Community discussions

MUM Europe 2020
 
chris2506
just joined
Topic Author
Posts: 1
Joined: Fri Jul 17, 2015 1:50 pm

Feature Request: zerotier vpn

Fri Jul 17, 2015 1:55 pm

Hi,

It would be great if RouterOS could use Zerotier One
https://www.zerotier.com/

Chris
 
bleppard
just joined
Posts: 3
Joined: Tue Oct 27, 2015 4:42 am

Re: Feature Request: zerotier vpn

Mon Nov 16, 2015 4:47 pm

Yes, I would really appreciate that also.
 
DoctorZIP
just joined
Posts: 2
Joined: Mon Feb 08, 2016 2:35 pm

Re: Feature Request: zerotier vpn

Mon Feb 08, 2016 2:53 pm

Join to guys. Would be great to have support of this service. Ready to be beta-tester :)
 
jarda
Forum Guru
Forum Guru
Posts: 7602
Joined: Mon Oct 22, 2012 4:46 pm

Mon Feb 08, 2016 5:25 pm

I don't understand why it is necessary or useful for routers.
 
DoctorZIP
just joined
Posts: 2
Joined: Mon Feb 08, 2016 2:35 pm

Re:

Fri Feb 12, 2016 9:27 am

I don't understand why it is necessary or useful for routers.
Because I can use many failover connections without static IPs.
 
majestic
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Mon Dec 05, 2016 11:19 am

Re:

Mon Jun 12, 2017 2:59 pm

I don't understand why it is necessary or useful for routers.
+1 I agree, it would be really useful as Mikrotik doesn't currently support dynamic multipoint VPN (DMVPN) or similar technology.

Zeroteir is a really a very easy/user friendly DMVPN clone (of sorts) which a lot of people deploy when they don't have native support for DMVPN.

It also doesn't require kernel drivers, its all done in usermode as well as uses typical linux tools/devices such as tun/tap, bridges and so forth which means it should't be rocket science to implement to ROS. Memory requirements is fairly minimal (about 4-5MB with about 50+ routes/networks connected).

The throughput is also very very decent and is only just a shy short of native IPSEC connections which is done in the kernel. I get high end 400Mbits (around 480Mits) on a gig connection with minimal CPU load running in usermode. If they did port it to kernel, it would beat IPSEC hands down.

p.s IMO its the best solution right now if you have OpenVZ machines you need to link up to your network/pool where you can't use IPSEC for whatever reason.

This is taken from a 4 CPU system (Intel(R) Xeon(R) CPU E3-1241 v3 @ 3.50GHz) and during the tests only two cores were maxed and this is all done in usermode, no kernel drivers and different DC/ISP.
iperf3 -c 172.30.50.1                                                                                                                                                            
Connecting to host 172.30.50.1, port 5201                                                                                                                                                      
[  4] local 172.30.0.165 port 55866 connected to 172.30.50.1 port 5201                                                                                                                         
[ ID] Interval           Transfer     Bandwidth       Retr  Cwnd                                                                                                                               
[  4]   0.00-1.00   sec  70.3 MBytes   590 Mbits/sec  157    233 KBytes                                                                                                                        
[  4]   1.00-2.00   sec  78.9 MBytes   662 Mbits/sec    0    411 KBytes                                                                                                                        
[  4]   2.00-3.00   sec  76.7 MBytes   643 Mbits/sec  173    247 KBytes                                                                                                                        
[  4]   3.00-4.00   sec  76.9 MBytes   645 Mbits/sec   38    188 KBytes                                                                                                                        
[  4]   4.00-5.00   sec  75.6 MBytes   634 Mbits/sec    7    263 KBytes                                                                                                                        
[  4]   5.00-6.00   sec  74.6 MBytes   626 Mbits/sec   33    215 KBytes                                                                                                                        
[  4]   6.00-7.00   sec  78.2 MBytes   656 Mbits/sec   12    317 KBytes                                                                                                                        
[  4]   7.00-8.00   sec  75.1 MBytes   630 Mbits/sec   44    148 KBytes                                                                                                                        
[  4]   8.00-9.00   sec  69.9 MBytes   586 Mbits/sec   39    172 KBytes                                                                                                                        
[  4]   9.00-10.00  sec  72.3 MBytes   607 Mbits/sec   19    231 KBytes                                                                                                                        
- - - - - - - - - - - - - - - - - - - - - - - - -                                                                                                                                              
[ ID] Interval           Transfer     Bandwidth       Retr                                                                                                                                     
[  4]   0.00-10.00  sec   748 MBytes   628 Mbits/sec  522             sender                                                                                                                   
[  4]   0.00-10.00  sec   745 MBytes   625 Mbits/sec                  receiver
 
warrendt
just joined
Posts: 1
Joined: Wed Jul 05, 2017 1:11 pm

Re: Feature Request: zerotier vpn

Wed Jul 05, 2017 1:13 pm

+1
Zerotier is an incredible VPN solution that allows default routes now. So you can force breakout of traffic wherever on the plant you wish
 
