Comparing Top Overlay VPN Networks: Tailscale, Netbird, Netmaker, Zerotier

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

time here from Lauren systems and we're going to talk about overlay VPN Solutions this is a topic I've been covering on my channel since about 2019 starting with zero tier but I've also covered nebula tail scale and lots of other talks around that topic you'll find a whole list linked down below over in my forums and that's actually we're going to head next in a moment but I want to disclose something right away here up front because this is important to the video this is not sponsored by any of the companies that I have mentioned even though I've interacted with many of them I have no business relationship ship in terms of offer codes affiliate links or any sponsorships this is particularly important because I do have twin gate on the list because people keep asking about it not because I recommend it and they did reach out and ask if I would be interested in sponsorship and I said no and we'll talk about that when we get to the comparison charts because sometimes Solutions are popular because they're good and sometimes Solutions are popular because maybe they're good but they've also spent a lot of money having other YouTube channels promote them I just want to bring it up front that there is no promotion here now I'm going to talk talk about net maker as well briefly because a lot of people have asked about it but the focus today is mostly going to be comparing net bird and tail scale but I'll be talking about how it stands up to the other Solutions as well so let's get [Music] started are you an individual or Forward Thinking company looking for expert assistance with network engineering storage or virtualization projects perhaps you're an internal it team seeking help to proactively manage monitor or secure your systems we offer comprehensive Consulting Services tailored to meet your specific project needs whether you require fully managed or co-managed IT services our experienced team is ready to step in and help we specialize in supporting businesses that need it Administration or it team seeking an extra layer of support to enhance their operations to learn more about any of our services head over to our website and fill out the hire us form at laurren systems.com let us start crafting the perfect it solution for you if you want to show some extra love for our Channel check out our swag store and affiliate links down below that will lead you to discounts and deals for products and services we discuss on this channel with the ad read out of the way let's get you back to the content that you really came here for I want to start by talking briefly how overlay vpns work I have a more in-depth video you'll find Linked In the forums down below overlay vpns require a coordination server to coordinate all the different devices that are attached to them so it can fix figure out where they are it is not dependent on the firewall although some of them do have options as plugins for the firewall and can involve it it is not a necessary piece that the firewalls be involved and the concept is if you have an untrusted Network that you're on but you like to get back to your home office resources or your home network resources all these devices are constantly staying in contact with the coordination server and when the request is made to one of the devices the coordination server will broker that connection the coordination server does not involve itself in anything more than handing the keys between the devices so the devices can hopefully talk to each other but if they cannot talk to each other because of some challenge they've run into it can also act as a relay server some reason the firewall was blocking certain features but still allowing to talk to the coordination server this is important because the differences in some of the tools I'll be talking about is whether or not you get to host the coordination server because whoever hosts a coordination server has to be responsible for the security of it because even though it does not see the data traversing it that is handled by the transport layer security between the devices it does have the ability of course to provision and add more devices to the network and that is a critical feature in why self-hosting is such a popular option and let's dive into which ones do and do not have self-hosting now and that brings us to The Forum post and let's just jump right into tail scale tail scale is wire guard based which is awesome wire guard works really well it's fast it's a well-proven technology in terms of security the transport layer is very very well reviewed and that's why I have that as a category on here tail scale offers open source clients and I think this is great because now you understand what the client does and you can understand how a coordination server is talking to it and what protocols are being used I love the transparency on it so when you load these on your devices you have good visibility into it but the server portion the web management interface of tailscale is not hostable they do not give you any option for that it ties to their server but they are actually nice enough to commit some changes to heads scale which is a third party not at all managed by the people at tail scale option in order to host the server matter of fact they've even made it easy and allow you to in the Android app change the coordination server which is defaults to of course tail scale but they give you an option to point it towards your own server which could be head scale I think that's pretty