Is it possible to use openziti as a regular VPN?

Good day. I apologize if I'm posting the question in the wrong place, but I couldn't find a better section.

First of all, thank you for such a product - I came across it today, tried it and it is really very good.

I'm looking for open source software that will be similar in functionality and usability to zerotier software.

I want to implement it into my mobile application to provide secure access to some web resources within the network. But I also need such a function as “full routing” through some client connected to this overlay network. Just like zerotier does.

Please tell me - does OpenZiti have such an opportunity? Is it planned?
Or am I mistaken and it is only intended for publishing applications (ports) inside the overlay network?

Hi @drno88, welcome to the community and to OpenZiti! We're pleased you're enjoying it!

At this time OpenZiti is split-tunnel only. You can emulate it reasonably by intercepting "all the traffic" and there are other posts here on the forum that get into that here/there. We don't have any doc that shows you how to intercept 'everything', but people have before.

There has been discussion of creating "vpn functionality" very recently where it'd be a full tunnel. It's actually be looked into right now. So stay tuned! Follow the project, discourse, ziti tv, the subreddit, or just pop back in and ask in a week or two and who knows, maybe there will be something to look at then...

OpenZiti is definitely focusing on secure connectivity, securing individual application access exclusively through authorizations, but as I mentioned, you can try to 'intercept everything'. :slight_smile:

I would say -- sit tight for a couple weeks on "full tunnel vpn" and check back in later on.

Until then, have fun with OpenZiti! And if you haven't seen/tried it yet, try zrok. You can selfhost it and it's built on/around OpenZiti!

1 Like

Thank you for such a quick response. I'll wait a couple of weeks until there is some official way to simulate VPN)

I had no problems with the installation; according to the instructions, everything worked well for me)

I paid attention to this project primarily because it uses a standard https\tcp 443\websocket for relay connections, unlike other overlay network projects.
If I understand correctly, I can proxy it through various CDNs without any problems. This will be very important for my application because... it is planned for use in countries with high levels of censorship.

If it’s not difficult for you, could you provide a link to how auto-switching between https\ws protocols occurs if the client is forced to use an intermediate “relay”?

Good afternoon to you! Tell me, is there already some solution in this direction?
Otherwise, the option with an intermediate Websocket server and a VPN based on it looks very tempting...)

Indeed, in May zrok released a first pass at VPN. You can read @ekoby's blog post here zrok VPN and read the doc here zrok VPN Guide | Zrok

Like any smart project/company we only invest where people are interested as time is limited, so if you try it out and like it great. If it's lacking in some way, let us know! :slight_smile:

Hope that helps

1 Like