Hi,
It would be great if RouterOS could use Zerotier One
https://www.zerotier.com/
Chris
Yes, I would really appreciate that also.
Join to guys. Would be great to have support of this service. Ready to be beta-tester 
I don’t understand why it is necessary or useful for routers.
Because I can use many failover connections without static IPs.
+1 I agree, it would be really useful as Mikrotik doesn’t currently support dynamic multipoint VPN (DMVPN) or similar technology.
Zeroteir is a really a very easy/user friendly DMVPN clone (of sorts) which a lot of people deploy when they don’t have native support for DMVPN.
It also doesn’t require kernel drivers, its all done in usermode as well as uses typical linux tools/devices such as tun/tap, bridges and so forth which means it should’t be rocket science to implement to ROS. Memory requirements is fairly minimal (about 4-5MB with about 50+ routes/networks connected).
The throughput is also very very decent and is only just a shy short of native IPSEC connections which is done in the kernel. I get high end 400Mbits (around 480Mits) on a gig connection with minimal CPU load running in usermode. If they did port it to kernel, it would beat IPSEC hands down.
p.s IMO its the best solution right now if you have OpenVZ machines you need to link up to your network/pool where you can’t use IPSEC for whatever reason.
This is taken from a 4 CPU system (Intel(R) Xeon(R) CPU E3-1241 v3 @ 3.50GHz) and during the tests only two cores were maxed and this is all done in usermode, no kernel drivers and different DC/ISP.
iperf3 -c 172.30.50.1
Connecting to host 172.30.50.1, port 5201
[ 4] local 172.30.0.165 port 55866 connected to 172.30.50.1 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 70.3 MBytes 590 Mbits/sec 157 233 KBytes
[ 4] 1.00-2.00 sec 78.9 MBytes 662 Mbits/sec 0 411 KBytes
[ 4] 2.00-3.00 sec 76.7 MBytes 643 Mbits/sec 173 247 KBytes
[ 4] 3.00-4.00 sec 76.9 MBytes 645 Mbits/sec 38 188 KBytes
[ 4] 4.00-5.00 sec 75.6 MBytes 634 Mbits/sec 7 263 KBytes
[ 4] 5.00-6.00 sec 74.6 MBytes 626 Mbits/sec 33 215 KBytes
[ 4] 6.00-7.00 sec 78.2 MBytes 656 Mbits/sec 12 317 KBytes
[ 4] 7.00-8.00 sec 75.1 MBytes 630 Mbits/sec 44 148 KBytes
[ 4] 8.00-9.00 sec 69.9 MBytes 586 Mbits/sec 39 172 KBytes
[ 4] 9.00-10.00 sec 72.3 MBytes 607 Mbits/sec 19 231 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 748 MBytes 628 Mbits/sec 522 sender
[ 4] 0.00-10.00 sec 745 MBytes 625 Mbits/sec receiver
+1
Zerotier is an incredible VPN solution that allows default routes now. So you can force breakout of traffic wherever on the plant you wish
+1 using ZT since the start its amazing and would be a great addition to mikrotik.
Agreed, ZT + MT would be freaking amazing. I’d be more than willing to help alpha this.
Others are getting ZeroTier support.
https://docs.opnsense.org/manual/how-tos/zerotier.html
https://github.com/mwarning/zerotier-openwrt
This is a great replacement for OpenVPN, which isn’t great in the MikroTik.
It’d be supercool to have ZeroTier as an interface type along with EoIP for tunneling both between MikroTiks and traveling clients.
Would enable people to do many cool things, and it’s probably quite cheap to implement. Considering it’s userspace code it’s no problem keeping the source open and honoring the GPL.
Maybe with RouterOS 7?
Adding my voice to the pile.
It works great in allowing me to create a little ospf network (overkill but other reasons driving that atm) to allow me to access my remote LANs with ease. Granted I have a VM at the far ends with quagga and zerotier installed to the routing at this time. Having a package for zerotier I could eliminate a VM that its sole job is to route out to zerotier.