MRACHINI
just joined
Posts: 6
Joined: Fri Feb 26, 2016 12:53 am

Re: Feature Request: zerotier vpn

Thu Oct 26, 2017 8:50 pm

+1 using ZT since the start its amazing and would be a great addition to mikrotik.
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: Feature Request: zerotier vpn

Mon Nov 27, 2017 6:21 am

Agreed, ZT + MT would be freaking amazing. I'd be more than willing to help alpha this.
+1 using ZT since the start its amazing and would be a great addition to mikrotik.
ForwardingPlane, LLC
https://www.forwardingplane.net
 
carlhjerpe
just joined
Posts: 13
Joined: Fri May 15, 2015 12:49 pm

Re: Feature Request: zerotier vpn

Mon Jan 22, 2018 11:56 pm

Others are getting ZeroTier support.

https://docs.opnsense.org/manual/how-tos/zerotier.html
https://github.com/mwarning/zerotier-openwrt

This is a great replacement for OpenVPN, which isn't great in the MikroTik.

It'd be supercool to have ZeroTier as an interface type along with EoIP for tunneling both between MikroTiks and traveling clients.

Would enable people to do many cool things, and it's probably quite cheap to implement. Considering it's userspace code it's no problem keeping the source open and honoring the GPL.

Maybe with RouterOS 7?
 
mindlesstux
just joined
Posts: 14
Joined: Tue Mar 17, 2009 3:20 pm
Location: Charlotte, NC, USA
Contact:

Re: Feature Request: zerotier vpn

Sat Feb 03, 2018 6:48 am

Adding my voice to the pile.

It works great in allowing me to create a little ospf network (overkill but other reasons driving that atm) to allow me to access my remote LANs with ease. Granted I have a VM at the far ends with quagga and zerotier installed to the routing at this time. Having a package for zerotier I could eliminate a VM that its sole job is to route out to zerotier.

I can think of other uses for it as well that would apply to one of my past jobs at a WISP where I started using mikrotik. One could make a whole management layer on zerotier and not have to do vlans or crazy vpn'ing, keeping it simple and clean. Need to work on location A? Join its network and after authing yourself into it, instant access to all devices then on that network. I have not tested yet to see if winbox would work doing a broadcast check for devices over zerotier when using it to access random networks, but in theory one could do that too.
 
User avatar
cdiedrich
Forum Veteran
Forum Veteran
Posts: 939
Joined: Thu Feb 13, 2014 2:03 pm
Location: Basel, Switzerland // Bremen, Germany
Contact:

Re: Feature Request: zerotier vpn

Sat Feb 03, 2018 6:06 pm

I personally don't see zeroTier in a router. It's a self-contained SD-WAN appliance like all the others that are around.
I manage a global network with MikroTik routers and SD-WAN appliances (not zeroTier) and am very happy it is separate.
And I just don't like stuffing each and every possible feature into a router just because it could be nice. If doing so, we will end up with sort of Homer Simpson's car design in a couple of years.
A router is a router and a SD-WAN appliance is a SD-WAN appliance. And IMO it should stay so.

Just my two cents,
-Chris
Christopher Diedrich
MTCNA, MTCUME, MTCWE
Basel, Switzerland
Bremen, Germany

There are 10 types of people: Those who understand binary and those who don't.
There are two types of people: Those who can extrapolate from incomplete data
 
marrold
Member
Member
Posts: 417
Joined: Wed Sep 04, 2013 10:45 am

Re: Feature Request: zerotier vpn

Thu Feb 22, 2018 9:32 pm

+1, ZeroTier would be nice
I'm a SIP / VoIP engineer. Feel free to ask questions...
 
jantypas
just joined
Posts: 21
Joined: Sun May 02, 2010 11:57 pm

Re: Feature Request: zerotier vpn

Sun Jan 13, 2019 12:31 am

I, too, am a ZeroTier user. For those who wonder why we should put it in Microtik, especially if it can appear as a layer-2 interface:
  • ZeroTier is great for doing OSPF across WANs -- yes, I know that's what BGP is for, but there are times we need a "broadcast" interface across a WAN
  • ZeroTier is great as a VPN when you have a client somewhere who knows to install a piece of software and that's it -- no config files, no edits, just install and give me a magic number
  • We use ZeroTier for devices in the field that need a "trusted" interface but we can't count on it being routed via the default route. We can't change the routing tables on this test device, so ZeroTier lets us have a "side interface"
  • SDWAN in the cloud -- nice touch -- idenitty based firewall rules, who cares about your assigned IP
  • Works on V4 and V6
  • Mikrotik was never good with OpenVPN over UDP
As far why on the router -- many smaller shops have "a router", not an edge router, VPN unit etc. The shops that know what all of those parts are, are often Cisco shops. Mikrotik is often called CiscNO where I am -- "When your boss won't let you spend money on a Cisco, go with Mikrotik"
 
rviteri
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Fri Nov 18, 2011 5:53 pm

