One of my favorites.

Also softether is extremely underrated for what it can do.

Usually most VPN tunnels use 1 connection, softether can use 16... So for overseas where you tend to see slow single connection throughout, this can be a game changer. Also its backed by a great University.

Just putting these two out there.

Meshbird project (golang) is also very interesting but not production ready.

SoftEther is an impressive product, but I can't tell if it's ever received a security audit.

Also, I'm a weirdo and run a fair number of services at home with AD authentication. SoftEther has AD support native in the Windows server, which is great, but as far as I can tell there's no way to add two-factor auth.

I also use zerotier, I especially like the very very easy usage.

I don't understand your use-case. Is Steam banned in certain countries?

Also isn't the added lag of a VPN not ideal for playing games?

Like other people answered I am connecting from my Macbook to my Windows gaming PC at home and play games on it. This feature is called 'Steam In-Home Streaming' and it works only over local network (or VPN in my case). 30Mbit is sufficient to remotely play at full HD.

It doesn't seem like exactly what OP is describing, but people buy cheap region-locked licenses to arbitrage different geographic pricing (i.e., it may be cheaper to buy a steam key in eastern Europe than in the US), and then activate the games over a VPN in the original region.

Most big companies will check the PayPal recipient address for country match (yes even for virtual), or an CC avs address match for country, or card BIN lookup. Spotify, Netflix, etc. This is often for compliance, for example VAT collection in EU, or license rights affected by geography. IP Geo is meh, I'd even prioritize your Accept header locale over that.

3rd party resellers in-country facilitate this and take a cut.

i'm not the person you've responded to but i can think of several reasons to use zero tier for gaming:

* gaming hardware is at home and you're playing on a mobile device

* region locked games. there are quite a few on steam.

* LAN games that you wish to play with friends

ZeroTier is actually peer-to-peer, so the added lag isn't as bad as with other vpn solutes such as openvpn

People rent monster GPU VPSs by the hour and play over remote desktop or whatever

You could also use Nvidia Geforce Now. Works quite well.

We have been using tinc in our network appliance since 2012, but early 2015 we moved to zerotier because it's so much simpler and versatile.

Interested to hear more about your use case and why you moved from tinc to zt. Are you usually deployed behind a NAT? Do you use ZT's servers?

It is used in the VoIP market. Always behind NAT, yes. We found zerotier much easier to manage, for example it's so quick for support to join/leave networks.

Another use case is our Docker Swarm which runs completely on zerotier, most nodes are on premise but some are in the cloud to make the system publicly accessible.

To me the best feature is the easy setup.

I also use zerotier. Is there an advantage to Tinc?

Every other VPN is different from ZeroTier. I would say a large additional job of ZeroTier is direct connection facilitation between two endpoints rather than route all traffic through a server.

If you have two computers behind NAT, the ZeroTier will help you punch through your NAT and let the computers talk to each other directly. It does it extremely well, and I haven't seen anything like it.

Cool thing is, it can do everything that a normal VPN can. When the other commenters talk about them hosting the 'server'. They're talking about configs, etc. Traffic doesn't usually go through their servers. Just in rare cases where your ISP is really hell bent of preventing you from UDP hole punching.

People always forget about ZeroTier's network flow rules. In a little text file/field, you have a full-on software-defined networking appliance, with filters on any kind of Layer 3-4 information, and a capability model. You could regulate a medium corporate network in about 50 lines, giving people capabilities as required or segmenting areas with tags. And it would work exactly the same whether laptops were inside the building or not. And you can do mad stuff like 'copy all TCP traffic with dport X to some machine running tcpdump'. The whole thing is a dream. I love it.

I personally use it as a replacement for AWS VPN Gateway using a ZT managed route and a couple of VPC route table entries. I detail that setup in my ZeroTier Terraform plugin: https://github.com/cormacrelf/terraform-provider-zerotier

How we moved to Google Cloud using Consul and ZeroTier with zero downtime | https://news.ycombinator.com/item?id=15548642 (Oct 2017)

I haven't looked at ZeroTier since they made those feature additions. I'll have to check them out.

EDIT: Just did. This[1] is amazing.

[1]: https://www.zerotier.com/manual.shtml#3_4

This. Performance is superb, and the connections are direct. Stable, super simple.

Highly underrated and too much under the radar afaik

You can self host it for free. ZeroTier looks to charge $100/mo just to let you self host.

AFAIK you can run your own ZeroTier controller for free. It's just not documented too well and also it's missing the web UI for managing your networks.

I ended up writing a CLI to do it that's relatively full-featured. At some point, I intend to move functionality to a shared library between a CLI and a Web frontend, but for now, the CLI works tremendously well for my use cases:

https://github.com/FrankPetrilli/ZeroTier-Controller-CLI

They charge for management of large networks on their controller.

You can run your own controller fir free, and it's also open source iirc, but it's not as nice (no web ui) and you're fully on your own.

It's $100/month for licensing our web interface for controller management. You're free to set up your own network controller and write your interface for managing it :)

Ah, excellent! I have only used zerotier with them hosting. Would far prefer to self-host. Thanks for pointing that out!

I know this is old, but there's one thing that is a big advantage for tinc, and it's that it supports TCP P2P

If you're behind a restrictive firewall ZeroTier won't be able to punch through it, and will fall back to forwarding packets (encrypted) through ZeroTier servers, Even if a connection could've been made over TCP to the other client (because his firewall supports UPnP or is port forwarded) which creates a tunnel directly between them.

Note that UDP connections are always better for encapsulating TCP, but P2P TCP is better then TCP through an external server with limited bandwidth.

I'm a ZeroTier user though, and i've only encountered this to be a problem once. It's nice to know it'll always work well though.

Configuration & ease of use: ZT > Tinc Connectivity: Tinc > ZT

I know ZeroTier people are looking into solving this, so this might soon be obsolete information :)

Also tinfoilhats might prefer Tinc considering there's no central service anywhere.