
ZeroTier 2.0 Status - viraptor
https://www.zerotier.com/zerotier-2-0-status/
======
comex
A lot of good stuff! I'm glad they're finally going fully decentralized.
ZeroTier is a really underappreciated piece of software, especially
considering that it's open source.

On the other hand, I am one of the apparently few people who actually have set
up ZeroTier on "really tiny routers"... at least, routers with 128MB of RAM,
which I guess falls under their definition of tiny since they would have a
hard time tolerating a "20-30mb" increase in RAM usage. Luckily for me, I'm no
longer using those routers, but I'd like to be able to set them back up in the
future if I need them. So I hope ZeroTier does get around to making a "super-
minimal reduced feature set C++-only client"...

~~~
comex
Too late to edit my post, but:

Apparently ZeroTier is no longer under an open source license, as of a month
ago. Another comment has the details. That’s a real shame… I think I will stop
using it. :(

------
zimbatm
Note that ZeroTier recently switched to the Business Source License 1.1[1]
that adds some restrictions. For example you are not allowed to re-sell
ZeroTier as a service, and it restricts Government uses. It seems like a good
thing, but also is good to know.

[1]:
[https://github.com/zerotier/ZeroTierOne/blob/master/LICENSE....](https://github.com/zerotier/ZeroTierOne/blob/master/LICENSE.txt)

~~~
zeveb
Yipes, AGPL would have been preferable. Oh well, guess I'll wait until 2023 to
use it.

~~~
johntash
I'm not familiar with it, what's bad about the license assuming you are a
consumer and not a business?

~~~
zeveb
It's not free software, which means users are not free to use it as they wish.

[https://www.gnu.org/philosophy/free-
sw.en.html](https://www.gnu.org/philosophy/free-sw.en.html)

------
sgentle
I am very excited about this update. ZeroTier is a great project that, at
least as I use it, would be best described as "Hamachi for sysadmins". Just
one command, zerotier-cli join <id>, connects your machine to a layer 2 VPN
with automagical mesh routing and NAT punching. Add your laptop and all your
random cloud servers, home machines, raspberry pis, whatever – now you can
connect to any of them as long as there is some path in between.

The only real issue I had is that it wouldn't work unless every machine had
access to the root servers. That seems like it's no longer the case in 2.0,
which is great news.

------
reilly3000
ZeroTier is fantastic software. I'm often surprised I don't hear about it
more. Its great to hear they are embracing Go; that might make it more
accessible for me to hack on. SDN has come a long way...

~~~
api
We are embracing Go for the higher level service controls but the core is
staying C++ for now. Still can't beat C/C++ when you want to sling packets
very very fast.

(ZeroTier founder and main author here)

~~~
reilly3000
Thanks for what you do. I’ve enjoyed using ZeroTier for my personal LAN to
allow my homelab to serve small services (Plex, Minecraft server, dev dbs etc)
as well as planning on rolling it out to my small team as a VPN alternative.
The traditional VPN was expensive, awful slow, and it’s IP was frequently
blocked on various sites, making some work impossible to complete without
disabling the VPN. The network ZeroTier is allowing me to design is remarkably
specific to our needs. As a cloud-only company traditional firewalls don’t
really fit, but virtual networks give us that same level of control. The open
source, self host-able code you provide is very confidence-inspiring for a
security product. I’ve always been curious as to how much it costs to run your
hosted free tier because the limits are quite generous. On a personal note,
ZeroTier allowed me to work from my LAN remotely which gave me the ability to
be with my father in person during the last few weeks of his life without
missing work and getting in a financial pickle. So... thanks!

------
ryan-allen
I love this service, I went to go set up a VPN but instead a friend
recommended me this.

I use it to access my computers and NAS from different locations. At home, the
NAS is a single hop away so it doesn't go via the internet.

I was able to ditch Chrome Remote Desktop as a result, and with my usage, it's
all free. I'd pay for it, though!

------
mappu
_> The second downside may be a slight loss of ability to support very old
targets. The most impactful of these will be 32-bit Windows since we are not
sure if CGo (Go’s system that allows us to link to our C bits) will work
properly on 32-bit Windows systems._

It should work fine - at least at $DAYJOB I ship a GOOS=windows GOARCH=386
CGO_ENABLED=1 binary, it passes all the test cases + no user complaints.

~~~
marcrosoft
It’s not that easy when you use C dependencies.

~~~
mappu
We have several C dependencies, mostly in two methods:

\- Cygwin helps a lot by providing a GNU make that works with CC=mingw-w64
(i.e. no cygwin1.dll dependency) and we can simply link these extra .o by
setting `-extldflags "-lxxxx"` on `go build` invocation; and/or

\- Put .c files in a Go package and build with CGO as-is (e.g.
github.com/datadog/zstd package and others). More convenient but some
limitations on CFLAGS for security reasons post-1.10.

All works fine and was not particularly complex to set up. GC changes have
caused us to need more explicit `runtime.KeepAlive` calls after CGO interop
however.

------
mostlyjason
I wish they would offer support for local DNS or let me run my own DNS server.
Having to remember so many IPs is inconvenient and regressive.

~~~
leni536
> Having to remember so many IPs is inconvenient and regressive.

mDNS works fine on zerotier for me at least.

~~~
e12e
I can confirm I have an android TV with sideloaded zerotier (would be great
with official Android TV support, BTW! Ed: Android TV has a separate app store
- apps need to declare themselves compatible), a few Linux boxes - and
mDNS/bonjour works fine.

------
aitchnyu
Tangential, but the pure black background and thin white text creates
rendering issues in Firefox in Ubuntu and make it a pain to read. Vertical
lines in "will" glows in lavender and "m" glows in blue.
[https://ibb.co/VYDMMhs](https://ibb.co/VYDMMhs)

~~~
api
Thanks, might adjust the fonts then. We (ZeroTier) all have high contrast big
monitors and all the people who mess with the web generally use Macs that
render the text quite nicely.