neat that they have as an option you'll find in this forum post linked a video I did on heads scale their client support is Windows Mac Linux BSD Android iOS anal and my favorite pfSense I like that they have a pfSense plugin built right in this allows you to use your pfSense and do routing on it also you find a video that I have on that topic the next one that I'm pretty impressed with is netb bird also wi Guard base also open source client also has a server open source and completely hostable we'll talk about that more in a moment because I did set up a demo that we'll be doing a little bit further in the video on that Windows Mac Linux Android and iOS the iOS was a very recent release I actually had a conversation with the people who founded nird and I think it's a pretty impressive product I'll be doing a video soon diving deeper into it because they have a new UI they're coming out with and I said well hey as soon as you have that new UI release which is supposed to be later in January of 2024 uh I will also do a video on it because it has dark mode and the current one doesn't but we will show you the UI net maker awesome open source has a video link Down Below on that I think net maker is pretty neat it is wire Guard base open source client open source server hostable but no phone support available and that matters a lot to a lot of people who want to be able to access things on their phone like me this is one of the reasons the top two are on there that just being missing is kind of a non-starter for me also from a standpoint of setup it is substantially more steps to set that up than netb bird or tail scale and that's why I left a link to a video so you can just kind of take a look at it yourself on how they go about that next one down the list a zero tier not wire guard based but a also well vetted protocol uh zero tier has been around a while and we've recommended this clients in the past and we've never had a problem with zero tier just like tail scale we find those two solutions are the most matures they've been around the longest and it is fully open source on the client they have an open source server option but no web UI for it but there is third parties I know working on it but I believe it's all labeled as Alpha but they do support Windows Mac Linux BSD Android iOS and sonology so Zer tier I think still a good solution solution out there the last one on the list is not one I've ever used but since they are shelling out money to YouTubers to do sponsorships they have become a popular Topic in the comments on many of my videos about overlay vpns it is a completely closed Source solution they did reach out to me about doing a video and I looked at it and said there's other good open source Solutions so I didn't want to although I do like sponsorship money I didn't want to take their sponsorship money for a product I just don't really feel I would use or recommend now I don't know anything bad about it but I know it's closed source and I know the other Solutions I mentioned before this one are quite good and quite robust it does have some advantages of having more business integration functionality I did look at their site on that but of course it's a black box in terms of how they actually handle transport layer security they don't give you a ton of details other than TLS Security on there but this is the problem I have when you have a completely close Source client and close Source coordination server I don't have any visibility to validate any of the claims they make I would have to do a lot of reverse engineering and I just don't feel like trying to dig into that product because it's not meant to be peered into it's meant to be close Source Hostess soluion you pay them for maybe I should have taken the money since I've now kind of mentioned them and they now will have more publicity but then again I want my reviews to be from me honest and unbiased as much as anytime money inv involved can change biases or at least what you think of the person on there I wanted to make sure in this video was implicitly clear there is no bias towards any of the products I've mentioned actually I am a little bit biased but it has nothing to do with money it's just how much I like these different Services now I want to focus in here on tail scale and netb bird I've not been using netd but more than a few days to do my testing but I plan to keep continuing the testing because I've been really impressed so far things I want to highlight that they're very similar between them is starting at the way you sign up you can sign up for a free account with no credit card necessary for net bird I actually like that they do have a business option so if you are someone who wants support and would like business level support this also Al helps fund the project that's great it starts at $5 a month but you get aund machines which is great for homb people who want to start it out for free and of course tail scale has a similar offering you get aund devices for free they call them devices not machines but the same concept and that also does not require a credit card to sign up and start using tail scale so both of them start they're very similar they both have similar DNS peer-to-peer connections they even both do split DNS and Route advertisement so one device can act as a route advertisement to allow non overlay devices to be added and actually push those routes so other devices can get to them now they both have ACL management and let's go into the interfaces to talk about the differences between the ACL management because this is where things start to Veer off now this is what the