ZeroTier is cryptographically inferior to Wireguard, but also isn't really a VPN: it has centralized configuration and rendezvous. If you're running VPNs to get the US Netflix from your UK vacation, this is probably fine. If your VPN is how remote employees access your prod network, it is way less fine.

I think it's a bit unfair to judge ZeroTier in comparison to VPNs, because that's not strictly speaking what it's trying to be. I like overlay networks!

I actually would love to hear more about your perspective on the crypto used in Zerotier and why it shouldn't be used for remote workers and those sorts of things.

I've been a user for quite a while and it's been really nice (and generally I've really only had trouble using Zerotier on really locked down wifi networks), but given their Technical FAQ info it sounds pretty convincing to a lay non-security-expert person that it is relatively secure: https://www.zerotier.com/tech_faq.shtml#security

As far as using it for remote workers, in comparison to how our current VPN option at work functions (currently a SonicWall Firewall/VPN) it definitely seems to work more easily/consistently so it's been something I've wanted to share so we can try out (but if there are big security issues with doing so I'm sure myself and others would love to get your thoughts on Zerotier in particular).

Thanks!

I agree about the cryptography part of course. But I'm not sure about other points. You can run your own directory nodes, rather than use the public ones, so in practice the model looks like OpenVPN replacement. Is there a reason apart from the cryptography part why you wouldn't want to use it for remote workers?

Sure, it does much more, and it's probably better to call it an SDN / overlay. But if you can call OpenVPN a VPN, then I think ZT can do VPN as well.