I can think of other uses for it as well that would apply to one of my past jobs at a WISP where I started using mikrotik. One could make a whole management layer on zerotier and not have to do vlans or crazy vpn’ing, keeping it simple and clean. Need to work on location A? Join its network and after authing yourself into it, instant access to all devices then on that network. I have not tested yet to see if winbox would work doing a broadcast check for devices over zerotier when using it to access random networks, but in theory one could do that too.
I personally don’t see zeroTier in a router. It’s a self-contained SD-WAN appliance like all the others that are around.
I manage a global network with MikroTik routers and SD-WAN appliances (not zeroTier) and am very happy it is separate.
And I just don’t like stuffing each and every possible feature into a router just because it could be nice. If doing so, we will end up with sort of Homer Simpson’s car design in a couple of years.
A router is a router and a SD-WAN appliance is a SD-WAN appliance. And IMO it should stay so.
Just my two cents,
-Chris
+1, ZeroTier would be nice
I, too, am a ZeroTier user. For those who wonder why we should put it in Microtik, especially if it can appear as a layer-2 interface:
- ZeroTier is great for doing OSPF across WANs – yes, I know that’s what BGP is for, but there are times we need a “broadcast” interface across a WAN
- ZeroTier is great as a VPN when you have a client somewhere who knows to install a piece of software and that’s it – no config files, no edits, just install and give me a magic number
- We use ZeroTier for devices in the field that need a “trusted” interface but we can’t count on it being routed via the default route. We can’t change the routing tables on this test device, so ZeroTier lets us have a “side interface”
- SDWAN in the cloud – nice touch – idenitty based firewall rules, who cares about your assigned IP
- Works on V4 and V6
- Mikrotik was never good with OpenVPN over UDP
As far why on the router – many smaller shops have “a router”, not an edge router, VPN unit etc. The shops that know what all of those parts are, are often Cisco shops. Mikrotik is often called CiscNO where I am – “When your boss won’t let you spend money on a Cisco, go with Mikrotik”
+1 +1 on this!
3 time a +1 for ZT support
I can relate, and having that “option” to run it would not affect your use case at all. Yet, it would help a lot of people, with different agendas.
Mikrotik is already a small box with lots of features, so I don’t think it’s fair to try steering it’s direction to a “single use device” route… Plus, SD-WAN is not something independent of “routing”. The concept of having a separate SD-WAN box does actually not make sense, and I believe it is in our lives just because many router companies could not find the perfect receipe on how to design SD-WAN but rather decided to buy a better startup (look at Cisco, we can clearly see IWAN “try” and then Viptela, and they are clearly keen on bundling it on the ISR). Still, I wouldn’t ask (yet) to have this feature on a Cloud Router, but even then it’s fair to think that eventually there won’t be “routing” without “SD-WAN”…
I have been using Mikrotik for years, and I just recently started using ZeroTier. Combining them would be a no-brainer. I have tried to hodgepodge together a one-box solution by utilizing OpenWRT inside METARouter and connecting to ZeroTier via OpenWRT, but it’s a real pain in the buggy butt. Adding ZeroTier would give Mikrotik a simple SD-WAN-like solution - for those who want it. I know there are some diehard Mikrotik users who don’t see the point or haven’t come around to SD-WAN yet, but, from my experience, you innovate or lose market share to competitors. I love Mikrotik. I will use them as long as I can, but adding a ZeroTier package would sure be a nice feature.
Since Mikrotik appears not to be pursuing other concepts such as Wireguard and ZeroTier, and we’re still waiting for OpenVPN with UDP, I finally gave up waiting and just bought a Protecteli box. The atom powered unit can easily run a small Linux distro (Ubutnu 19 in my case), and it handles all of the stuff Mikrotik can’t – Wireguard, ZeroTier, et al. I ended up picking up another (i5, 8GB ram, 120GSSD) for about $350. I’m giving pfSense and OpnSense a serious look since they cna do nearly everything Mikrotik does, and this as well.
Don’t get me wrong, at scale, Mikrotik blows them away, but for the smaller sites, I’m having to reconsider Mikrotik.
++1. I totally agree and would love to see the ZeroTier implementation.