Being built on top of wireguard is a plus - although it's a shame tailscale (for good/architectural reasons) doesn't support using standard/kernel mode wireguard.
ZeroTier is source-available - but invents a separate protocol, and so misses out on some shared scrutiny / feedback.
ZeroTier is going to a more standard OSS license for its core components soon, probably the MPL.
As for the protocol: yeah, it actually predates the final release of Wireguard a bit. A Noise-based session protocol with similar security properties to Wireguard but based on AES is in the ZeroTier V2 design. (Wireguard is basically Noise_IK.) I also always point out that a good fraction of what people run over virtual networks is already encrypted: SSH, TLS, etc.
(ZeroTier founder here)
BTW we get asked a lot if Tailscale is our competition. IMHO our competition is the "everything runs in the cloud and all you get is a thin client" model of computing. If that wins out we fail and everyone else doing this kind of thing fails.
The existence of very similar disruptor competitors in an emerging market niche is encouraging since it shows there's some "there" there. No competitors can mean no market. Look how many SQL, NoSQL, NewSQL, etc. database vendors there are and many of them do very well.
> ZeroTier is going to a more standard OSS license for its core components soon, probably the MPL.
What does this mean for embedding ZeroTier applications through the SDK (libzt)? For the sake of your business, I think it makes sense to keep that upper layer, designed specifically for application developers, under something like the Business Source License.
The core, apps, and service would go under the MPL, which are the only parts that 90%+ of users use. The controller and libzt would go under something that makes it free and copyleft for non-commercial / non-for-profit use.
For that we're considering the BSL with fallback to MPL, AGPL, SSPL, or MPL plus commons clause. Haven't decided yet.
For two years I've been remote working from home on the PC located in office via Remote Desktop.
While ZeroTier is still enabled as fallback solution to get access to work PC (as well as Chrome remote)
Main workforce became Tailscale.
With Zerotier RD connection were not stable. Even using same ISP at home and at work don't help a lot.
With Tailscale I've forgot about this kind of issues. It's just works.
Also now I'm constantly using Tailscale as a VPN on mobile devices.
Tailscale's insistence on using third party auth is an absolute PITA. With the withdrawal of GMail's free email to a custom domain/workspace product, our org switched email provider. The pain that then followed with TS support to switch auth providers was bad. TS don't have familiarity with the auth services they are promoting, all of the options available add at least $5/user to the bill, and it was a massive timesink for a 'just works' service to switch configs. All because TS don't want to manage their own auth infrastructure (I don't buy the marketing BS around this).
Headscale (see github) looks like a good way of taking back control of the auth side-of-things, and if we go that route, tailscale will lose the revenue they could have otherwise retained if they were more on the ball.
I agree. I won't use any VPN that isn't completely self-hosted. I don't trust external auth providers (including when it's the provider themselves like with zerotier). It's like giving Microsoft or Google the keys to my house :/
Zerotier does not seem to work behind my University's firewall, which seems to be a CG-NAT, and bans UDP traffic. It gets stuck on connection. It seems to connect to a relay but it does not actually work. Tailscale works out of the box.
The TL;DR is there isn't much difference besides the protocol being used. Tailscale published their own comparison that seems pretty fair to both sides (they do this for a few other options as well) https://tailscale.com/compare/zerotier.
ZeroTier is source-available - but invents a separate protocol, and so misses out on some shared scrutiny / feedback.