@dafyre said in Timeframe for ZeroTier on iOS:

It was in the big write up with all the price changes... http://mangolassi.it/topic/8928/zerotier-gui-updates-new-features-and-new-pricing-structure

It was just a quiet mention... Not even a bold or italics line. lol.

LOL - it was in the part that MLNews actually posted itself.

@mlnews

Along with our web UI and our subscription service, we have quite a bit more in the pipeline. Our iOS version is now in beta. If you want to try it out via TestFlight drop us an e-mail and we'll send you an invite. Major announcements on the Network Containers and Enterprise fronts are coming soon as well.

@adam.ierymenko said in ZeroTier GUI Updates, New Features and New Pricing Structure:

Yeah that's in our feature queue but after a ton of other stuff.

Nice. Keep up the good work!

@JaredBusch

Good to know. I'm planning on starting this later this week. If I can get this working, I'm going to replace a PFSense firewall with an ERX or lite. Right now, this is the only thing that I dont have setup for ERX yet.

@PSX_Defector said:

@Brains said:

It's just bad timing and we are in the healthcare market and subject to Texas's Workers Compensation craziness, so its been a rough year or two for us.

Then you best not be using PPTP. Compliance audits will come down on you hard.

If anyone will be at Lone Star PHP in Texas this weekend, let me know. Ill be there and will buy you a beer.

I thought you were talking about Big Texas Beer Fest, which was last weekend.

I was planning on trying to use L2TP and darn for missing the Beer Fest. That's my kind of place! Well Whiskey Fest would be MORE my kinda place haha.

I also wanted to ask you about this as well:
3 Year Warranty & InControl 2 for Balance One/Balance One Core

I really doubt the cloud management would be useful for us since we only have 2 local devices (one active at a time). We will get free firmware updates AFAIK, so I don't really know why that is mentioned. Is there any reason we should get this package? 25% price increase for 2 additional years of warranty doesn't seem worth it to me.

@coliver said:

Do VPN connections get created/torn down with every communication? Or are they persistent until the device disconnects?

Normally neither. They are normally persistent until a certain amount of time, then they tear down when idle. Might be hours or days. That way they don't remain absolutely forever, but normally a very long time.

@wrx7m said:

I think they pulled IPv6 support awhile back. All my Pertino devices are IPv4. Also, note that I have problems with builds 520+ when installing it on Windows DCs/DNS servers. The DNS records do not dynamically update when Pertino is installed. 510 works OK, though. I have a custom 529 build that support gave me that is basically 510 but enables some more verbose logging so they can find out what is going on.

This is an old article from 2013 being reposted because @scottalanmiller stopped maintaining the original.

@scottalanmiller lol

@gjacobse said:

I was informed that he is about 20' from the router on Wireless, but that TWC is to be onsite today to setup / move the equipment and then he will be within 5' of it.

Just hope it's not to close and overloads the wireless radio's.

@wirestyle22 said:

Sorry for the lack of information. I'm currently researching LAN-less technology and was looking at thin clients just for funsies. We would be using ZT already and I was just wondering if thin clients would even work over the WAN. This is something I would possibly implement. We used to have them on mobile carts at the hospital I used to work at (LAN based). Bear with me here. I came in to get my cup of coffee today and someone didn't re-fill the Keurig so my life is meaningless for the next five minutes.

Well thin clients are used over a WAN all the time. Think about any time you RDP into a remote server. Remember a WAN isn't a different technology from a LAN, the devices can't tell them apart. It's all just the same TCP/IP network to the devices.

And when you use ZT, there isn't a WAN, it's all LAN.

@Dashrender said:

@dafyre said:

@Dashrender said:

@scottalanmiller said:

@FATeknollogee said:

@Jason said:

@FATeknollogee said:

Type 3: Users (are contractors), they connect via VPN from overseas

Seems like a bad idea. Usually employees are given VPN access from company owned devices. a VPN is too much exposure for non-company owned devices and for people who aren't full employees. I would look into some other form of access, RD Gateway with RDS or Ctirix etc for these people.

Are you saying access via ZT is not a good idea?

Correct. ZT is a VPN. VPNs from arbitrary devices is normally a bad idea. The only exception to this is when you would have happily exposed the LAN to the Internet and this is purely a handy control of IP addresses. If security is your goal, you are bypassing security using a VPN in this role. VPNs are very dangerous because they are about exposure.

