-
ziti
The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti
secured at the endpoints yes... I would argue you can go one step further, doing it at the application level. This is what we built (and open sourced) with OpenZiti (https://openziti.io/), the ability to embed an overlay network, built on zero trust and deny by default principles, directly into the app as part of the SDLC.
If you do this, your application has no listening ports on the WAN, LAN, or host OS network and thus cannot be attacked from the external network/IP.
The asymmetry of risk now favours the defender, not attacker. Oh, plus we also have pre-built tunnelers for endpoints if you cannot do app embedded.
-
InfluxDB
Purpose built for real-time analytics at any scale. InfluxDB Platform is powered by columnar analytics, optimized for cost-efficient storage, and built with open data standards.
-
One of the lead devs is even paid by Tailscale to work on it, IIRC.
I run it for my personal self-hosted infra, and it works really well. Setting a custom control server URL is relatively easy (at least on Windows and Android which I use).
I use taildrop, I serve docker containers to the tailnet, etc. headscale works really well and is worth a go.
1: https://github.com/juanfont/headscale
-
-
True, but you can make a L2 mesh network with a bunch of WG endpoints with tools built into the linux networking stack easily:
https://gitlab.com/NickCao/RAIT
https://github.com/m13253/VxWireguard-Generator
-
True, but you can make a L2 mesh network with a bunch of WG endpoints with tools built into the linux networking stack easily:
https://gitlab.com/NickCao/RAIT
https://github.com/m13253/VxWireguard-Generator
-
Looks like it's due to this: https://github.com/tailscale/tailscale/issues/6999#issuecomm...
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
sshuttle
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
Hopefully referring to the (excellent) sshuttle:
https://github.com/sshuttle/sshuttle
... which allows you to turn any system you have an ssh login on into a VPN endpoint.
-
NetBird is a promising option. OpenZiti is another. ZeroTier hasn't evolved much, IMHO. Would also love to see someone breathe new life into https://github.com/omniedgeio/omniedge
-
-
netbird
Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
Or https://netbird.io which is open-source. You can host the coordination server too :)