thank you for the great video. I used Tailscale in the past but switched to Netbird for many reasons. You already mentioned a lot already. For me there is one killa-feature and that is, that the company behind NetBird a German company so they have to stick to the GDPR. I love it!
I had tried getting started with tailscale/headscale combo always ended up running into issue, I tried netbird and it instantly worked, with netbird since then
Opened this video exactly because I was made aware of Twingate, but the content I find is sponsored. Will be trying netbird, seems really easy to get things done and should be enough for my needs
Timely vid! I've dabbled with Tailscale, primarily because they have a good Terraform module, but I have yet to actually do stuff with this other than testing accessing my home setup from the office. Will check out alternatives.
Tailscale with headscale as coordination server works very well for me. I would like to test netbird but currently it lacks some features that are important for me. E.g. exit nodes (will be available in march) and dual stack networking with IPv4 and IPv6. These features are already running fine with Tailscale and headscale. GoodiesHQ is currently working on an ACL UI Builder which will be integrated into the open source Admin-UI. Interesting times to come :)
My only issue with Tailscale is the ACL syntax isn’t clear from the documentation. The default is a permit any which isn’t great and it doesn’t integrate with firewall rules in pfsense the way ZeroTier does with opnsense. I’m not writing json rules for ACL…there needs to be a better way to do it and clearer documentation
I use ZeroTier for everything network myself. So amazing! People just need to be more willing to learn. OpenWRT does firewalling really good in a GUI where I configure my ZeroTier.
I've been using Tailscale for a while. Their ACL syntax does require a bit getting used to but does the job really well. But their error messages when I mess up could be better. But after this video, Netbird peaked my intrest. I might try it with a test environment sometime.
very very nice disclosure at beginning. no sponsor here. by the way, nothings bad about sponsorship, I trust some youtubers and also with sponsor it's ok, but knowing before is a great choice. Thanks, now I can ssee the rest of the video.
is the "Exit Node" feature on the roadmap in Netbird ? I think that is a very important feature to have, or at least its a more common usecase. hopefully it is, because netbird looks very promising.
@@majorgear1021Exit node allows you to route out of your overlay network making it an actual tunnel network. Without the exit node you could still VPN to get access to your internal resources but you would exit locally depending on where your device is located.
Thanks for the video. Would really like to see a performance test comparing Tailscale and Netbird in terms of throughput and LATENCY. Everyon tests throughput, but for some reason you rarely see latency info included. Edit: Netmaker has phone apps for iOS and Android now.
good timing. I'm a newbie to networking and just put express VPN configuration files on my Beryl Travel Router using OpenVPN. It was super easy. Not sure if this is related or not, but thought it was cool to be able to do that.
Zerotier here is the only option here that allows you to self host your controller without having a public IP address, even behind CG NAT. The "coordination" layer is split into routing and a controller. The routing handles connecting the nodes, and the controller (which counts as another node) authorizes nodes into the network, meaning that you don't have to give them the power of managing your network, just self host your controller and let them do the routing for you. The whole architecture is pretty well though out. Also there's a self hosted controller web GUI called ztnet that recently popped up, it looks pretty modern and has a lot of features.
You could use Headscale with the upstream Tailscale DERP relays, which is just about the same as using ZeroTier’s roots while using your own controller. ZeroTier kept disconnecting and crashing on both iOS and Android (doing a speedtest, the VPN literally disconnects mid test and requires a reconnect, which suggests it crashed), which is a shame because I wanted to use it for L2.
@@ReturnJJ Thanks for correcting me! I wasn't aware of the DERP thing. Is that relatively new? Back when Headscale came out I did some research to switch but I wasn't able to find an alternative to the whole controller-roots paradigm.
I haven't found anything similar to ZeroTier's 6PLANE addressing for container based routing. It's especially useful as it makes use of IPv6 NDP emulation for finding the shortest route between container. I haven't found any Wireguard-based solution similar yet, but I guess it would not be as seamless as zerotier automatic adressing
Would love to see NordVPNs meshnet in vids like this, I’ve been using it for a while now and have no complaints, super easy to setup and get going on all platforms including Linux/CLI.
