💉 🅿️ 🤹🏾 How to kill zombies more efficiently with ZeroTier ♐️ 🔖 🈳

You have a server under the bed, a smart house in the country, and an IP camera in the garage. How to unite them all in one network to have access to all devices? In such situations, it is customary to use a VPN, but there is a more effective solution - ZeroTier. It creates a peer-to-peer (P2P) network between devices, while configuring it is much simpler than a VPN.

We have already published a series of articles about organizing a P2P network for remote user support. In it, we considered the option of building a decentralized virtual network using ZeroTier. Unlike traditional VPN solutions, ZeroTier lacks a central management server and a connection is established directly between devices.

I often use ZeroTier for two cases: connect to client devices to provide support and kill zombies in shooters. It became interesting to me to compare alternative ways of connection on a local network.

If you want to understand the principle of ZeroTier, about this we have released a detailed article with analysis .

RDP connection for remote support

Almost every day, I have to connect with a client ~~to suppress a machine rebellion~~ to help solve something. In a pandemic, these are colleagues working from home.

To work with the company's internal services, authentication is required from the corporate network and a VPN has been raised on the office router for a long time in case you need to remotely do something somewhere.

For me, connecting to it and registering a couple of routes in the system is not difficult, but for the average user it was laborious. So, once the need arose for a simple solution that would allow the affected user to easily give access to his computer.

I didn’t even consider Teamviewer or Radmin then because of limitations and cost. In addition, I am a supporter of Orthodox RDP, not third-party utilities. I wanted the solution to be as simple as possible in the implementation and the person needed a minimum of action on his part. And since I worry not only about the employees of my native, beloved company, and sometimes they help third-party characters, it would be wrong to use a corporate VPN server.

What did I compare with ZeroTier

On the network, you can find several simple solutions for implementing a virtual network:

Tunngle that no longer works;
Evolve, which merged with Player.me;
Hamachi;
Radmin VPN
And ZeroTier, which we have right in the marketplace .

I planned to ask the client to install one of the above software, download and execute the following script to enable RDP:

# Execute with Administrator rights
$path = $MyInvocation.MyCommand.Path
if ($args[0] -ne $null) {
$path = $args[0]
}
$path = Split-Path -Path $path

$windowsID = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$windowsPrincipal = New-Object System.Security.Principal.WindowsPrincipal($windowsID)
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator
if ($windowsPrincipal.IsInRole($adminRole)) {
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "DarkBlue"
clear-host
}
else {
$newProcess = New-Object System.Diagnostics.ProcessStartInfo "PowerShell";
$newProcess.WorkingDirectory = $path;
$newProcess.Arguments = $myInvocation.MyCommand.Definition;
$newProcess.Verb = "runas";
[System.Diagnostics.Process]::Start($newProcess);
exit
}

# Set RDP enabled
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0

# Create firewall rule
New-NetFirewallRule -DisplayName "Remote Desktop Allow TCP" -Program "%SystemRoot%\system32\svchost.exe" -Action Allow -Protocol TCP -LocalPort 3389 -Direction Inbound -Enabled True
New-NetFirewallRule -DisplayName "Remote Desktop Allow UDP" -Program "%SystemRoot%\system32\svchost.exe" -Action Allow -Protocol UDP -LocalPort 3389 -Direction Inbound -Enabled True

# Add user to RDU group
$User = $env:USERNAME
Add-LocalGroupMember -SID "S-1-5-32-555" -Member $User

Parameters for evaluating each program

I evaluated all solutions by parameters:

The speed of file transfer over a local network;
Easy to install, configure and use;
Cost and limitations;
Functional;
Game (more on that at the end).

My assessment for each parameter is subjective and worthy of criticism. Therefore, I focused on the parameters that can be measured through tests.

Hamachi

At the time of writing, the latest version of the LogMeIn Hamachi for Windows 2.2.0.633 program was released in March 2019. The free version has a limit of 5 simultaneous connections to the same network. The cost of the full version starts at $ 49 per year.

To get started, you need:

Register in the service;
Install software
Create or connect to the finished network through a graphical application.

To estimate the speed of file transfer, I used CrystalDiskMark, performing read / write tests in folders previously shared for the local network and simple copying of a large file.

Considering that all tests are performed on two PCs with the same configuration (in each test the same drive, the same system settings, etc.), CrystalDiskMark results should give an idea of the data transfer speed.

Note: after writing the article, I doubted that I had chosen the best solution for testing. I think in the comments a better approach will be suggested.

Time result: copying a 9 Gb file took exactly 21 minutes.

CrystalDiskMark Results.

Ping between PCs did not exceed 10ms.

Radmin VPN

The latest version of “Radmin VPN 1.1.3969.3” was released in December 2019. This is a completely free application with a minimalistic design and does not even require registration.

All you need is:

Download;
Install;
Connect to the network;
Eat a donut.

File transfer speed is significantly lower than that of Hamachi. 9Gb transferred a good 43 minutes.

CrystalDiskMark results are also lower than Hamachi.

Ping: 10-11ms.

Perhaps if not for the eaten donut, the results would be different. When connecting via RDP, there were no special problems.

ZeroTier

This is a unique open source project:

It is available as a public cloud solution;
Provided by SaaS model;
He has four subscription plans.

Further, I will consider an open source solution from a third-party developer: ZeroTier network controller user interface .

We have already examined in detail the principle of its work in this article . I will list only the main features that make it so interesting:

1. Since we are talking about a P2P network, traffic does not go through the node we raised, but directly from device to device. The node is needed exclusively for the initial connection. Further, he is not involved in the work. The node can be completely turned off, the connection will not be disconnected. It will be required only if reconnecting.