The whole trusted network issue. LAN vs LAN-less

As more and more things move to networks that are not local to our computers, we're changing seeing how we trust things.

Traditionally we trust machines that are on our local LAN, but, if flip that on its ear and trust nothing, and always setup authenticated/trusted communications no matter where device is in comparison to us, then we are much safer.

I think that it is beyond time that we stop trusting machines on our local lan. Even my home network has the service discovery disabled, and each machine has its firewall turned on for that very reason.

I go back and forth on using the home networking features that Windows has these days.

I use them because they are there. I also have linux boxes at my house too, so there's that. 😄

This will be good for things like the Rocket.Chat system too. Was thinking that we would get that up and running in the lab for communication between people working in the lab so that they could coordinate easily. Although perhaps just an IRC channel would make more sense for that. But delivering those kinds of things over ZeroTier is easy.

@scottalanmiller said:

@johnhooks said:

I think the Ubuntu store ruined it for me. It used to take forever to load so I always just did cli, maybe I need to try the Fedora store and see how it works.

On Mint you just click on the DEB, there is no store involved.

Ah ok. Ya Ubuntu used to load the full store (not sure if it still does) to install something. So I just started doing gdebi or dpkg -i or dnf install ./package for everything I downloaded.

I have my menu key on my keyboard mapped to the drop down terminal Gnome 3 extension because I don't use that key anyway. So opening the terminal and running it is pretty quick.

I'll have to see how Fedora handles that.

@scottalanmiller I was planning on it

For comparison here is a session going over OpenVPN to another site with an 80/5 cable modem service.

Maxing under 8mbit on average.

C:\iperf3>iperf3 -c 10.202.10.49 -p 9676 -F office2013.iso -t 120 -P 4 - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 113.01-114.01 sec 128 KBytes 1.05 Mbits/sec [ 7] 113.01-114.01 sec 384 KBytes 3.15 Mbits/sec [ 10] 113.01-114.01 sec 256 KBytes 2.10 Mbits/sec [ 13] 113.01-114.01 sec 128 KBytes 1.05 Mbits/sec [SUM] 113.01-114.01 sec 896 KBytes 7.35 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 114.01-115.00 sec 256 KBytes 2.10 Mbits/sec [ 7] 114.01-115.00 sec 384 KBytes 3.15 Mbits/sec [ 10] 114.01-115.00 sec 256 KBytes 2.10 Mbits/sec [ 13] 114.01-115.00 sec 256 KBytes 2.10 Mbits/sec [SUM] 114.01-115.00 sec 1.12 MBytes 9.45 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 115.00-116.00 sec 256 KBytes 2.10 Mbits/sec [ 7] 115.00-116.00 sec 512 KBytes 4.20 Mbits/sec [ 10] 115.00-116.00 sec 128 KBytes 1.05 Mbits/sec [ 13] 115.00-116.00 sec 0.00 Bytes 0.00 bits/sec [SUM] 115.00-116.00 sec 896 KBytes 7.35 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 116.00-117.00 sec 256 KBytes 2.10 Mbits/sec [ 7] 116.00-117.00 sec 384 KBytes 3.15 Mbits/sec [ 10] 116.00-117.00 sec 0.00 Bytes 0.00 bits/sec [ 13] 116.00-117.00 sec 0.00 Bytes 0.00 bits/sec [SUM] 116.00-117.00 sec 640 KBytes 5.25 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 117.00-118.01 sec 256 KBytes 2.07 Mbits/sec [ 7] 117.00-118.01 sec 384 KBytes 3.10 Mbits/sec [ 10] 117.00-118.01 sec 128 KBytes 1.03 Mbits/sec [ 13] 117.00-118.01 sec 128 KBytes 1.03 Mbits/sec [SUM] 117.00-118.01 sec 896 KBytes 7.24 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 118.01-119.01 sec 384 KBytes 3.15 Mbits/sec [ 7] 118.01-119.01 sec 384 KBytes 3.15 Mbits/sec [ 10] 118.01-119.01 sec 128 KBytes 1.05 Mbits/sec [ 13] 118.01-119.01 sec 128 KBytes 1.05 Mbits/sec [SUM] 118.01-119.01 sec 1.00 MBytes 8.40 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 119.01-120.01 sec 384 KBytes 3.15 Mbits/sec [ 7] 119.01-120.01 sec 128 KBytes 1.05 Mbits/sec [ 10] 119.01-120.01 sec 128 KBytes 1.05 Mbits/sec [ 13] 119.01-120.01 sec 256 KBytes 2.10 Mbits/sec [SUM] 119.01-120.01 sec 896 KBytes 7.35 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 4] 0.00-120.01 sec 27.5 MBytes 1.92 Mbits/sec sender Sent 27.5 MByte / 1.39 GByte (1%) of office2013.iso [ 4] 0.00-120.01 sec 27.3 MBytes 1.91 Mbits/sec receiver [ 7] 0.00-120.01 sec 30.1 MBytes 2.11 Mbits/sec sender Sent 30.1 MByte / 1.39 GByte (2%) of office2013.iso [ 7] 0.00-120.01 sec 30.0 MBytes 2.09 Mbits/sec receiver [ 10] 0.00-120.01 sec 25.6 MBytes 1.79 Mbits/sec sender Sent 25.6 MByte / 1.39 GByte (1%) of office2013.iso [ 10] 0.00-120.01 sec 25.5 MBytes 1.78 Mbits/sec receiver [ 13] 0.00-120.01 sec 25.1 MBytes 1.76 Mbits/sec sender Sent 25.1 MByte / 1.39 GByte (1%) of office2013.iso [ 13] 0.00-120.01 sec 24.9 MBytes 1.74 Mbits/sec receiver [SUM] 0.00-120.01 sec 108 MBytes 7.58 Mbits/sec sender [SUM] 0.00-120.01 sec 108 MBytes 7.53 Mbits/sec receiver iperf Done.

