So you’ve found yourself in a situation where you need a VPN network to access some files back at the office, or perhaps some other remote location? You’ve been reading up on OpenVPN, WireGuard, and other protocols, how to set them up, secure them, and other best practices, but it already seems to be very complicated, before you even throw in the aspect of a peer-to-peer network.
I’m here to tell you that it doesn’t have to be complicated and things are much easier today, in 2023, than they were a few years ago and there are multiple solutions, both commercial and open source, either free or a small cost.
Let’s touch on two we’ve tested ourselves, Tailscale and ZeroTier.
Tailscale and ZeroTier are both peer-to-peer flat mesh VPN solutions that allow you to create a virtual private network (VPN) that spans multiple devices without the need for a central server or hub. Both solutions allow for more secure and flexible connections between devices, as well as the ability to easily add and remove devices from the network.
One key difference between the two is the protocol they use. Tailscale is based on the WireGuard VPN protocol, while ZeroTier uses its own proprietary protocol. WireGuard is a relatively new VPN protocol that is considered to be faster and more secure than other protocols like OpenVPN. However, ZeroTier’s protocol is also designed to be fast and secure.
In terms of platform availability, they both cover the major platforms like Windows, Linux, macOS, iOS and Android, so you should have no problem integrating your network. Where you might start running into problems is niche platforms like Mikrotik for example, but both services are working on integrations for that and others.
When it comes to pricing, both services offer a freemium plan, where you get access to 25 devices and you can upgrade later.
Both companies have their proprietary version by default, but they do offer an open-source version with a few small differences or missing features.
Why peer-to-peer?
In this implementation, each device on the network connects to each of the other devices directly, making sure there is no central hub that needs to always be available for your network to work.
There are several benefits of using a peer-to-peer flat mesh VPN network:
- Decentralized architecture: In a peer-to-peer flat mesh VPN network, there is no central server or hub, which means that the network is more resilient to failures and outages.
- Flexibility: With a peer-to-peer flat mesh VPN network, devices can connect directly to each other, which allows for more flexible connections and makes it easy to add and remove devices from the network.
- Scalability: A peer-to-peer flat mesh VPN network is more scalable than a traditional client-server VPN network, as it can easily accommodate a large number of devices without the need for additional infrastructure.
- Security: A peer-to-peer flat mesh VPN network can offer a higher level of security as there is no central point of failure, and data is transmitted directly between devices, which makes it harder for outsiders to intercept or tamper with the data.
- Better performance: Peer-to-peer networks generally have lower latency, as data doesn’t need to travel through a central server. It can also reduce the load on the server, which can lead to better performance.
- Cost-effective: Peer-to-peer networks don’t rely on a central server, so there are no costs associated with maintaining or upgrading a central server. It also eliminates the need for expensive hardware, which can make it a cost-effective solution.
- Improved privacy: In a peer-to-peer network, there is no central server that can collect and store data, which can improve privacy as user data is not stored in one central location.
Is it safe and secure?
Both services should be secure, though it’s I would like to point out that Tailscale is built on the WireGuard protocol, which is considered to be more secure than other VPN protocols and has undergone a thorough security audit. Tailscale adds its management and authentication layer on top of Wireguard. The company is transparent about its security practices and has a detailed security page on its website.
In our research, we couldn’t find any major security breaches that occurred with either of them, and we do want to note that they both offer a bug bounty program, and have had their software audited by security firms.
As with any VPN solution, it’s important to evaluate the specific needs and requirements for your use case, and conduct your own research to ensure that the solution meets your needs, so we suggest jumping in with either, and creating a small 2-3 device mesh network where you can a) see the benefit of such a network and b) see if their implementation or applications do what you need them to do. When doing so, we recommend using an SSO provider to sign in, like Google, Microsoft or GitHub and Tailscale doesn’t even allow you to use anything else.
If you’re not sure about something please do reach out and we can try to clarify things for you.