ACL system looks like on tail scale I don't think it's too difficult they have good documentation but some users may find this a little bit daunting they have a much more simplistic approach of course not all the same features but a simple interface for ADD adding rules Now the default rule for both tail scale and net bird is the same where it allows all traffic to pass but then you can add rules and you can add your groups so if we have the all groups which are just the groups I have in here right now and I want to call this 443 Rule and we want to say we want TCP Port 443 and create Rule now we have a rule that allows TCP 443 to talk between there and we can disable the default rule to stop the allow all to talk is start being implicit about each of our rules and buildout groups little bit more simplistic not quite as many features as tail scale has but nonetheless this might be easier for some users or might be enough for what you need to get done now one thing I did not see an equivalent of in netb bird is the ability to advertise as an exit node this is a feature by which the other devices that are attached to your mesh Network can actually exit through that Network essentially creating a full tunnel Network so I can take my phone and when I'm remote but want it to exit through the IP address of my pfSense I can use this as an exit Noe as an option or even my laptop I can just say hey I would prefer all the tunnel go through this and then out this network as opposed to the default split tunnel way that it normally operates but that brings us next to the killer feature that nird has and that's being able to self host from netb bird their entire management interface matter of fact the management interface I was loging to was mine from the self-hosted setup it is the same interface whether you get the free tier account the paid account or this account now there's a couple different varied extra features they have with some of their paid tiers in terms of other identity providers being integrated but you can integrate those yourself if you want other identity provisioning on there it's just by default only going to come with zadel integration and that's how you set it up I won't get too much into that until I do the later video but it's all well laid out here and I would say absolutely they're not lying about this self-hosting in under 5 minutes uh go right down here to the command and it's extremely simple this is all I had to do was set this up I loaded Debian I made sure it had a public IP address I made sure DNS was working then you type in from The Bash command line export whatever the DNS entry is for that and it kicks off this script it is that simple they do have a full detail if you want to manually set it up but if you want five minutes set up and don't have to read through a lot of commands copy paste this and make sure your DNS works and it instantly sets this up and has the interface up running just like they said in under 5 minutes even faster if you've already downloaded and pulled all the docker images down that actually I think is what took the longest to setting this up because once the docker images are pulled it creates an admin account it gives you the information right on the screen for you to log in and if you goof up like I did the first time and accidentally delete the password it gives you it's actually really easy to delete that and start over just let it redo it again and it doesn't have to pull the docker image the second time so it stands up and even under I would say less than a minute if you have a fast machine machine I was really impressed with all the testing I've done though it's only been a few days with Neer but they're really based on some tried andrue Technologies and I think it's a pretty solid option I do plan to keep testing it until their new version comes out then I'll do the video because it's supposed to land here later in January of 2024 and my interaction so far has been really good with the founders I actually had some questions back and forth with them and uh they're on a good road map with this just the fact that they are the ones providing this whole interface so you can manage it yourself makes it a really PR in and really exciting project leave your thoughts and comments down below about which ones you like I'm always curious always interested in hearing from you let me know if there's one of them I missed that I should be covering and adding to my list here definitely uh that's how I discovered this one itself was several people reaching out to me and saying Tom have you heard of netb bird and I hadn't but I'm really thankful for all the people that had mentioned it because uh this could possibly replace tail scale I think it's definitely a compelling option and maybe one day I hope they have APF sense feature cuz that would be really cool like And subscribe if you want to see more content from this channel head over my forums where you'll find this entire list on there and you can add to the conversation a more in-depth way than you can in YouTube comments so forums. laoren systems.com and like And subscribe to see more content from this Channel all right and [Music] thanks [Music]

Info

Channel: Lawrence Systems

Views: 19,464

Rating: undefined out of 5

Keywords: LawrenceSystems, tailscale vpn, open source, wireguard vpn, overlay network, vpn alternative, what is overlay network, secure remote access, tailscale pfsense, remote access, tailscale vs zerotier, tailscale vpn exit node, tailscale vpn pfsense

Id: eCXl09h7lqo

Channel Id: undefined

Length: 14min 35sec (875 seconds)

Published: Thu Dec 28 2023