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

hell, forget windows. Let's look at phones! Android phones rare ever get patched. A hardware firewall in front of them seems very smart!

If you are concerned with security to the point that you are carrying hardware to put in front of your phone, wouldn't you more likely just get an iPhone?

The article implied that iPhones were just as easy to force to his AP as Windows or Android devices.

The point was that they are patched regularly. The carriers can't block it and Apple really annoys people who hold back. Apple takes security seriously in a way that Google cannot because of how they treat the ecosystem and carriers.

Google capitualated, Apple didn't. Apple said - you want our phone, you'll do it our way.

The carriers told Samnsung, LG, HTC, etc (I'm sure Google wasn't even part of it) you want us to carry your phones, you'll do it our way, or we'll find someone who will.

Yup, leaving Apple with a stronger security hand.

Yes, you are correct, I think that that will work. Trying to figure out how to manually set the IP address in that case as it seems to want to not allow DHCP and the pool of IP addresses here is large so it makes it rather complicated.

@Dashrender said:

What do you expect to happen? That DNS queries should all go to the DNS server provided by the VPN DHCP request?

That's the hope if it is working correct. The VPN client should set the IP address of the workstation with a VPN address and make the primary DNS entry be one that looks through the VPN to the AD DC / DNS server with internal resolution. If not, why not? If so, what IP gets returned. The right one? Or if the wrong one, why?

This is all I did to get mine working on windows 10 http://itthatshouldjustwork.blogspot.com/2015/07/cisco-64-bit-vpn-client-on-windows-10.html

There is not an up to date client, Cisco VPN is EOL'd It was replaced with Cisco AnyConnect

Adam - welcome to the community and overlay networking!

Not trying to hijack the thread as this appears to be a ZT feature request topic, but since Pertino has come up a number of times, here are the answers:

DNS: PITA. We solved it by using customer internal DNS in AD environments. This is a solution for many customers, but not the end all. Without some type of local integration, overlay networks can never really be used for an internal company network because protocols will not translate.

Free plans: all trials revert to a free network for up to 3 devices; existing free plans with more devices are still live - thanks beta testers! Take the class-action suit to LMI 😘

Chef/Puppet: you can automate Pertino installs with your orchestration tools. We even have a Docker compatible client for cloud-bursting, cross-DC networking

LDAP integration/custom UI: We've got some APIs already available, some in the works. Plan is to make it so if you don't want to, you never have to enter the Pertino console.

Best,
Josh