I've been a happy Tailscale user for quite some time, and have considered going the Headscale route. However, I may well give Netbird a try. (That's what homelabs are for, right?)
Is there any guidance on the horsepower required for the machines doing the wireguard encryption / decryption to ensure that this does not limit transfer rates.
Wireguard's overhead is effectively non-existent. I have a Raspberry Pi running as a Wireguard server at home and you can't tell any difference between the VPN being on or off. Any overhead will be unrelated to Wireguard itself and how Wireguard is implemented. For example Tailscale does some really weird things with it for NAT traversal which does slow it down a little.
Apparently NetBird will receive exit node functionality in March 2024. Also, for NetMaker you can use Ingress Gateway nodes to allow any Wireguard capable device (e.g. smartphones) to connect to the network.
Yes, it makes sense now. Managing servers in three locations and needing to constantly switch my WireGuard connection and only work with one location at a time is very frustrating.
actually running it myself and loving netbird but i had 2 issues which is now 1 issue and you share the same is that that need to have an option for exit node
Nebula could be mentioned as well, it's what i personally use as it's very easy to setup and provision new clients, it's only available as selfhosted and it's fully open source. Plus the fault us deny all and you allow the port/protocol/host that will have access and the lighthouse/manager node can be more that one, providing grrat availability.
There is not much info about Nebula but definitely for me has been the hardest to setup an the reliability was poor under OpenWrt because always ended with errors about MTU and dropped connections not matters what I configured under config.yml or yaml. Maybe the project is now enhanced
Only issue I have with Tailscale is on a mobile device...when moving between Cellular and WiFi sometimes traffic does not move through Tailscale until one stops and restarts the Tailscale client. Easy enough to do but annoying. Would be great if Tailscale client would deactivate in known WiFi SSIDs and reactivate when moving to unknown WiFi SSIDs or cellular. When doing an internet search this has been mentioned multiple times by users.
Thanks for the video. Kinda missed some talking points about integrating OPNSense. And also wanted to ask is there any reason you use the google chrome browser on your Linux machine?
Great video again. They seem to be good tools. As a noob, why do I as a home user want to use these over say a Wireguard VPN included in some modem/routers like a Fritzbox? It is fast and pretty easy to setup.
Using these tool is mostly about removing the configuration/maintanence parts and controlling access. E.g., you won't need to manually distribute WireGuard keys with let's say NetBird.
Thanks so much for this video! I'm really excited about netbird, as I haven't seen yet an open source solution which you can easily self host. I just wonder what security aspects you got to look out for, such as separating directories of the DB files and the web server fikes etc. looking forward to Your video about netbird!! Shame is, that zerotier and any other wire guard based solution, doesn't work great.... Tinkered a lot with excluding IP ranges from zerotier, but still doesn't seem to work alongside.....
Hey.. thanks for a great video.. Very good comparison and details of the options. I wanted to ask a question... I have a VPN esque setup with Twingate at the moment and it works well. However, it doesn't and seems it can't do on thing I'd like for it to do.. Use my private DNS on my local network instead of using my provider (cell/remote wifi) DNS. I'd like for it to block ads but also appear as if I'm using my home IP rather than somewhere else. Thanks in advance for your time.
Great video I have created a small gateway with dpdk, vpp and use zerotier to route over it. Runs 100% line rate locally and maxs out the internet with little cpu use. Also makes my security bulletproof. I will add ipv6 as a next step.
Does the netbird self host call home? It's a paid service, so I don't see how they would control usage if it doesn't call home. If it does call home, then that mostly defeats the purpose of self hosting, which is to not have your infrastructure rely on a 3rd party.
Can you compare speed on each? I looked at netbird but was turned off by the fact you have to have an account for the self hosted option. Do you what data they collect when you self host?
