 I'm here for large systems and we're going to talk about overlay VPN solutions. This is a topic I've been covering on my channel since about 2019, starting with zero tier, but I've also covered Nebula, tail scale, and lots of other talks around that topic. You'll find a whole list linked down below over in my forums and that's actually we're going to head next in a moment, but I want to just close something right away here up front because this is important to the video. This is not sponsored by any of the companies that I have mentioned. Even though I've interacted with many of them, I have no business relationship in terms of offer codes, affiliate links, or any sponsorships. This is particularly important because I do have Twingate on the list because people keep asking about it, not because I recommend it. And they did reach out and ask if I would be interested in sponsorship. And I said, no, and we'll talk about that when we get to the comparison charts, because sometimes solutions are popular because they're good. And sometimes solutions are popular because maybe they're good, but they've also spent a lot of money having other YouTube channels promote them. I just want to bring it up front that there is no promotion here. Now I'm going to talk about NetMaker as well briefly because a lot of people have asked about it, but the focus today is mostly going to be comparing NetBird and Tailscale, but I'll be talking about how it stands up to the other solutions as well. So let's get started. Are you an individual or forward thinking company looking for expert assistance with network engineering, storage, or virtualization projects? Perhaps you're an internal IT team seeking help to proactively manage, monitor, or secure your systems. We offer comprehensive consulting services tailored to meet your specific project needs. Whether you require fully managed or co-managed IT services, our experienced team is ready to step in and help. We specialize in supporting businesses that need IT administration or IT team seeking an extra layer of support to enhance their operations. To learn more about any of our services, head over to our website and fill out the higher us form at lorenzsystems.com. Let us start crafting the perfect IT solution for you. If you want to show some extra love for our channel, check out our swag store and affiliate links down below that will lead you to discounts and deals for products and services we discuss on this channel. With the ad read out of the way, let's get you back to the content that you really came here for. I want to start by talking briefly how overlay VPNs work. I have a more in depth video you'll find linked in the forums down below. Overlay VPNs require a coordination server to coordinate all the different devices that are attached to them so it can figure out where they are. It is not dependent on the firewall, although some of them do have options as plugins for the firewall and can involve it, it is not a necessary piece that the firewalls be involved. And the concept is if you have an untrusted network that you're on, but you like to get back to your home office resources or your home network resources, all these devices are constantly staying in contact with the coordination server. And when the request is made to one of the devices, the coordination server will broker that connection to coordination server does not involve itself in anything more than handing the keys between the devices so the devices can hopefully talk to each other. But if they cannot talk to each other because of some challenge they've run into, it can also act as a relay server. If some reason the firewall was blocking certain features, but still allowing to talk to the coordination server, this is important because the differences in some of the tools I'll be talking about is whether or not you get to host the coordination server, because whoever hosts the coordination server has to be responsible for the security of it. Because even though it does not see the data traversing it that is handled by the transport layer security between the devices, it does have the ability, of course, to provision and add more devices to the network. And that is a critical feature in why self hosting is such a popular option. And let's dive into which ones do and do not have self hosting now. And that brings us to the forum post. And let's just jump right into tail scale. Tail scale is wire guard based, which is awesome. Wire guard works really well. It's fast. It's a well proven technology in terms of security. The transport layer is very well reviewed. And that's why I have that as a category in here. Tail scale offers open source clients. And I think this is great because now you understand what the client does and you can understand how a coordination server is talking to it and what protocols are being used. I love the transparency on it. So when you load these on your devices, you have good visibility into it. But the server portion, the web management interface of tail scale is not hostable. They do not give you any option for that. It ties to their server, but they are actually nice enough to commit some changes to head scale, which is a third party, not at all managed by the people at tail scale option in order to host the server. Matter of fact, they've even made it easy and allow you to, in the Android app, change the coordination server, which is defaults to, of course, tail scale, but they give you an option to point it towards your own server, which could