your account has admin privileges. You have to add the key to C:\ProgramData\ssh\administrators_authorized_keys in that case. Just to save you the two hours of headache I had when I figured this out | 15:12:30 |
Aurora Ennie Seidr (she / her) | Basically I used zerotier because I got to it first I guess | 15:12:36 |
K900 | Is this LLM output? | 15:13:01 |
K900 | It feels like LLM output | 15:13:06 |
Aurora Ennie Seidr (she / her) | In reply to @nzbr:nzbr.de @Aurora Ennie Seidr (she / her) fyi: If you want to use pubkey auth, the ssh server ignores ~\.ssh\authorized_keys if your account has admin privileges. You have to add the key to C:\ProgramData\ssh\administrators_authorized_keys in that case. Just to save you the two hours of headache I had when I figured this out Thank you so much. That was the other shoe | 15:13:06 |
Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me Is this LLM output? Indeed | 15:13:13 |
Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me It feels like LLM output It's how I disambiguate things | 15:13:32 |
Aurora Ennie Seidr (she / her) | I have genuinely fixed things well up to this point | 15:13:55 |
Aurora Ennie Seidr (she / her) | I'm basically fact checking because I tend to get overwhelmed as of late | 15:14:31 |
K900 | Please don't post that here, it's generally mostly noise | 15:14:37 |
Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me Please don't post that here, it's generally mostly noise Okay I'm sorry | 15:14:53 |
K900 | No worries | 15:15:02 |
K900 | Just keep it in mind | 15:15:05 |
Aurora Ennie Seidr (she / her) | I keep using the wrong terms and generally being confused. | 15:15:23 |
K900 | Tailscale also has tailscale ssh though | 15:16:17 |
K900 | Which is pretty cool | 15:16:20 |
nzbr (they/it) | LLMs output just tends to be long and that makes the conversation less easy to follow | 15:16:51 |
Aurora Ennie Seidr (she / her) | Is any of that actually incorrect factually though? | 15:16:22 |
K900 | So if you're not stuck with ZeroTier, you may want to look into Tailscale | 15:16:33 |
Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me Tailscale also has tailscale ssh though I don't understand why this is unique. Isn't ssh a standard? | 15:16:45 |
K900 | It is, but you don't need to install anything | 15:16:55 |
Aurora Ennie Seidr (she / her) | In reply to @k900:0upti.me So if you're not stuck with ZeroTier, you may want to look into Tailscale That's the plan. | 15:16:56 |