There is no need for an account when self hosting NetBird. We collect anonymized stats about the control server installation, e.g., number of peers. But you can easily opt out from this when running the NetBird server on your
It can't use the kernel module so it hasn't, but it's still probably the fastest overlay network I've used. I've used NFS via Tailscale and as long as my laptop is on a good connection it's relatively pain free.
@@antikommunistischaktion Agreed. Performance has never been a problem with Tailscale for me. I have a self-hosted Jellyfin instance that I can reach from anywhere using my laptop or tablet which has been a life saver when traveling and/or staying over a relative's house for a couple of days and that worked well even on saturated public networks. It did stutter and had to buffer a little bit every now and then which forced me to transcode to 720p on the latter case but it worked surprisingly well considering the limitations. Much better than I expected.
Tailscale works great for my needs, its was super easy, even for me, to setup (most this command prompt stuff gives me a headache) and it just Works !! Just tunneled in checked up on my server from my phone while at the beach!! Would be nice if they made a Core plugin too though! as sometimes i dont have both NAS' turned on, and can only tunnel in if scale nas is on
In the review there is mention of BSD support. I’m also a GUI guy, not brave enough to try stuff that requires significant CL interface. I run an Ubuntu VM on my TrueNAS Core with Tailscale and use it to provide access to other services on the TrueNAS server
@@DaveHart-G yeh, i have seen people do custom jails with it in, using scripts etc, so it is possible but id prefer plug in. Running it from my VM could work though, thats good idea !! Can it still become the exit node, and give u access to rest of your network?
Though tailscale (hosted by them) has a bunch of convenient features such as Tailscale SSH, taildrop and funnels. And for the most part, I think trusting that the coordination server hasn't been compromised is what tailnet lock is supposed to be for? According to them anyway. (I've actually integrated tailscale into my home network with full subnet routing and everything.)
@LAWRENCESYSTEMS tailnet lock? I've had it enabled since they introduced it. They've improved the ux for signing new nodes since then. Now you can click a button in the admin panel that will open the deaktop client /mobile app to prompt you to sign nodes. Not sure if they've addressed that one ux issue regarding shared nodes and tailnet lock though. (Nodes accessing your shared nodes need to have their keys signed too, it was missing ux, not sure if its changed though.)
I'd like (another) video comparing VPN and Network Overlays. My concern has been the need for Multiple Authentication methods which is fine in VPNs (eg either certificate + user creds or user creds + OTP), but network overlays seem to only be certificates which has been why I haven't taken them up. My use case involves an AD environment with remote users changing passwords and computer policies that run prior to users logging in.
My experience with Tailscale: works fine with one user, but I tried adding someone else as a user and couldn't figure out why it didn't work even with expiration turned off on everything.
I’ve had some performance issues with CF Tunnels. Trying to view my surveillance cameras, the speed is much slower, with buffering, compared to direct WireGuard VPN and the user agreement states streaming video is prohibited. I will be testing Tail/Headscale and NetBird to get around this limitation.
Your channel is nice and informative, but your pfsense bias it's doing a disservice to other possibly better options, like OPNsense, specially if you care for the morality of the devs or vendors.
He’s gone over it many times before. Because opnsense is downstream, they don’t fix bugs or contribute code. So vulnerabilities take considerably longer to be patched. The support contracts are also sub-optimal when compared with the netgate equivalent.
poorly carried out, biased towards pfsense omitting that zerotier also does have an opnsense plugin. also not really showing all mentioned solutions equally. barely a real comparison. sorry, I've seen better, less biased vids from you tom.
thank you for the great video. I used Tailscale in the past but switched to Netbird for many reasons. You already mentioned a lot already. For me there is one killa-feature and that is, that the company behind NetBird a German company so they have to stick to the GDPR. I love it!
I had tried getting started with tailscale/headscale combo always ended up running into issue, I tried netbird and it instantly worked, with netbird since then
मला पण सांगशील का मित्रा कसे setup केलेस? @@prakashpoudele
Been running netbird from v0.6.0 and it’s great it’s come along way and it’s been extremely stable, the addition of IOS and Android has been amazing
Thank you for the kind words from the NetBird team :)
@@netbirdio I really like your product, but there is no exit node
When it is ?
