[kenmacd]

Any advantages to this over https://www.zerotier.com/?

Being p2p and using one PSK seems to make firewalling more difficult. ZeroTier's 'capability-based + tagging' rule engine is pretty amazing in that I can easily allow just one peer to connect on a port.

[ensignavenger]

VPNCloud is Open Source, which is a huge advantage for me.

[orev]

ZeroTier is also Open Source

[sneak]

No, it is not.

It's only source available: it is licensed under the BSL which is not a free software license. Use of the term open source is not appropriate.

A friend works there and tried to recruit me; I declined because of this sort of fake open source charlatan nonsense.

The software in TFA (VPNCloud) is indeed free software/open source: it is licensed under the GPL, just like Linux.

[hedora]

ZeroTier reverts to Apache after 4 years, and there’s a GPL version from 2019.

So, older versions are indeed open source, and new versions will eventually be so as well.

What’s your objection to the BSL? It seems like a great way to provide ongoing funding to open source, and guarantees popular commercially developed software won’t end up as abandonware.

[ensignavenger]

There are several problems with it. The license prevents me from paying some one other than ZeroTier Inc. from hosting it for me, and providing related services. This is a business risk because ZeroTier Inc may have diverging business needs from me. THey may even go bankrupt or be bought out by some one who abandons the product. This would mean I would have to host it myself (Until the version I need becomes Open Source), and I may not want to do that.

It also makes it hard for a fork to develop traction, as a fork would have to start at a much older version that is Open Source, or the ecosystem would have to forgo the opportunity for third-party hosting services to support it.

The freedom to fork is an essential freedom. Without it, I would not feel comfortable contributing to the project. Nor would I feel comfortable basing critical business infrastructure on it.

Others may be fine with proprietary source-available software, and that is fine for them, but I strongly prefer Open Source for my needs, especially for core infrastructure.

[nh2]

The downvotes of the parent are unjustified; the license's own text literally says:

> The Business Source License (this document, or the "License") is not an Open Source license.

https://github.com/zerotier/ZeroTierOne/blob/a7f652781faedfb...

[kenmacd]

It seems like a pretty good license to me. I just can't host it (same as GPLv3), but in a few years it switches to an every more free license.

Is the concern simply that governments can only use it to help people?

[GekkePrutser]

I looked at it also but for me the concern was that all access management and configuration is done via their cloud. So they can easily add nodes to my VPN. This is an absolute dealbreaker for me.

I know I can self-host even that top management layer (I think they called it "earth" or something). but they make that pretty complicated, probably on purpose.

In the end I just wrote it off in the end as something that has goals not aligned with mine. I'm going to look at Nebula (from Slack) soon. I use tinc at the moment but I wish it was more performant.

There's many options in this arena now so there's no point in sticking with something that doesn't completely fit your needs.

[sneak]

The concern is the same as that with any other software license that restricts the freedoms of the world to build upon, adapt, and use the software for any purpose.

I'm not some free software zealot; I use macOS and the Creative Cloud and a bunch of other proprietary crap on a daily basis. I just don't pretend it respects my freedom. Nonfree licenses are like that.

It's not like it "switches to even more free": it is presently nonfree.

[Anunayj]

zerotier runs into problems when two NATs are involved, this claims to not have any problems with that?

[heythere22]

I'm running 4 hosts behind 4 different NATs in the same zerotier-virtual-network and never had any issues. By far the easiest way to accomplish connecting different hosts behind different NATs. No config whatsoever required!

[dividuum]

Once you have two NATs, you can either try to punch holes (ZeroTier tries that), use UPnP (ZeroTier does - see below) or relay traffic using dedicated machines (ZeroTier does that as fallback). I successfully used ZeroTier to connect multiple devices behind NATs.

VPNCloud seems to only do UDP hole punching and doesn't have the ability to relay via a third party. At least in theory, ZeroTier should handle cases that VPNCloud doesn't.

[Anunayj]

I think zerotier does UPnP too (read somewhere), though I could not get zerotier to work reliably with 2 NATs. I'll try this and tell if I see any success with this.

[dividuum]

> I think zerotier does UPnP too

I think you're correct. Thanks. My information was from an old blog post from 2014 [1] but they seems to have added support since then: https://github.com/zerotier/ZeroTierOne/commit/bf193dd3. Edited my post.

[1] https://www.zerotier.com/2014/08/25/the-state-of-nat-travers...

[adamfisk]

Having two NATs is really the only case worth mentioning. Considering almost all internet traffic involves at least one NAT, if you can’t handle a single NAT case, you’ve got issues!

[kenmacd]

I have ZeroTier running behind a variety of different NATs and haven't had any issues at all. It also seems to do a good job of having hosts on the same network talk directly over their private IPs.

[namibj]

Except almost no IPv6 traffic involves a NAT, and a significant chunk of internet traffic is using IPv6.

Hence it's not possible for almost all to involve a NAT, even if all IPv4 traffic would.

[kenmacd]

Do you mean when one peer is behind multiple layers of NAT? If so that's not a situation I have myself, but I'll keep in mind.

For regular nodes behind a single NAT I've personally found it worked remarkable well. Maybe I've been lucky on UPnP support with routers or something though.

[linsomniac]

I haven't experienced that. At home I currently have a Google WiFi in NAT mode behind a Nokia Fiber ONT also in NAT mode (eventually plan to switch to bridging mode after some networking reorganization).

I haven't run into any ZeroTier issues in this config.