ZeroTier Review
-
@dafyre said:
@quicky2g -- Those are some good numbers to see. It is important to note that if two ZT devices are on the same network subnet, then ZT will communicate directly over the LAN (the traffic will never leave your network). That's likely the reason for the good speeds.
Also are you doing your WAN test with UDP or TCP? (I think with UDP, you could see the higher rates, as UDP doesn't have to confirm delivery of the data).
Wasn't sure if iPerf used TCP or UDP as default so had to check in Wireshark. Looks like TCP is default. Makes sense that UDP would get better results but have never been able to find a different combo of options for iPerf that got me better results. Anyone else use iPerf?
-
@travisdh1 said:
I could wish for 512 bit where it's available, but 256-bit ECCDH and Salsa20 + Poly1305 should be all right. I know Steve Gibson is using NaCl and ECCDH in his SQRL protocol, so should be ok. So long as implementation isn't funky, it should be good.
Some odd seeming results for me as well. This is between the two locations here.
iperf over ZeroTier
*pm7:~# iperf -c 10.147.17.117Client connecting to 10.147.17.117, TCP port 5001
TCP window size: 35.2 KByte (default)[ 3] local 10.147.17.239 port 55229 connected with 10.147.17.117 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.1 sec 11.1 MBytes 9.21 Mbits/sec
pm7:~# iperf -c 10.147.17.117Client connecting to 10.147.17.117, TCP port 5001
TCP window size: 35.2 KByte (default)[ 3] local 10.147.17.239 port 55231 connected with 10.147.17.117 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.2 sec 13.2 MBytes 10.9 Mbits/sec*ZertoTier Network Traceroute
pm7:~# traceroute 10.147.17.117
traceroute to 10.147.17.117 (10.147.17.117), 30 hops max, 60 byte packets
1 10.147.17.117 (10.147.17.117) 105.785 ms 106.404 ms 106.404 mstraceroute between the two external networks
@virt2:~# traceroute ???????.poweredbyclear.com
traceroute to brouter2.poweredbyclear.com (24.166.55.233), 30 hops max, 60 byte packets
1 192.168.4.5 (192.168.4.5) 0.746 ms 1.035 ms 1.341 ms
2 oh-71-51-112-1.dhcp.embarqhsd.net (71.51.112.1) 33.373 ms 35.036 ms 36.967 ms
3 mnfd-agw1.inet.qwest.net (75.160.216.17) 38.446 ms 40.185 ms 42.587 ms
4 chp-brdr-04.inet.qwest.net (67.14.8.238) 66.026 ms 68.712 ms 70.119 ms
5 206.111.2.153.ptr.us.xo.net (206.111.2.153) 70.872 ms 73.320 ms 75.035 ms
6 207.88.15.89.ptr.us.xo.net (207.88.15.89) 77.473 ms 49.607 ms 53.741 ms
7 216.1.94.146 (216.1.94.146) 55.634 ms 57.847 ms 59.770 ms
8 bu-ether39.chcgildt87w-bcr00.tbone.rr.com (66.109.1.67) 68.413 ms bu-ether19.chcgildt87w-bcr00.tbone.rr.com (107.14.17.193) 65.995 ms bu-ether39.chcgildt87w-bcr00.tbone.rr.com (66.109.1.67) 70.655 ms
9 bu-ether11.chctilwc00w-bcr00.tbone.rr.com (66.109.6.21) 72.059 ms 74.765 ms 77.680 ms
10 be1.clmkohpe01r.midwest.rr.com (107.14.19.17) 85.908 ms 89.504 ms be3.clmkohpe01r.midwest.rr.com (107.14.19.61) 90.992 ms
11 be1.pltsohae01r.midwest.rr.com (65.29.1.29) 100.139 ms 102.326 ms 107.417 ms
12 tge9-1.mlbgoh0202h.midwest.rr.com (24.33.101.101) 68.140 ms 67.154 ms 69.541 ms
13 tge18-10.mlbgoh0201m.midwest.rr.com (24.164.100.6) 71.648 ms 74.098 ms 86.917 msSo far nothing I can see should be getting that sort of speed, unless some major compression is happening somewhere. In which case I'm going to shoot for that xrdp setup.
-
@travisdh1 said:
@quicky2g said:
@travisdh1 said:
@dafyre said:
@travisdh1 said:
I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?
If you haven't read up in the FAQ yet, check it out here: https://www.zerotier.com/tech_faq.shtml -- especially the security section.
What kind of use case are you seeing for it?