Opened this video exactly because I was made aware of Twingate, but the content I find is sponsored. Will be trying netbird, seems really easy to get things done and should be enough for my needs
Timely vid! I've dabbled with Tailscale, primarily because they have a good Terraform module, but I have yet to actually do stuff with this other than testing accessing my home setup from the office. Will check out alternatives.
I use both zerotier and tailscale on same machines. They work together! zerotier and tailscale also work on my openwrt router
Why?
Yeah, why?
Thanks for the demo and info. I am using Twingate, but will try Netbird. Have a great day
Thank you from the NetBird team :)
Tailscale with headscale as coordination server works very well for me. I would like to test netbird but currently it lacks some features that are important for me. E.g. exit nodes (will be available in march) and dual stack networking with IPv4 and IPv6. These features are already running fine with Tailscale and headscale. GoodiesHQ is currently working on an ACL UI Builder which will be integrated into the open source Admin-UI. Interesting times to come :)
Totally appreciate your channel!
Glad you enjoy it!
My only issue with Tailscale is the ACL syntax isn’t clear from the documentation. The default is a permit any which isn’t great and it doesn’t integrate with firewall rules in pfsense the way ZeroTier does with opnsense.
I’m not writing json rules for ACL…there needs to be a better way to do it and clearer documentation
Thank you and I agree 100%. TS needs a better and clearer way to define rules and ACLs beyond JSON - we’re not all developers.
I use ZeroTier for everything network myself. So amazing! People just need to be more willing to learn. OpenWRT does firewalling really good in a GUI where I configure my ZeroTier.
ZeroTier is also available for ASUStor NAS devices, OPNsense, and even some retro gaming handheld custom firmwares like ArkOS.
He knows but intentionally did not mention to show pfsense in good light
@@pankaj2106 Wow
I've been using Tailscale for a while. Their ACL syntax does require a bit getting used to but does the job really well. But their error messages when I mess up could be better. But after this video, Netbird peaked my intrest. I might try it with a test environment sometime.
very very nice disclosure at beginning. no sponsor here. by the way, nothings bad about sponsorship, I trust some youtubers and also with sponsor it's ok, but knowing before is a great choice.
Thanks, now I can ssee the rest of the video.
is the "Exit Node" feature on the roadmap in Netbird ? I think that is a very important feature to have, or at least its a more common usecase. hopefully it is, because netbird looks very promising.
Agree. Exit node is the killer feature that would keep me from trying Netbird.
We will deliver this! Thank you for pointing this out
What is the use case for an exit node?
I’m looking at self hosted VPN to access my home network from public networks.
@@netbirdioDo you have an issue on GitHub to follow this?
@@majorgear1021Exit node allows you to route out of your overlay network making it an actual tunnel network. Without the exit node you could still VPN to get access to your internal resources but you would exit locally depending on where your device is located.
Thank you for the transparency about twingate. Instant sub.
Thanks for this! Awesome explanation as always
Thanks for the video. Would really like to see a performance test comparing Tailscale and Netbird in terms of throughput and LATENCY. Everyon tests throughput, but for some reason you rarely see latency info included. Edit: Netmaker has phone apps for iOS and Android now.
good timing. I'm a newbie to networking and just put express VPN configuration files on my Beryl Travel Router using OpenVPN. It was super easy. Not sure if this is related or not, but thought it was cool to be able to do that.
Would love to see a follow up to this of the performance of these networks. simple speed tests even.
Zerotier here is the only option here that allows you to self host your controller without having a public IP address, even behind CG NAT.
The "coordination" layer is split into routing and a controller. The routing handles connecting the nodes, and the controller (which counts as another node) authorizes nodes into the network, meaning that you don't have to give them the power of managing your network, just self host your controller and let them do the routing for you. The whole architecture is pretty well though out.
Also there's a self hosted controller web GUI called ztnet that recently popped up, it looks pretty modern and has a lot of features.
