Subj : fsxNet Feedback (ZeroTier To : N1uro From : deon Date : Sun May 16 2021 09:56 am Re: fsxNet Feedback (ZeroTier By: N1uro to deon on Sat May 15 2021 02:50 pm Howdy, So things werent adding up for me with your explaination of what you were doing. I think we were coming from 2 different contexts. I was lead to believe that "the network" as 44/9 and that the OpenVPN server surved that subnet to clients. So as a client on the network, your address would have been a /9. (I should have picked that up when you gave your ping output.) But in your message, you shared this: N1> it like OpenVPN would do. So in the policy route table I have for 44/9 this is one of hundreds of routes: N1> 44.64.10.32/27 via 24.0.91.254 dev tunl0 proto 44 onlink window 840 So its not really a single /9 vpn network, its multiple networks, and you have a /27 vpn network and you route 44/9 over it. N1>> traceroute to wb2snn.ampr.org (44.64.10.33), 30 hops max, 60 byte packets N1>> 1 gw.n1uro.ampr.org (44.88.0.1) 5.670 ms 6.102 ms 6.095 ms N1>> 2 wb2ona.ampr.org (44.64.255.225) 41.601 ms 45.571 ms 46.421 ms And given that 44.0.0.1 goes "offline" without loss of connectivity to you to 44.88.0.9 that means that the other end of your OpenVPN link also has an alternative link to 44.88.0.9 (directly or indirectly). Anyway, OpenVPN is a viable "vpn" alternative - I agree, but I think it requires too many management points, sets of servers running OpenVPN and configuration to multiple parts of the network to provide redundancy. (Too much for a simple BBS network.) In contrast (which is how this thread started), ZeroTier is peer to peer and just requires you to run a client and me. Since I'm managing "my" network, I'm using a personal "controller" (not zerotiers) - and you find me by requesting the controllers network address. Once I authorise you on the network, you dont route your traffic through my controller, you connect direct to me point to point. Where the concern also was, is that ZeroTier's root servers are required for you to find me - implying if they turned them off you couldnt. That's not true however, since I can define a personal root server (called a moon and more for redundancy), which you configure to find me without ZeroTiers invovlement. I recall reading at some point that ZeroTier were going to enable you to advertise your own "root servers" (since the root server's address is harded coded in the client - in much the same way that DNS servers (the DNS analogy) have a standard root server configuration). If and when they do that, then ZeroTier could turn off their root servers and you would still be able to find me (and no moons required). ....лоеп --- SBBSecho 3.14-Linux * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116) .