I find myself a bit confused, as I’m not an expert in this field. I’m looking for advice on what to use: ZeroTier, HeadScale, or Netmaker. My goal is to place my services behind a VPN for added security. I’m wondering which of these options is better and more secure. Is it worth comparing Netmaker to HeadScale and ZeroTier, or are they best suited for different purposes? If I opt for ZeroTier, is self-hosting a better choice, or should I go with their free plan?
BTW unless you are behind a cgnat you don’t need any of these solutions, neither a VPS with wireguard. Its weird that nobody uses the simplest solution anymore, which is a dynamic DNS.
if you additionally want to have a domain pointing at your server, just set CNAME for the ddns name in your dns settings.
I think besides the very minor advantage of having a fixed IP (unless you want to run mailserver) instead of a fixed domain name, most people think they don’t have to take care of security anymore because cloudflare does it for them.
In my case, I run a Wireguard server on my router. Not every router firmware has that option, though (and some people may have the option and not realize it).
I think there are some people who worry about opening up the port for the VPN. But it’s not a particularly high security risk, and services like Tailscale aren’t automatically better just because they initiate outbound connections.
People overestimate what something like Cloudflare does for them. It can be helpful for a number of use cases and includes some good risk mitigation options, but it a service is still available to the outside world, it’s still a potential vulnerability point that needs to be hardened reasonably at the level of the application and one’s own network, too.