be head scale. I think that's pretty neat that they have as an option. You'll find in this forum post linked a video I did on head scale. Their client support is Windows, Mac, Linux, BSD, Android, iOS, Synology and my favorite PF Sense. I like that they have a PF Sense plugin built right in. This allows you to use your PF Sense and do routing on it. Also, you find a video that I have on that topic. The next one that I'm pretty impressed with is NetBird. Also WireGuard Base. Also Open Source Client. Also has a server. Open Source is completely hostable. We'll talk about that more in a moment because I did set up a demo that we'll be doing a little bit further in the video on that. Windows, Mac, Linux, Android and iOS. The iOS was a very recent release. I actually had a conversation with the people who founded NetBird. And I think it's a pretty impressive product. I'll be doing a video soon diving deeper into it because they have a new UI they're coming out with. And I said, well, hey, as soon as you have that new UI release, which is supposed to be later in January of 2024, I will also do a video on it because it has dark mode and the current one doesn't. But we will show you the UI. NetMaker, awesome. Open Source has a video link down below on that. I think NetMaker is pretty neat. It is WireGuard Base. Open Source Client, Open Source server hostable, but no phone support available. And that matters a lot to a lot of people who want to be able to access things on their phone like me. This is one of the reasons the top two are on there. That just being missing is kind of a non-starter for me. Also from a standpoint of setup, it is substantially more steps to set that up than NetBird or Tailscale. And that's why I left a link to a video so you can just kind of take a look at it yourself on how they go about that. Next one down the list is Zero Tier. Not WireGuard Base, but also a well vetted protocol. Zero Tier has been around a while and we've recommended this to clients in the past and we've never had a problem with Zero Tier just like Tailscale. We find those two solutions are the most mature as they've been around the longest and it is fully open source on the client. They have an open source server option but no web UI for it. But there is third parties I know working on it, but I believe it's all labeled as alpha, but they do support Windows, Mac, Linux, BSD, Android, iOS and Synology. So Zero Tier I think is still a good solution out there. The last one on the list is not one I've ever used, but since they are shelling out money to YouTubers to do sponsorships, they have become a popular topic in the comments on many of my videos about overlay VPNs. It is a completely closed source solution. They did reach out to me about doing a video and I looked at it and said there's other good open source solutions. So I didn't want to, although I do like sponsorship money. I didn't want to take their sponsorship money for a product. I just don't really feel I would use or recommend. Now I don't know anything bad about it, but I know it's closed source and I know the other solutions I mentioned before this one are quite good and quite robust. It does have some advantages of having more business integration functionality. I did look at their site on that, but of course it's a black box in terms of how they actually handle transport layer security. They don't give you a ton of details other than TLS security on there. But this is the problem I have when you have a completely closed source client and closed source coordination server. I don't have any visibility to validate any of the claims they make. I would have to do a lot of reverse engineering and I just don't feel like trying to dig into that product because it's not meant to be peered into. It's meant to be closed source host solution you pay them for. Maybe I should have taken the money since I've now kind of mentioned them and they now will have more publicity. But then again, I want my reviews to be from me honest and unbiased as much as anytime money involved can change biases or at least what you think of the person on there. I wanted to make sure in this video was implicitly clear. There is no bias towards any of the products I've mentioned. Actually, I am a little bit biased, but it has nothing to do with money. It's just how much I like these different services. I want to focus in here on tail scale and net bird. I've not been using net bird but more than a few days to do my testing, but I plan to keep continuing the testing because I've been really impressed so far. Things I want to highlight that they're very similar between them is starting at the way you sign up. You can sign up for a free account with no credit card necessary for net bird. I actually like that they do have a business option. So if you are someone who wants support and would like business level support, this also helps fund the project. That's great. It starts at $5 a month. But you get a hundred machines, which is great for homeland people who want to start it out for free. And of course, tail scale has a similar offering. You get a hundred devices for free. They call them devices, not machines, but the same concept. And that also does not require a credit card to sign up and start using tail scale. So both of them start there very similar. They both have similar DNS peer to peer connections. They even both do split DNS and route advertisement. So one device can act as a route advertisement to allow non overlay devices to be added and