~~~
aitchnyu
Now vertical lines turned brown. Probably the pure black background, which is
frowned upon anyway.

------
kimi
I seem to remember that it had a kind of limitation at 100 devices, but maybe
it has changed?

~~~
api
That's for our SaaS hosting, and that pricing is going to change soon anyway.
You can also host your own network controllers. There are no intrinsic limits.

------
rohan1024
The one liner on website does give idea of what it's supposed to do but how?
Do I host my own instance at home or do I have to have a VM in cloud? Is it
dependent on ZeroTier or I can use it without any dependency? Thanks in
advance.

------
mesaframe
>The simple fact is that Go is a much more productive language than C++.

Fact? No. Opinion? Yes

------
antman
Has anyone compared this to Wireguard?

~~~
viraptor
It's a screwdriver vs toolbox situation. WG is a great simple screwdriver
which provides encrypted tunnel between endpoints.

ZeroTier gives you fully configurable SDN with intelligent local/public
routing, online interface, full nat workaround, custom addressing, global
register requiring only a token to authenticate a node, and many other things.

~~~
fro0116
I wished on more than 1 occasion that I could just use one of my ZeroTier
nodes in other locations as an exit node and tunnel traffic through it though.

I think that might already be possible but it'd be nice if the configuration
was abstracted away behind some simple interface.

That'd allow it to replace Wireguard and Mullvad for me as I mostly use it as
a means to bypass georestrictions.

~~~
viraptor
Like this?
[https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/...](https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode)

------
iofiiiiiiiii
What is this thing even for? I cannot make heads or tails of the description
on the website.

~~~
traverseda
It's a "virtual lan" project like hamachi or (some configurations of) openvpn.

Sometimes you want two computers to be able to talk to one another, even if
they're behind a NAT or there's otherwise infrastructure between them that
makes this difficult.

Zerotier makes that easier by

* Checking to see if the other device is directly reachable, if you're both already on the same LAN.

* Employing NAT hole punching to try to establish a path anyway

* Finally proxying the connection over a server reachable by both

In my experience it's the easiest way to make sure all my computers are
reachable, even if one of those computers is a phone and another one is behind
a NAT.

------
floatboth
Ugh, nooooooo, not Go.

I'll stay on 1.x, thank you very much. I hope there will be a well maintained
fork of 1.x.

~~~
packetlost
What's wrong with Go?

~~~
floatboth
Weirdest toolchain in the world, at least among popular ones. Custom calling
convention, custom (AWFUL) assembler, insistence on using syscalls directly on
systems where the libc is the only officially public API (FreeBSD), bad
portability as a result (I tried to add FreeBSD/aarch64, it was an awful
experience, thankfully others have continued the work). Don't tell me about
gccgo, it mostly copies the standard library from the main implementation, so
it also uses syscalls directly.

Just look at
[https://github.com/minio/asm2plan9s](https://github.com/minio/asm2plan9s) /
[https://github.com/minio/c2goasm](https://github.com/minio/c2goasm) —
carefully read the readme and understand what this hack does. If the existence
of this hack does not make you extremely angry at Go, I don't know what will.

Oh and I don't like the language itself either. The anti-intellectual attitude
of the designers sucks. "Screw anything discovered by PL research in the last
30 years, we just want everything like in the good old days with C but with GC
and concurrency" is just silly. The "developers are too stupid to use smart
features like generics" attitude is quite offensive. (I guess they are
responding to the overwhelming demand for generics now, but it's not like they
had a big change of heart, it's just caving to external pressure, not
personally embracing the concepts)

~~~
api
> The anti-intellectual attitude of the designers sucks. "Screw anything
> discovered by PL research in the last 30 years, we just want everything like
> in the good old days with C but with GC and concurrency" is just silly. The
> "developers are too stupid to use smart features like generics" attitude is
> quite offensive.

It's not anti-intellectual. It's just reasoning from a different set of
premises.

Go is remarkably productive. I've written extremely complex software in it and
found that I rarely miss that stuff. I do agree that it needs some
limited/minimal generics support for data structures and algorithms, but
that's about all I would add.

I think it shows that a lot of the stuff that's been explored in the last 30
years in languages just isn't necessary. Go is not a language for showing off
how smart you are with esoteric language constructs. It's a language for
getting things done with minimal cognitive load across the problem domain.

[http://www.ariel.com.au/jokes/The_Evolution_of_a_Programmer....](http://www.ariel.com.au/jokes/The_Evolution_of_a_Programmer.html)

Go is for people who have made it to at least apprentice hacker in that
progression and realized that complexity is evil. Complexity should only be
added when one is dragged kicking and screaming into it by the inherent
complexity of the problem domain, and even then only after exploring ways of
avoiding it.

I applaud Go's designers for doing that at the language level. They're being
dragged into generics after exploring all possible ways of avoiding generics,
which is the right approach. They also bailed on an idea to add unnecessary
syntactic sugar to error handling in Go because it isn't necessary. It saves a
small amount of typing in exchange for increased cognitive load, and cognitive
load is more expensive than keystrokes.

~~~
floatboth
I'd say `if err != nil {}` all the time is an awful lot of cognitive load.
Heck, just `nil` turns everything into a minefield.

Functional programming constructs rarely _add_ complexity, they are excellent
tools for handling and reducing it.

~~~
api
> is an awful lot of cognitive load.

I disagree. It's a lot of text, but cognitively it's trivial to understand.

A more terse language construct that moves logic around requires more thought
to comprehend even if it takes up less space on the screen.

Computers are fast. Screens are big. Our brains are overwhelmed and limited.

