Photo by Alina Grubnyak on Unsplash
The VPN epoch is over. Welcome to the 21st century and beyond, of overlay networking (completely owned by you, personal, secure, private & encrypted)
enter the world of zero trust virtual networking @ any scale and @ any place
Youtube and hundreds of websites promote traditional VPN vendors and solutions which are difficult and inconvenient to use and in most cases with subpar performance and capabilities.
With a new breed of VPN service provision, based on zero trust virtual networking protocols, you get a solution which can connect any number of nodes, anywhere on the planet, in a totally transparent mesh network, using the fastest secure connection paths, with minimal compute and network overhead.
The contenders in this race for building the best zero configuration VPN mesh, zero trust networks are, in alphabetical order:
- Nebula - defined.net >>> self-hosted
- Netmaker - netmaker.org & gravitl.com >>> self-hosted & cloud-hosted
- SoftEther VPN - softether.org >>> self-hosted
- Tailscale - tailscale.com >>> cloud-hosted
- Twingate - twingate.com >>> cloud-hosted
- ZeroTier - zerotier.com >>> cloud-hosted
The above should not be confused with the very capable true VPN solutions OpenVPN and Wireguard.
Of the self-hosted solutions, I believe the overall best is Netmaker, while from the cloud-hosted Tailscale is possibly more approachable due to its simplicity. Most of the best mesh VPN solutions use Wireguard as their underlying VPN technology, due to its superior performance.
Netmaker can be installed as a server in a VM or in a Docker container. You should be confident with DNS (coreDNS), databases (rqlite, SQLite, PostgreSQL), web servers & proxies (Caddy, Nginx, Traefik), firewalls and Wireguard to successfully administer and troubleshoot a server instance, otherwise you should opt for a cloud-hosted solution. For HA, Kubernetes deployment is also possible as well as HA VM deployments.
Obviously with a self-hosted solution you are the master of your destiny, however, the cloud-hosted solutions are all highly secure as well, as no sensitive information is stored in the cloud plus all traffic is encrypted (Tailscale especially have fantastic articles online describing the technology). Cloud-hosted for small setups is free, but costs go up for larger setups. Self-hosted solutions are free at any scale, however the true cost is in the administration, especially if things break and someone needs to troubleshoot.
In future posts I will be describing how to install both Netmaker and Tailscale. If you wish to be made aware when new posts are published please consider subscribing to the newsletter service. You only get notified when a new post gets published.
If you know of a provider I missed or you have a comment to make feel free to let me know. Feedback is very welcome.