You could use Headscale with the upstream Tailscale DERP relays, which is just about the same as using ZeroTier’s roots while using your own controller.
ZeroTier kept disconnecting and crashing on both iOS and Android (doing a speedtest, the VPN literally disconnects mid test and requires a reconnect, which suggests it crashed), which is a shame because I wanted to use it for L2.
@@ReturnJJ Thanks for correcting me! I wasn't aware of the DERP thing. Is that relatively new? Back when Headscale came out I did some research to switch but I wasn't able to find an alternative to the whole controller-roots paradigm.
Sounds great. I’m trying Netbird first, thought.
I haven't found anything similar to ZeroTier's 6PLANE addressing for container based routing. It's especially useful as it makes use of IPv6 NDP emulation for finding the shortest route between container.
I haven't found any Wireguard-based solution similar yet, but I guess it would not be as seamless as zerotier automatic adressing
j'apprécie votre indépendance
Would love to see NordVPNs meshnet in vids like this, I’ve been using it for a while now and have no complaints, super easy to setup and get going on all platforms including Linux/CLI.
I've been a happy Tailscale user for quite some time, and have considered going the Headscale route. However, I may well give Netbird a try. (That's what homelabs are for, right?)
ZeroTier *does* have a 3rd-party open-source web UI called "ZeroUI".
I haven't touch the ZeroTier website web UI in over a year.
I use it too.
You might want to test ztnet web ui.
Is there any guidance on the horsepower required for the machines doing the wireguard encryption / decryption to ensure that this does not limit transfer rates.
Wireguard's overhead is effectively non-existent. I have a Raspberry Pi running as a Wireguard server at home and you can't tell any difference between the VPN being on or off.
Any overhead will be unrelated to Wireguard itself and how Wireguard is implemented. For example Tailscale does some really weird things with it for NAT traversal which does slow it down a little.
@@antikommunistischaktionthanks for the comparison. Sounds like a case for point-to-point wireguard VPN for large file transfers
Exit node is possible on netbird on with Linux os right now
Apparently NetBird will receive exit node functionality in March 2024. Also, for NetMaker you can use Ingress Gateway nodes to allow any Wireguard capable device (e.g. smartphones) to connect to the network.
Curious as homelaber , running pfsense+WireGuard, when would it make sense to use netbird?
if you have more devices at more locations that all need to be connected .
Yes, it makes sense now. Managing servers in three locations and needing to constantly switch my WireGuard connection and only work with one location at a time is very frustrating.
actually running it myself and loving netbird but i had 2 issues which is now 1 issue and you share the same is that that need to have an option for exit node
We will deliver this feature! Thank you for the feedback
Nebula could be mentioned as well, it's what i personally use as it's very easy to setup and provision new clients, it's only available as selfhosted and it's fully open source.
Plus the fault us deny all and you allow the port/protocol/host that will have access and the lighthouse/manager node can be more that one, providing grrat availability.
I forgot to add it to the list, but it's mentioned verbally in the beginning and my video on it is in the forum post.
Defined Networking now offers a non-selfhosted Nebula service, but doesn't seem to have open source clients (dnclient).
There is not much info about Nebula but definitely for me has been the hardest to setup an the reliability was poor under OpenWrt because always ended with errors about MTU and dropped connections not matters what I configured under config.yml or yaml. Maybe the project is now enhanced
Only issue I have with Tailscale is on a mobile device...when moving between Cellular and WiFi sometimes traffic does not move through Tailscale until one stops and restarts the Tailscale client. Easy enough to do but annoying. Would be great if Tailscale client would deactivate in known WiFi SSIDs and reactivate when moving to unknown WiFi SSIDs or cellular. When doing an internet search this has been mentioned multiple times by users.
ok so which one would work best in a self hosted game server?
Nice vid, I used to use R-Admin VPN, which was great for lan gaming over the internet. No Linux client tho 😞
Thanks for the video. Kinda missed some talking points about integrating OPNSense. And also wanted to ask is there any reason you use the google chrome browser on your Linux machine?
