[derefr]

Question for anyone who knows: say I've got a few VMs in a private network (on e.g. DigitalOcean), and want to connect them to a corporate Intranet. If I've got a Docker container sitting on a public bridge interface of one of those VMs, running a VPN daemon, is that container separated enough from its host to be effectively used as the VPN gateway for the rest of the network the VMs are on—including the VM hosting the container? Or do I really need a separate VM to serve that function?

I ask because, in the case where I've only got one VM to bridge into a corporate Intranet, I always want to set that VM up with a network-to-network VPN (instead of just making it a VPN client) in case its network grows from one node to several. But adding a whole extra VPN gateway instance just to serve a "network" of one machine is a pretty high overhead for a small project.

[api]

/plug (but it is free and open source)

https://www.zerotier.com

You can run this inside Docker containers with a few extra capabilities (allow tap, allow ioctls) which is probably similar to what you need for other in-container solutions. You can also run it on intranet servers, desktops, phones, etc., and connect everything to a common virtual backplane.

Edit: you can also bridge this to docker0 since it supports Ethernet bridging and run it on a Docker host. We're working on better/cleaner Docker integration but it's all do-able now. Just takes a bit of sysadmin know-how.

[eperfa]

ZeroTier looks amazing and exactly like what I've been searching for. I'm testing and installing it right now, hopefully we'll be happy users soon.

One minor comment: while reading through the home page the question I first wanted to see answered was 'how do I control who joins my private network', because the technical FAQ says 'Certificates are used instead of access control lists to permit huge networks. An access control list for a network with millions of devices would become unmanageably large.'

I understand this is the technical implementation, but from a user's perspective it actually is an access control list, as on the web interface it is simply a list of IDs which can be approved or declined.

The VPN space really needed a solution like this, congrats for rocking!

[koenb]

It looks very promising and I just installed ZeroTier One on my Mac (running El Capitan). However, the app appears as a blank grey window with no text/buttons. Are there prerequisites to running the app?

[api]

It's a MacGap web app -- we're working on a native UI right now. I'm sorry to hear that and I wonder how many others might have seen that. :(

There is also a command line. Try 'sudo zerotier-cli help'.

[dev1n]

I just want to say thank you for making zerotier. I actually love it.

[nacs]

I can't use the mouse wheel to scroll at all on your homepage and have to use the scroll bars. Please don't break scroll behavior for whiz-bang effects.

[api]

We do nothing with scroll. I also hate whiz-bang scroll effects.

What is your browser? We have tested on four or five and it works fine on all of them.

[NetStrikeForce]

And this is our solution: https://wormhole.network

It uses the well known open source software SoftEther. I did a Docker image with Wormhole integrated: https://github.com/pjperez/docker-wormhole