Subj : fsxNet Feedback (ZeroTier) To : deon From : Oli Date : Fri May 14 2021 08:31 pm deon wrote (2021-05-14): Ol>> Is it completely independent? d> Yes - https://www.zerotier.com/manual/#4_4 not convinced yet. Ol>> Wikipedia tells me: "Virtual networks are created and managed using Ol>> a ZeroTier controller. Management is done using an API, proprietary Ol>> web-based UI (ZeroTier Central), open-source web-based or CLI Ol>> alternative. Using root servers other than those hosted by ZeroTier Ol>> Inc. is *impeded* by the software's license. d> It seems illogical to impede the use of their roots via the software d> license, when their documentation tells you how to do it (via moons). I agree. It also would not qualify as Open Source software / license. Ol>> Can I configure the ports or has the admin the power to change the Ol>> rules at will? d> The owner of the network controls the ports for the network. But you with d> a (virtual) interface to the network can apply your OS level firewalling d> - in the same way you may want to firewall one host from another on the d> same ethernet network. The owner of the network can also set other funky rules: *Tap all of the traffic!* Another incredibly powerful feature of ZeroTier is the ability to tap the entire network regardless of how widely distributed its nodes are. Using the tee ability within a flow rule essentially copies every frame sent/received by nodes on the network and sends it to a node of your choice such as an IDS or full packet capture solution such as Moloch. from: https://blog.reconinfosec.com/locking-down-zerotier/ see also: https://www.zerotier.com/2016/08/31/capability-based-security-for-virtual-networks/ headline "Global Rules and Security Monitoring" Is there a way to prevent this? Ol>> Is it possible to use ZeroTier in a really decentralized way? d> Yes, I believe so - even though I've not actually tried it with any d> system not connected to the internet. d> [...] d> If zerotier d> shuts down their root servers, you will still continue to function if you d> have my moon configured. It's still kind of centralized (your moon). --- * Origin: . (21:3/102) .