ZeroTier is an SDN, it tunnels out from the client and busts through virtually any firewall and creates a peer to peer network. You could best analogies this by saying it’s a Cisco DMVPN but for clients not routers. This accomplished things no port forwarding or vpn client can without a very high end and IT heavy approach.
That said, I don’t see why you’d try to integrate it with guacamole. Just run ZeroTier on the client machine. I do ZeroTier, tightvnc server, and put a guacamole server on that ZeroTier network. Done. Also have ZeroTier on a Windows RDS server on that network. No need to integrate them all together, they already work great this way. Also, the ZeroTier install is dead simple. There is no server, every device is just a client and there are packages and installers for pretty much anything so it’s very easy. On Wed, Dec 20, 2017 at 12:37 AM Mike Jumper <mike.jum...@guac-dev.org> wrote: > On Tue, Dec 19, 2017 at 4:13 PM, brian mullan <bmullan.m...@gmail.com> > wrote: > >> I'm not sure what the advantages of integrating ZeroTier & Guacamole >> might be? >> >> Speaking from a networking perspective (I am CCIE # 1143).. you can >> already implement Guacamole with NGINX etc and a Certificate from the likes >> of LetsEncrypt to have HTTPS encrypted connection to the Guacamole Server >> and RDP is encrypted to the end-server whether that is Windows or XRDP on >> Linux. >> >> ZeroTier would give you a Layer 2 or Layer 3 VPN capability but what >> exactly would you need that for in regards to remote desktop capability >> unless it was for other personal or enterprise purposes besides the remote >> desktop use? >> >> Just curious. >> > > I would also like clarification on these points. I'm trying to give this > thread the benefit of the doubt, but it has an uncomfortably spammy feel, > and I don't currently see the relevance to Guacamole. > > I'll be happy to stand corrected if anyone can describe why such a thing > would be an improvement over straight Guacamole, but until then I rather > feel like I'm being marketed at. The justification that it provides > additional security seems strained given that (1) you can achieve the same > with a reverse proxy and (2) requiring a VPN client to use Guacamole would > neuter the ability to connect with a browser alone. > > - Mike > >
