ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZeroTier - are you using it in production?

    Scheduled Pinned Locked Moved IT Discussion
    30 Posts 8 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • WLS-ITGuyW
      WLS-ITGuy @Dashrender
      last edited by

      @Dashrender Yes. We are a school so the professors have a home office where they need access to the network and then also use the OnPrem network as well.

      Mapped drives work well on both ZeroTier and LAN. I did have some issues where I had to make changes to the host file but I have removed that since we changed the local domain name to simplify things.

      DashrenderD 1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender @WLS-ITGuy
        last edited by

        @WLS-ITGuy said in ZeroTier - are you using it in production?:

        @Dashrender Yes. We are a school so the professors have a home office where they need access to the network and then also use the OnPrem network as well.

        Mapped drives work well on both ZeroTier and LAN. I did have some issues where I had to make changes to the host file but I have removed that since we changed the local domain name to simplify things.

        Any details you can provide would be great.

        My past trials with ZT on a Windows Domain have had massive DNS issues, primarily in the fact that they would register both the local IP and the ZT IP, and DNS would often provide the ZT IP and non ZT PCs couldn't get there. Of course this is solved by putting all PCs on ZT, but won't solve it for things like printers who make DNS calls.

        JaredBuschJ 1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @Dashrender
          last edited by

          @Dashrender said in ZeroTier - are you using it in production?:

          My past trials with ZT on a Windows Domain have had massive DNS issues, primarily in the fact that they would register both the local IP and the ZT IP, and DNS would often provide the ZT IP and non ZT PCs couldn't get there. Of course this is solved by putting all PCs on ZT, but won't solve it for things like printers who make DNS calls.

          Why did you leave DNS actively listening on the ZT addresses?

          DashrenderD 1 Reply Last reply Reply Quote 1
          • DashrenderD
            Dashrender @JaredBusch
            last edited by

            @JaredBusch said in ZeroTier - are you using it in production?:

            @Dashrender said in ZeroTier - are you using it in production?:

            My past trials with ZT on a Windows Domain have had massive DNS issues, primarily in the fact that they would register both the local IP and the ZT IP, and DNS would often provide the ZT IP and non ZT PCs couldn't get there. Of course this is solved by putting all PCs on ZT, but won't solve it for things like printers who make DNS calls.

            Why did you leave DNS actively listening on the ZT addresses?

            Because at the time we were all learning. You replace DNS on AD with Host files. I wonder if you can turn that on it's ear and disable DNS on the local network and only use it on the ZT network if that would be enough to solve the issues? though I'm not sure what you do with things like printers/scanners that use resolution.

            JaredBuschJ 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @Dashrender
              last edited by

              @Dashrender said in ZeroTier - are you using it in production?:

              @JaredBusch said in ZeroTier - are you using it in production?:

              @Dashrender said in ZeroTier - are you using it in production?:

              My past trials with ZT on a Windows Domain have had massive DNS issues, primarily in the fact that they would register both the local IP and the ZT IP, and DNS would often provide the ZT IP and non ZT PCs couldn't get there. Of course this is solved by putting all PCs on ZT, but won't solve it for things like printers who make DNS calls.

              Why did you leave DNS actively listening on the ZT addresses?

              Because at the time we were all learning. You replace DNS on AD with Host files. I wonder if you can turn that on it's ear and disable DNS on the local network and only use it on the ZT network if that would be enough to solve the issues? though I'm not sure what you do with things like printers/scanners that use resolution.

              You are mixing this up. I disable the interface in DNS. I am not replacing DNS with a host. I am specifically using the host file for 2 entries. The domain.local and the dc1.domain.local (same entry) and a entry for internalwebserver.domain.local

              Everything else uses normal DNS in or out of the network.

              Yes, this means when off the network, the devices only finds the 2 systems with host entries.

              Disabling the interface in DNS prevents lots of auto DNS entries on the ZT network getting into the Windows DNS.

              DashrenderD 1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @JaredBusch
                last edited by

                @JaredBusch said in ZeroTier - are you using it in production?:

                You are mixing this up.

                No I'm not

                I disable the interface in DNS. I am not replacing DNS with a host.

                Yes you are - DNS only works when outside the network because you have a hosts file. Without it, you would be sunk. Granted, it's the solution you've found to solve the DNS having LAN and ZT IPs.