I've got two locations, one with the worst "high-speed" internet you're likely to find outside of satellite (good riddance to satellite!) 1 vm host and 1 backup target at each location. Ether XenServer or ProxMox running on the servers. I'm thinking I'll be able to manage most things at both sites with a jumpbox vm. Maybe even make xrdp available as well, tho that would be painful with the DSL connection (756kb/250kb actual measured 600kb/300kb.)
ZeroTier must use some kind of compression so might help with your speed issues. I have 5mbps upload at home. Did an upload test with iPerf between my house and my work office and saw 5mbps with Hamachi:
Did the same test with ZeroTier between the same endpoints:
That makes me go "What is going on here, something is not right."
I'm going to tag @adam-ierymenko and see what his take on that is. He's one of the ZT Guys.
-
@dafyre said:
@travisdh1 said:
@quicky2g said:
@travisdh1 said:
@dafyre said:
@travisdh1 said:
I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?
If you haven't read up in the FAQ yet, check it out here: https://www.zerotier.com/tech_faq.shtml -- especially the security section.
What kind of use case are you seeing for it?
I've got two locations, one with the worst "high-speed" internet you're likely to find outside of satellite (good riddance to satellite!) 1 vm host and 1 backup target at each location. Ether XenServer or ProxMox running on the servers. I'm thinking I'll be able to manage most things at both sites with a jumpbox vm. Maybe even make xrdp available as well, tho that would be painful with the DSL connection (756kb/250kb actual measured 600kb/300kb.)
ZeroTier must use some kind of compression so might help with your speed issues. I have 5mbps upload at home. Did an upload test with iPerf between my house and my work office and saw 5mbps with Hamachi:
Did the same test with ZeroTier between the same endpoints:
That makes me go "What is going on here, something is not right."
I'm going to tag @adam-ierymenko and see what his take on that is. He's one of the ZT Guys.
Microsoft's RDP as well as X2Go work great over ZT.
-
I need a distraction from other things I am working on today and I was thinking about trying to stand up a zero tier controller in a VM. Which linux distro should I use?
-
@wrx7m said:
I need a distraction from other things I am working on today and I was thinking about trying to stand up a zero tier connector in a VM. Which linux distro should I use?
Yes, lol.
Pretty much any of them will work. I tend to favor Ubuntu.
-
I want something as bare bones as possible, with as little setup as possible to get to the actual task of zerotier installation and config.
-
@wrx7m said:
I need a distraction from other things I am working on today and I was thinking about trying to stand up a zero tier controller in a VM. Which linux distro should I use?
CentOS, Suse Leap and Ubuntu would be my suggestions.
-
@wrx7m said:
I want something as bare bones as possible, with as little setup as possible to get to the actual task of zerotier installation and config.
All three that I mentioned are extremely lean by default.
-
@scottalanmiller Well I have worked with CentOS and Ubuntu before but not Suse Leap. Hmm. I might try it out.
And when I say worked with, I mean I have setup things like cacti, nagios, openvpn and some others for testing on various distros and versions. Other than that I don't know nearly enough about linux.
-
@wrx7m said:
I need a distraction from other things I am working on today and I was thinking about trying to stand up a zero tier controller in a VM. Which linux distro should I use?
I'm using CentOS 7
-
@wrx7m If you can set up things like Cacti, Nagios, and OpenVPN, you should be able to get ZeroTier up and going without too much of a problem.
Are you going to build your own controller, or use their hosted one (free for up to 10 devices) ?
-
It's really easy to set up and use. It uses sqlite so backups are really easy. You can even just tar the /var/lib/zerotier-one folder.
-
@dafyre I want to build my own controller. That is the point of the "project"
I have tested the hosted one and like the concept. Since the controller can also run the client, can I set it up as a gateway?
-
-
@johnhooks Would tarring the folder be a sufficient backup for the config?
-
@scottalanmiller said:
@wrx7m said:
I need a distraction from other things I am working on today and I was thinking about trying to stand up a zero tier controller in a VM. Which linux distro should I use?
CentOS, Suse Leap and Ubuntu would be my suggestions.
Wasn't too bad on Ubuntu server:
Dependencies for build
sudo apt-get install git make gcc g++ libsqlite3-devFor API and script stuff
sudo apt-get install curl php5-cli php5-curlInstall
git clone https://github.com/zerotier/ZeroTierOne.git cd ZeroTierOne make ZT_ENABLE_NETWORK_CONTROLLER=1 installer sudo ./ZeroTierOneInstaller-linux-x64-1_1_2 sudo service zerotier-one restart -
@wrx7m said:
@johnhooks Would tarring the folder be a sufficient backup for the config?
Yup. At least I haven't had any issues doing it. I've tested it out a few times.
-
I decided to go with Ubuntu mostly because of @quicky2g posting the screen captures
-
