2025-08-23
When Control Matters Most
Services like Tailscale and NetBird are convenient, but they rely on a third-party control server responsible for authentication, key distribution, and route exchange. For those who, for security or privacy reasons, don’t want to entrust this function to anyone, there are two paths: Headscale and “pure” WireGuard.
Headscale: Your Own Tailscale
Headscale is a fully open-source implementation of Tailscale’s control server. It allows you to deploy your own Tailscale alternative on a VPS or server while still using the official Tailscale clients.
2025-08-22
When Zero-config VPN Means More Than Just Tailscale
Although Tailscale has become the benchmark for simplicity, it’s not the only player in the Zero-config VPN field. ZeroTier and NetBird offer similar functionality but with important architectural and ideological differences.
ZeroTier: A Virtual Ethernet Switch
ZeroTier is one of the first and most well-known services implementing the mesh network concept. It works on the principle of a virtual local network. Instead of relying on the WireGuard protocol, ZeroTier uses its own protocol and creates a virtual L2 switch (Layer 2) that unites all devices into a single local network. Each device gets an IP address from a virtual subnet and can “see” other devices as if they were connected to the same physical switch.
2025-08-21
What is Tailscale?
Tailscale is a VPN service that positions itself as a Zero-config VPN. It uses the WireGuard protocol to create a secure mesh network between all your devices. The key difference from other solutions is its simplicity. Instead of manually configuring tunnels and managing keys, Tailscale does all the work for you. All you need to do is install the app on each device and sign in.
How does it work under the hood?
When you sign in, the Tailscale client connects to the Control Plane server. This server essentially acts as the “brain” of the network:
2025-08-20
Evolution of Remote Access
Traditional VPN services, which most of us are familiar with, work on the “hub-and-spoke” principle (star topology). This means that all traffic from the client to the protected network passes through a central server. This approach has drawbacks:
- Configuration complexity: Manual setup, port forwarding, and key management are required.
- Performance: All traffic, even between two remote clients, must go through the central server, which increases latency.
- Single point of failure: If the central server goes down, the entire network stops working.
A new concept — Zero-config VPN — solves these problems by using a mesh network architecture.
2025-08-18
Keenetic as a VPN Client: Network-Wide Protection
Why Use a Router-Level VPN Client?
Setting up a VPN client on every individual device can be tedious. Moreover, many devices (Smart TVs, gaming consoles, IoT gadgets) don’t even support VPN connections. Keenetic solves this problem by acting as a central VPN client for the entire network. This allows you to protect all devices with a single VPN connection, eliminating the need to install and configure software on each one.
2025-08-17
Keenetic as a VPN Server: Secure Remote Access
The Remote Access Problem
When you’re away from home or the office, accessing local resources — such as a network-attached storage (NAS), server, or smart devices — can be challenging. Opening ports to the public internet is unsafe. The solution is to create a secure VPN tunnel, allowing you to safely connect to your local network from anywhere in the world. Keenetic makes this task simple by offering powerful and flexible VPN server functionality right out of the box.
2025-07-29
Redundancy of Interoffice Links (Site-to-Site VPN, MPLS, Dark Fiber)
We’ve already discussed how to ensure reliable connectivity within a single building. Now let’s look at a more complex but equally critical topic: redundancy of communication links between geographically distributed offices or branches. This is crucial for companies where employees across locations need to exchange data, access shared resources (such as a central CRM, file servers, or IP telephony), and work as a unified whole.
2025-07-17
In the world of networking, there’s often a need to bridge two remote LANs so they behave like a single local network—even when separated by different routers. For MikroTik users, the concept of EoIP (Ethernet over IP) is familiar: it’s a proprietary tunneling protocol that allows creation of a virtual Ethernet interface (Layer 2) over an IP network.
Good news for Keenetic users: since firmware NDMS v2.10, Keenetic routers also support EoIP! This opens up exciting possibilities for advanced network designs.
2025-07-10
Introduction: Mikrotik – More Than Just a Router
When it comes to networking hardware for home or small offices, most people think of consumer-grade routers like those from TP-Link, ASUS, or D-Link. However, there’s a category of devices offering far more flexibility, features, and control—while remaining affordable. We’re talking about Mikrotik, a Latvian company known for its wide range of networking gear, especially routers and switches.
What truly sets Mikrotik apart isn’t just the hardware, but its operating system — RouterOS. This powerful software transforms ordinary devices into versatile tools capable of handling tasks usually reserved for far more expensive enterprise solutions.
2025-06-25
VPNCloud: Building Your Private Network in the Cloud
In a world where more and more services are moving to the cloud and remote work has become the norm, secure and private access to your resources is more important than ever. Traditional VPN services, while solving some problems, are often centralized and may not be the most flexible solution for creating your own secure network between multiple servers, devices, or even offices.
