ziti-doc VS wg-easy

OpenZiti vs BoringProxy has some similarities for sure. The simplest OpenZiti deployment is similar to a boring proxy deployment. The main differences will be that the listening ports "on the network" are going to be from the OpenZiti edge-router which will authenticate before allowing any connection using a strong x509 identity (not a token) and then after that the same identity can be authorized to access one or more services. That's one killer difference to me. There are lots of other things OpenZiti is doing that boringproxy isn't trying to as well. I filed an issue to do a comparison to that some day https://github.com/openziti/ziti-doc/issues/176 thanks for the idea! :)

Use our open source solution, OpenZiti, and host/manage it all yourself - https://openziti.github.io/

You can definitely read more about what OpenZiti is over on the docs page if you're looking for more info about the project https://openziti.github.io/

If you're interested in it, you can find it over at github - https://openziti.github.io. It's one more thing to setup and maintain so maybe that's a dealbreaker but since this is selfhosted - maybe not ;)

If you want to go fully open source and self-hosted, use an OpenZiti quickstart - https://openziti.github.io/ - while ignoring steps 1, 2, 3, and 5 ... i.e., step 4 is where you deploy an OpenZiti tunneler on an OpenWRT box.

I not long ago discovered OpenZiti, and to be honest I fell in love with it. I also have a dinamic IP, and I have even some other cases wheren from my place some IoT devices need to find my laptop wherever I may go (I travel a lot).

https://openziti.github.io/ - gives a good intro

More details: What I'm trying to do is setup a Zero Trust Host Access on my Kubernetes cluster using OpenZiti. Ziti has 4 binaries (controller, router, tunneler and admin console), configuring all these to work together is kinda complex, that's why I thought about making custom modules.

Probably overkill for your need, but you can give access to your VM without requiring a bastion or VPN, only outbound ports on a NAT gateway using opensource OpenZiti - https://openziti.github.io/. The user would load a client on their device and get access only the the specific resources you define (IP, DNS, port etc). This also means you don't need to assign the IP of the users home (added benefit they can access when not at home).

Create the identity for the Hosting workstation. You can assign as many attributes as you want. Openziti works with an "attribute-enabled role-based access control (ARBAC) model. So, if you have used hashtags, you’re probably familiarized with it.

After browsing through, I've noticed that three options seem to be gaining traction: Netmaker, wg-easy, and headscale. I'm curious to know if these solutions are interchangeable, and if there are specific reasons to choose one over the others. I'd also like to understand if they are complete stacks, meaning, once set up, could I easily replace one admin GUI with another, or would I need to tear down and rebuild the VPN?

WireGuard is the solution to everything! It has an app and they can easily login via a QR code that you send them. For the server I would recommend wg-easy, there you can manage all user accounts in a web interface.

I use this, https://github.com/WeeJeWel/wg-easy

Dashboard with access to the QR and config files for clients as well as bandwidth data. Even something as simple as wg-easy would be great.

I run wg-easy https://github.com/WeeJeWel/wg-easy for this sort of thing. I use the docker container, and it's great. "Just works".

Also, unrelated, I just decided I don't like the sentiment of "PiMyProjectName" branding. I know most projects don't just run on a Pi, and that the intent is to say "you can self-host thing", but at this point if you want to run a home server sort of thing, just buy some cheap 100-200 dollar minipc thing. That's how much you'd pay for a Pi now anyway, and it comes with such great features as:

* just establishing an ssh connection doesn't take multiple seconds

* the ethernet doesn't go over a usb hub

* it doesn't run on an sd card that is going to fail within a year

I'm pretty dismissive of ARM chips for homelab stuff at this point. There's super cheap minipcs with "real" processors that will just destroy even an expensive ARM board.

Pi's shine with their ability to run both a real/full Linux and also do gpio type stuff that otherwise is usually an arduino board. I don't have anything against low-level programming but damn is it just a lot more fun to do in python. I love the Rpi zero w 2 products for this, just enough juice to run wifi and a python loop, plus the gpio pins. Too bad they've been sold out for literally years.

J'ai installé Wireguard Server sur un VPS en utilisant [https://github.com/weejewel/wg-easy Peer to Peer Ping, mais je ne peux pas ping-ping à des pairs du serveur.

To expand: I'd recommend wireguard it's super easy to run with docker, openvpn is way more annoying to setup The Github page for wg-easy docker image

for wireguard im using wg-easy