Re: Feature Request: zerotier vpn

Wed May 29, 2019 4:34 pm

+1 +1 on this!
 
rogierb
just joined
Posts: 6
Joined: Wed May 14, 2014 4:44 pm

Re: Feature Request: zerotier vpn

Wed Jun 26, 2019 10:49 pm

3 time a +1 for ZT support
 
emresumengen
just joined
Posts: 1
Joined: Sat Jul 26, 2014 1:15 am

Re: Feature Request: zerotier vpn

Wed Jul 24, 2019 8:04 pm

I personally don't see zeroTier in a router. It's a self-contained SD-WAN appliance like all the others that are around.
I manage a global network with MikroTik routers and SD-WAN appliances (not zeroTier) and am very happy it is separate.
I can relate, and having that "option" to run it would not affect your use case at all. Yet, it would help a lot of people, with different agendas.
And I just don't like stuffing each and every possible feature into a router just because it could be nice. If doing so, we will end up with sort of Homer Simpson's car design in a couple of years.
A router is a router and a SD-WAN appliance is a SD-WAN appliance. And IMO it should stay so.

Just my two cents,
-Chris
Mikrotik is already a small box with lots of features, so I don't think it's fair to try steering it's direction to a "single use device" route... Plus, SD-WAN is not something independent of "routing". The concept of having a separate SD-WAN box does actually not make sense, and I believe it is in our lives just because many router companies could not find the perfect receipe on how to design SD-WAN but rather decided to buy a better startup (look at Cisco, we can clearly see IWAN "try" and then Viptela, and they are clearly keen on bundling it on the ISR). Still, I wouldn't ask (yet) to have this feature on a Cloud Router, but even then it's fair to think that eventually there won't be "routing" without "SD-WAN"...
 
MikesellT
just joined
Posts: 2
Joined: Fri Nov 15, 2019 9:43 am

Re: Feature Request: zerotier vpn

Fri Nov 15, 2019 9:51 am

I have been using Mikrotik for years, and I just recently started using ZeroTier. Combining them would be a no-brainer. I have tried to hodgepodge together a one-box solution by utilizing OpenWRT inside METARouter and connecting to ZeroTier via OpenWRT, but it's a real pain in the buggy butt. Adding ZeroTier would give Mikrotik a simple SD-WAN-like solution - for those who want it. I know there are some diehard Mikrotik users who don't see the point or haven't come around to SD-WAN yet, but, from my experience, you innovate or lose market share to competitors. I love Mikrotik. I will use them as long as I can, but adding a ZeroTier package would sure be a nice feature.
 
jantypas
just joined
Posts: 21
Joined: Sun May 02, 2010 11:57 pm

Re: Feature Request: zerotier vpn

Fri Nov 15, 2019 2:07 pm

Since Mikrotik appears not to be pursuing other concepts such as Wireguard and ZeroTier, and we're still waiting for OpenVPN with UDP, I finally gave up waiting and just bought a Protecteli box. The atom powered unit can easily run a small Linux distro (Ubutnu 19 in my case), and it handles all of the stuff Mikrotik can't -- Wireguard, ZeroTier, et al. I ended up picking up another (i5, 8GB ram, 120GSSD) for about $350. I'm giving pfSense and OpnSense a serious look since they cna do nearly everything Mikrotik does, and this as well.

Don't get me wrong, at scale, Mikrotik blows them away, but for the smaller sites, I'm having to reconsider Mikrotik.
 
rogierb
just joined
Posts: 6
Joined: Wed May 14, 2014 4:44 pm

Re: Feature Request: zerotier vpn

Mon Jan 20, 2020 10:52 pm

Adding ZeroTier would give Mikrotik a simple SD-WAN-like solution - for those who want it. I know there are some diehard Mikrotik users who don't see the point or haven't come around to SD-WAN yet, but, from my experience, you innovate or lose market share to competitors. I love Mikrotik. I will use them as long as I can, but adding a ZeroTier package would sure be a nice feature.
++1. I totally agree and would love to see the ZeroTier implementation.

Who is online

Users browsing this forum: blajah, MSN [Bot], sasskass, tdw and 92 guests