Considering a New VPN
-
Let's ask another question - instead of deploying a new VPN solution - what exactly are users accessing? and can it be changed in such a way to make VPNs not needed anymore?
-
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux -
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linuxI was leaving that out for simplicity as he's not going to build custom Linux systems for this.
-
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linuxI was leaving that out for simplicity as he's not going to build custom Linux systems for this.
Why? Because a single VM setup as a gateway means that ZT now meets all needs also.
No different than replacing a router, etc.
-
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linuxI was leaving that out for simplicity as he's not going to build custom Linux systems for this.
Why? Because a single VM setup as a gateway means that ZT now meets all needs also.
No different than replacing a router, etc.
I've not used it, does it require you to change your IP range or can you keep what you have?
-
@Dashrender said in Considering a New VPN:
can it be changed in such a way to make VPNs not needed anymore?
Yes, it can. But not as easily as implementing a new VPN.
-
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linuxThanks. I had a vague recollection that it could.
-
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linuxI was leaving that out for simplicity as he's not going to build custom Linux systems for this.
Why? Because a single VM setup as a gateway means that ZT now meets all needs also.
No different than replacing a router, etc.
I've not used it, does it require you to change your IP range or can you keep what you have?
The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet.
I use ZT in a number of places, but not using the gateway anywhere yet.
-
@Carnival-Boy said in Considering a New VPN:
@Dashrender said in Considering a New VPN:
can it be changed in such a way to make VPNs not needed anymore?
Yes, it can. But not as easily as implementing a new VPN.
easy of implementation shouldn't be the goal - sustainability and future proofing should be, tempered by costs.
-
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linuxI was leaving that out for simplicity as he's not going to build custom Linux systems for this.
Why? Because a single VM setup as a gateway means that ZT now meets all needs also.
No different than replacing a router, etc.
I've not used it, does it require you to change your IP range or can you keep what you have?
The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet.
I use ZT in a number of places, but not using the gateway anywhere yet.
Right, so being inclusive means that you did follow Scott's recommendation, only that you bent ZT to the current setup, instead of making a whole new IP setup with this in mind.
Did that solve all of the Windows DNS issues?
-
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linuxI was leaving that out for simplicity as he's not going to build custom Linux systems for this.
Why? Because a single VM setup as a gateway means that ZT now meets all needs also.
No different than replacing a router, etc.
I've not used it, does it require you to change your IP range or can you keep what you have?
The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet.
I use ZT in a number of places, but not using the gateway anywhere yet.
Same here.
-
@Dashrender said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@JaredBusch said in Considering a New VPN:
@scottalanmiller said in Considering a New VPN:
@Carnival-Boy said in Considering a New VPN:
Yeah, I need hub and spoke really. But that's not too difficult to setup on ZeroTier is it?
ZeroTier doesn't offer hub and spoke at all. It's pure SDN / mesh.
This is not true, ZeroTier has gateway functionality.
https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linuxI was leaving that out for simplicity as he's not going to build custom Linux systems for this.
Why? Because a single VM setup as a gateway means that ZT now meets all needs also.
No different than replacing a router, etc.
I've not used it, does it require you to change your IP range or can you keep what you have?
The biggest recommendation is to make it inclusive of your LAN subnet so make life easier. I've not had the time to set it up on my lab yet.
I use ZT in a number of places, but not using the gateway anywhere yet.
Right, so being inclusive means that you did follow Scott's recommendation, only that you bent ZT to the current setup, instead of making a whole new IP setup with this in mind.
Did that solve all of the Windows DNS issues?
I have no idea WTF you are talking about. You are implying and inferring things that are not being discussed here.