actually push those routes so other devices can get to them. Now they both have ACL management and let's go into the interfaces to talk about the differences between the ACL management because is where things start to veer off. Now this is what the ACL system looks like on tail scale. I don't think it's too difficult. They have good documentation, but some users may find this a little bit daunting. They have a much more simplistic approach. Of course, not all the same features, but a simple interface for adding rules. Now the default rule for both tail scale and net bird is the same where it allows all traffic to pass. But then you can add rules and you can add your groups. So if we have the all groups which are just the groups I have in here right now and I want to call this 443 rule and we want to say we want TCP port 443 and create rule. Now we have a rule that allows TCP 443 to talk between there and we can disable the default rule to stop the allow all to talk and start being implicit about each of our rules and build out groups. A little bit more simplistic, not quite as many features as tail scale has, but nonetheless this might be easier for some users or might be enough for what you need to get done. Now, one thing I did not see an equivalent of in net bird is the ability to advertise as an exit node. This is a feature by which the other devices that are attached to your mesh network can actually exit through that network, essentially creating a full tunnel network so I can take my phone and when I'm remote but want it to exit through the IP address of my PF sense. I can use this as an exit node as an option or even my laptop. I can just say, hey, I would prefer all the tunnel go through this and then out this network as opposed to the default split tunnel way that it normally operates. But that brings us next to the killer feature that net bird has that's being able to self host from net bird, their entire management interface. Matter of fact, the management interface I was logged into was mine from the self hosted set up. It is the same interface whether you get the free tier account, the paid account or this account. Now there's a couple different varied extra features they have with some of their paid tiers in terms of other identity providers being integrated. But you can integrate those yourself if you want other identity provisioning on there. It's just by default only going to come with Zidadel integration. And that's how you set it up. I won't get too much into that until I do the later video. But it's all well laid out here. And I would say absolutely they're not lying about this self hosting in under five minutes. Go right down here to the command. And it's extremely simple. This is all I had to do was set this up. I loaded Debian. I made sure it had a public IP address. I made sure DNS was working. Then you type in right from the bash command line export whatever the DNS entry is for that. And it kicks off this script. It is that simple. They do have a full detail if you want to manually set it up. But if you want five minutes set up and don't have to read through a lot of commands, copy paste this and make sure your DNS works and it instantly sets this up and has the interface up and running. Just like they said in under five minutes, even faster if you've already downloaded and pulled all the Docker images down that actually I think is what took the longest of setting this up because once the Docker images are pulled it creates an admin account and gives you the information right on screen for you to log in. And if you go up like I did the first time and actually delete the password it gives you, it's actually really easy to delete that and start over just let it redo it again. And it doesn't have to pull the Docker image the second time. So it stands up and even under, I would say less than a minute if you have a fast machine. I was really impressed with all the testing I've done. I mean, though it's only been a few days with network, but they're really based on some tried and true technologies. And I think it's a pretty solid option. I do plan to keep testing it until their new version comes out, then I'll do the video because it's supposed to land here later in January of 2024. And my interaction so far has been really good with the founders, I actually had some questions back and forth with them. And they're on a good roadmap with this just the fact that they are the ones providing this whole interface. So you can manage it yourself makes it a really promising and really exciting project. Leave your thoughts and comments down below about which ones you like. I'm always curious, always interested in hearing from you. Let me know if there's a one of them I missed that I should be covering and adding to my list here. Definitely. That's how I discovered this one itself was several people reaching out to me and saying, Tom, have you heard of net bird? And I hadn't, but I'm really thankful for all the people that had mentioned it because this could possibly replace tail scale. I think it's definitely a compelling option. And maybe one day I hope they have a PF sense feature because that would be really cool. Like and subscribe if you want to see more content from this channel, head over my forums where you'll find this entire list on there. And you can add to the conversation in a more in depth way than you can in YouTube comments. So forums.learnsystems.com and like and subscribe to see more content from this channel. All right. And thanks.