OPNSense is slow on security so I don't recommend it lawrence.video/opnsense and I use Chrome for business and Firefox for personal
@@LAWRENCESYSTEMSyou mean opnsense doesn't pay you ... got it
Great video again. They seem to be good tools. As a noob, why do I as a home user want to use these over say a Wireguard VPN included in some modem/routers like a Fritzbox? It is fast and pretty easy to setup.
If what you have works for you, keep doing it.
Using these tool is mostly about removing the configuration/maintanence parts and controlling access. E.g., you won't need to manually distribute WireGuard keys with let's say NetBird.
Thanks so much for this video! I'm really excited about netbird, as I haven't seen yet an open source solution which you can easily self host. I just wonder what security aspects you got to look out for, such as separating directories of the DB files and the web server fikes etc. looking forward to Your video about netbird!! Shame is, that zerotier and any other wire guard based solution, doesn't work great.... Tinkered a lot with excluding IP ranges from zerotier, but still doesn't seem to work alongside.....
Nice video!
How do you see this in the context of the commercial environment where site to site VPN / IPSec is still the standard ?
It's becoming very popular with companies due to the added individual controls.
Hey.. thanks for a great video.. Very good comparison and details of the options. I wanted to ask a question... I have a VPN esque setup with Twingate at the moment and it works well. However, it doesn't and seems it can't do on thing I'd like for it to do.. Use my private DNS on my local network instead of using my provider (cell/remote wifi) DNS. I'd like for it to block ads but also appear as if I'm using my home IP rather than somewhere else. Thanks in advance for your time.
If you are using Tailscale with pfsense you can choose your pfsense as an exit node.
Does any of those services offer MDNS? I tried Tailscale and it doesn‘t, unfortunately.
Hey do you know if Tailscale is also available for opensence?
Netbird's Android app is a little buggy (from my experience prior to Aug 2023). But it works and is cool.
I'd like to see a Twingate review.
Network Chuck did a sponsored video on it ua-cam.com/video/IYmXPF3XUwo/v-deo.htmlsi=_qkDhCqpuO7iGRVZ
Great video I have created a small gateway with dpdk, vpp and use zerotier to route over it. Runs 100% line rate locally and maxs out the internet with little cpu use. Also makes my security bulletproof. I will add ipv6 as a next step.
Does the netbird self host call home? It's a paid service, so I don't see how they would control usage if it doesn't call home. If it does call home, then that mostly defeats the purpose of self hosting, which is to not have your infrastructure rely on a 3rd party.
No, Netbird can be hosted on your own infrastructure for free and the only call backs it does are for updates.
Can you compare speed on each? I looked at netbird but was turned off by the fact you have to have an account for the self hosted option. Do you what data they collect when you self host?
You DO NOT need an account to self host Netbird.
There is no need for an account when self hosting NetBird.
We collect anonymized stats about the control server installation, e.g., number of peers. But you can easily opt out from this when running the NetBird server on your
What is the IPv6-support situation with Tailscale/Netbird?
Tailscale supports IPv6 seamlessly. I'm running in on several hosts which are IPv6-only and it works fine.
can you make a video to explain how can I controle the traffic over my proxy server which people are connected to via SSH please
has tailsacle + headscale gotten closer to raw wireguard performance. last I looked it wasnt worth it
It can't use the kernel module so it hasn't, but it's still probably the fastest overlay network I've used. I've used NFS via Tailscale and as long as my laptop is on a good connection it's relatively pain free.
@@antikommunistischaktion Agreed. Performance has never been a problem with Tailscale for me. I have a self-hosted Jellyfin instance that I can reach from anywhere using my laptop or tablet which has been a life saver when traveling and/or staying over a relative's house for a couple of days and that worked well even on saturated public networks. It did stutter and had to buffer a little bit every now and then which forced me to transcode to 720p on the latter case but it worked surprisingly well considering the limitations. Much better than I expected.
Wouldn't consider netmaker as a stable product. It struggles with NAT traversal, broken GUI in windows and the web interface had a lot of bugs.