2. The node is undemanding to resources. It runs quietly on our cheapest VPSfor 130 p. per month (or 30 rubles, if you managed to grab the same tariff).

3. There is no limit on the number of users and networks: you can connect your entire university stream and arrange a meeting of classmates in Counter-strike.

To create a node, we need to raise the VPS with the server side of the application. The process has also been described previously .

The client part of ZeroTier One has a minimalist design and a very modest set of parameters. We need to send the user only the ID of our node and authorize it.

9Gb flew for 20 minutes. Slightly faster than Hamachi.

CrystalDiskMark also showed slightly higher values.

Ping, like everywhere else, jumped about 10ms.

Case Two: How to Indulge a Cultural Relax at an Office Weak PC

ZeroTier provides another opportunity - the now popular way to stream the game to another device (a la GeForce Now). There are three alternatives to ZeroTier for this: RDP, Parsec and Moonlighrt. Let's test them.

▍ RDP

Unfortunately, not adapted for this. Most of the games I tested simply refused to work normally. Either crashed due to the incompatibility of the video driver, or simply did not respond to the control.

▍ Parsec

This is a specialized free software designed to transfer video between PCs with an emphasis on ultra low latency. Unlike Teamviewer or Radmin, Parsec is capable of transmitting stable 60 FPS in FullHD image in relative comfort (so as not to get a drakeface again and again).

For comfortable use, it is recommended that the host has a cable connection with a speed of at least 30 Mbps.

In the vast majority of games, you can comfortably play without experiencing a high input lag, but, unfortunately, the picture quality suffers. Due to compression methods, the image is divided into pixels on contrasting elements and it hurts the eyes a lot. FPS-dependent games, such as shooters, cannot be played with the proper level of comfort. Input lag, although low, but from time to time some twitching of the image is noticeable, which, although it does not interfere with marksmanship, is annoying.

What Parsec exactly surpasses other solutions in is a local co-op. Due to the fact that Parsec simply allows you to share the image of the monitor, it is possible to play a co-op game in any locale without problems. Moreover, the distance between you does not matter. I enjoyed playing Cuphead with a friend from Novosibirsk and did not experience any problems with the reaction.

Parsec is also good at everyday work. It is faster, transfers a better image compared to Teamviewer and it does not have any limits on the number of remote desktops. However, for such purposes I always use RDP, corny for the built-in OS and the ability to forward local drives.

▍ Moonlight

This is Open source, a completely free solution for remote games.
I will quote their site:

Moonlight (formerly Limelight) is an open source implementation of the NVIDIA GameStream protocol. We implemented the protocol used by NVIDIA Shield and wrote a set of third-party clients.

The most obvious and main achievement of Moonlight is the ability to broadcast 4K video at 120 or more FPS with a complete absence of any delays.

Moonlight only works if the host machine has an Nvidia card installed. This is due to the fact that the project emulates NVIDIA Shield and works directly with the driver. This is what allows you to broadcast 4K 120FPS without delay in a local network.

In addition, the second drawback of Moonlight is the inability to play on the Internet without additional dancing with a tambourine.

▍ Moonlight + Hamachi

Unfortunately, I don’t have a capture card, and I simply can’t remove the monitor on the phone ... Therefore, you will either have to believe my words or independently test each solution. Hamachi's bandwidth is enough for a comfortable game in 2K 60-120FPS. With increasing resolution, the microfreezes become significantly stronger.

It is possible to play FPS-dependent games, but here and there the game may freeze for a quarter of a second. Parsec is still doing better in terms of minimizing delays. However, it loses in image quality. Here it is up to you to decide which is more important: the minimum input lag and image artifacts or the perfect picture, but micro-friezes?

▍ Moonlight + Radmin VPN

Radmin VPN behaved the same as in synthetics. Relatively comfortable to play, it turned out only in FullHD and 60FPS. The resolution just above led to an unbearable slideshow. And from time to time, the picture completely froze for 2 seconds. Unfortunately, this bunch proved to be the worst.

▍ Moonlight + ZeroTier

And now we got to a delicious couple. Needless to say, the official Moonlight repository advises ZeroTier specifically for building a P2P connection. I literally failed to distinguish the gameplay of a remotely launched game from launching on a local PC. All declared Moonlight features work. It is a pity that my friend from Novosibirsk had an AMD card and had to test in the same city, calling his brother (this is the north and south of Moscow).

The image is smooth resolution up to 4K and goes without any brakes. The response to pressing is instant, you can play shooters like this. Perhaps this bundle is the best option for cloud gaming.

findings

ZeroTier is perhaps the best affordable solution for quickly building peer-to-peer networks. Yes, its functionality will not allow you to build complex networks and will not give access to the whole variety of settings of the classic L2TP / IPsec. But this is not always necessary for simple tasks.

Parsec is probably the only option for playing games remotely that support a local cooperative or split screen (I immediately remembered Lovers in a Dangerous Spacetime). It is not tied to a specific technology of physical equipment and does not require additional network settings. However, it can severely pinch image quality. In the absence of the ability to connect to the remote PC using regular methods, it is suitable for quick computer assistance.

Moonlight- If your Nvidia card is installed on your gaming PC, then Moonlight + ZeroTier is an ideal pair for remote gaming. ZeroTier solves the problem of setting up a virtual network simply and elegantly. Moonlight, thanks to the emulation of Nvidia Shield, allows you to transfer stunning pictures without delay. It does not allow remote PC configuration, but I described other solutions above.

How to kill zombies more efficiently with ZeroTier