                Though I wonder if it's needed if all of your PCs have ZT on them, but you don't, you only have it on the sales laptops. Any reason you haven't installed it on the rest of the internal machines? According to previous discussions, that should solve the DNS issue because all machines will know how to get to both LAN and ZT IPs.

                JaredBuschJ 1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @Dashrender
                  last edited by

                  @Dashrender said in ZeroTier - are you using it in production?:

                  @JaredBusch said in ZeroTier - are you using it in production?:

                  You are mixing this up.

                  No I'm not

                  I disable the interface in DNS. I am not replacing DNS with a host.

                  Yes you are - DNS only works when outside the network because you have a hosts file. Without it, you would be sunk. Granted, it's the solution you've found to solve the DNS having LAN and ZT IPs.

                  Though I wonder if it's needed if all of your PCs have ZT on them, but you don't, you only have it on the sales laptops. Any reason you haven't installed it on the rest of the internal machines? According to previous discussions, that should solve the DNS issue because all machines will know how to get to both LAN and ZT IPs.

                  No, I am not. You clearly do not understand. I stated quite plainly that I only provide 2 entries in the hosts file because I am obviously not replacing DNS as you claim I am.

                  I am not interested in providing access to everything. I am specifically providing access to a single share and single application.

                  If I wanted everything, I would setup a gateway or setup the application on every device and have it all in DNS.

                  Don't push your issues on me.

                  1 Reply Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender
                    last edited by

                    The point is, unlike traditional VPN, you don't have full access to corporate resources with the way you've set your situation up. This is my sole point. There's nothing wrong with it. You know what you need access to, found a way to provide it. Great.

                    JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @Dashrender
                      last edited by JaredBusch

                      @Dashrender said in ZeroTier - are you using it in production?:

                      The point is, unlike traditional VPN, you don't have full access to corporate resources with the way you've set your situation up. This is my sole point. There's nothing wrong with it. You know what you need access to, found a way to provide it. Great.

                      This is a horrible solution. It always has been and anyone who recommends it, in today's world, deserves to have their shit infected or hacked.

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @JaredBusch
                        last edited by

                        @JaredBusch said in ZeroTier - are you using it in production?:

                        @Dashrender said in ZeroTier - are you using it in production?:

                        The point is, unlike traditional VPN, you don't have full access to corporate resources with the way you've set your situation up. This is my sole point. There's nothing wrong with it. You know what you need access to, found a way to provide it. Great.

                        This is a horrible solution. It always has been and anyone who recommends it, in today's world, deserves to have their shit infected or hacked.

                        Now you've lost me.

                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                        • JaredBuschJ
                          JaredBusch @Dashrender
                          last edited by

                          @Dashrender said in ZeroTier - are you using it in production?:

                          @JaredBusch said in ZeroTier - are you using it in production?:

                          @Dashrender said in ZeroTier - are you using it in production?:

                          The point is, unlike traditional VPN, you don't have full access to corporate resources with the way you've set your situation up. This is my sole point. There's nothing wrong with it. You know what you need access to, found a way to provide it. Great.

                          This is a horrible solution. It always has been and anyone who recommends it, in today's world, deserves to have their shit infected or hacked.

                          Now you've lost me.

                          Traditional VPN is a horrible solution.

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @Dashrender
                            last edited by

                            @Dashrender said in ZeroTier - are you using it in production?:

                            The point is, unlike traditional VPN, you don't have full access to corporate resources with the way you've set your situation up. This is my sole point. There's nothing wrong with it. You know what you need access to, found a way to provide it. Great.

                            That's not "traditional VPN." VPN is, and always has been, a broad spectrum of approaches. What you are thinking of is site to site VPN which is not what was popular or meant by VPN broadly for the first decade. Site to Site VPN was the "hot new thing" fifteen years ago.

                            1 Reply Last reply Reply Quote 0
                            • stacksofplatesS
                              stacksofplates
                              last edited by stacksofplates

                              I don't have it in "production" any more. I have a few things at home set up on it. I originally had a separate zone for it. Everything in my house is pa.jhbcomputers.com so the zone for ZT was zt.jhbcomputers.com. Now I just have a local hosts file I can push out to whatever I want.

                              I'm not really using it that much though. I'm mostly just tunneling through my jump box.

                              1 Reply Last reply Reply Quote 1
                              • 1
                              • 2
                              • 2 / 2
                              • First post
                                Last post