Tailscale works great for my needs, its was super easy, even for me, to setup (most this command prompt stuff gives me a headache) and it just Works !! Just tunneled in checked up on my server from my phone while at the beach!! Would be nice if they made a Core plugin too though! as sometimes i dont have both NAS' turned on, and can only tunnel in if scale nas is on
In the review there is mention of BSD support. I’m also a GUI guy, not brave enough to try stuff that requires significant CL interface.
I run an Ubuntu VM on my TrueNAS Core with Tailscale and use it to provide access to other services on the TrueNAS server
@@DaveHart-G yeh, i have seen people do custom jails with it in, using scripts etc, so it is possible but id prefer plug in. Running it from my VM could work though, thats good idea !! Can it still become the exit node, and give u access to rest of your network?
What we need are VLESS Reality based mesh network solutions
Though tailscale (hosted by them) has a bunch of convenient features such as Tailscale SSH, taildrop and funnels.
And for the most part, I think trusting that the coordination server hasn't been compromised is what tailnet lock is supposed to be for? According to them anyway.
(I've actually integrated tailscale into my home network with full subnet routing and everything.)
It's a new beta feature but looks promising.
@LAWRENCESYSTEMS tailnet lock?
I've had it enabled since they introduced it. They've improved the ux for signing new nodes since then. Now you can click a button in the admin panel that will open the deaktop client /mobile app to prompt you to sign nodes.
Not sure if they've addressed that one ux issue regarding shared nodes and tailnet lock though. (Nodes accessing your shared nodes need to have their keys signed too, it was missing ux, not sure if its changed though.)
ZeroTier has plugin for Mikrotik routers
I'd like (another) video comparing VPN and Network Overlays. My concern has been the need for Multiple Authentication methods which is fine in VPNs (eg either certificate + user creds or user creds + OTP), but network overlays seem to only be certificates which has been why I haven't taken them up.
My use case involves an AD environment with remote users changing passwords and computer policies that run prior to users logging in.
Tailscale adds features at a very fast pace and this looks to me like a security problem.
Not if they are doing it right.
My experience with Tailscale: works fine with one user, but I tried adding someone else as a user and couldn't figure out why it didn't work even with expiration turned off on everything.
looks pretty much like cloudflare tunnels to me.. haven't found any comparison to tailscale and cloudflare tunnels so far.
I’ve had some performance issues with CF Tunnels. Trying to view my surveillance cameras, the speed is much slower, with buffering, compared to direct WireGuard VPN and the user agreement states streaming video is prohibited. I will be testing Tail/Headscale and NetBird to get around this limitation.
netbird ftw
Why didn't you just do a 360° rotation ok the first pilar to have the ladder under the non damaged part of the bridge?
Who's Lawrence?
I am not clever at coming up with company names so I used my last name as my company name, hence Lawrence Systems.
Zerotier has a opnsense module
This guy has a huge hate boner for Opnsense
how can netbird cost 5$/user/month if I am selfhosting it? Or is this the "not selfhosted" version?
Self hosted is free
Netbird sounds very promised.
Your channel is nice and informative, but your pfsense bias it's doing a disservice to other possibly better options, like OPNsense, specially if you care for the morality of the devs or vendors.
Netgate has bad morals?
@@PhrozenNlolololol
He’s gone over it many times before. Because opnsense is downstream, they don’t fix bugs or contribute code. So vulnerabilities take considerably longer to be patched. The support contracts are also sub-optimal when compared with the netgate equivalent.
@@xbhollandx Yep. One of the MAIN reasons why I am still using pfsense. Security is more important than features.
@@xbhollandx Opnsense is not downstream of pfsense. It's a fork. And do you have any evidence to back claims about vuln patch cycle times?
first
waiting for self hosted netbird setup and explanation
poorly carried out, biased towards pfsense omitting that zerotier also does have an opnsense plugin. also not really showing all mentioned solutions equally. barely a real comparison. sorry, I've seen better, less biased vids from you tom.
Yes, you can tell who is he "favoring".