Digging unconventional and mesh VPNs
4 min read

Digging unconventional and mesh VPNs

You could name them as you wish: mesh network, flat network, overlay network...
Digging unconventional and mesh VPNs

We thought we were out of the VPN business news as we finally chose a good provider that we will stick with. But a post from ArsTechnica grabbed us in one more time a few months ago. We have been digging these unconventional VPNs for days. Now guess what the newsletter is about ?

What do we call traditional VPN in this post? Well, we assume that a traditional VPN is a one way link between your device and a server. We do not care that this server is commercial (stick with Mullvad, IVPN, OVPN, AzireVPN or ProtonVPN), do-it-yourself (AlgoVPN, Outline by Jigsaw), or a company managed one.

In this post, we will introduce you to new kinds of VPNs that start to emerge (and will rise with the Wireguard 1.0 version implemented in the Linux Kernel 5.6). Most of them work on distributed conception and one with two way links. Below you will find a list of VPN with our comments (not exhaustive and partials/biaised).

Tinc VPN - Geek attitude

The old one (created in 1997 !), for geeks on Linux.

Mesh Networking: OK

Works great but very slow development. Currently in 1.0, users are waiting for the 1.1 but it is not sure that it will ever exist.

SoftEther VPN

An Open-Source Free ​Cross-platform Multi-protocol VPN Program,
as an academic project from University of Tsukuba, under the Apache License 2.0.


VpnCloud is a simple VPN over UDP. It creates a virtual network interface on the host and forwards all received data via UDP to the destination. VpnCloud establishes a fully-meshed VPN network in a peer-to-peer manner. It can work on TUN devices (IP based) and TAP devices (Ethernet based).

ZeroTier - Messy but promising

Very similar to Nebula but ZeroTier does the lighthouse work for free (see below the Nebula description). The idea is to decentralized the acquisition of the data on the Internet. Without any custom setting, the more you add devices to your network, the more location your Internet data will come from.

Be aware that the project seems a bit amateur. As we are writing this newsletter, the v2 is still under development (and announce very soon for months). We stay positive with this project because of its potential and because Anorak announced an investment in ZeroTier December the 2nd.

ZeroTier Cie is registered in California (USA).

Conclusion: we will check their development as the actual version is a bit too technical for us. We would have loved to create our own tunnel to route all our traffic through one device. It is possible but we did not manage it.


Work only between computers (no smartphone). Very simple VPN, free for less than 5 computers.

Two-way links. You install Hamachi on your computers and then, you can access to their LAN from anywhere. For our setup, through the home PC we can access the Home setup, through the company server we can access to the professional LAN ... It is very convenient if you have remote people or traveling crew.

Of course, it can be used for development, video games, ...

Nebula - The new boy in town

Slack introduced Nebula like the open source global overlay network.

Slack does not have a good reputation about crypto-enthousiasts. Remember that the Slack tools does not offer end-to-end encryption. In 2019, it is a no-go for many people. But it is build as a working tool, not a functionality of their infrastructure. They built it to be secure, using a well-known crypto in it (the same protocol that Signal). Furthermore, they added Nebula to their bug bounty program, which is very good for the project future.

(...) Nebula incorporates a number of existing concepts like encryption, security groups, certificates, and tunneling, and each of those individual pieces existed before Nebula in various forms. (...) Nebula (...) brings all of these ideas together, resulting in a sum that is greater than its individual parts.

Overlay Network, Flat Network and Mesh Network are very similar conceps that allow remote devices to be part of a local network, or two local networks to become one. Nebula is not a VPN for anonymity but security, performance and use cases.

Nebula is similar to ZeroTier but works with mobile devices. For the iOS version, it is only a prototype at the time we are writing this newsletter. In comparison with ZeroTier, you have to get your own Lighthouse for your network to operate.

(...) research modern best-of-breed encryption strategies (...) the Noise Protocol Framework, created by Trevor Perrin, co-author of the Signal Protocol, which is the basis of Signal Messenger.

For now, we see Nebula as the best in class software. ZeroTier appears a bit "amateur" in comparison. As we wrote above, ZeroTier got $2.000.000 funding and are preparing a version 2 of their solution. It may compete better with the Nebula bomb.

As it is very new, it is really difficult to find some wiki or tutorials. If anyone create one, please tell us.

We cannot help ourself to think that the name is a reference to the Star Wars spin-off Rogue One.


As this newsletter is aging without being published, the public release of Tailscale is the launching point for this newsletter.

Tailscale is clearly taking off very well. It is a mesh network that will allow people and companies to create local network with devices all around the world. The product is visually efficient and rely on Wireguard 1.0.  They are still missing some features but the backbone of the software seems robust. The solution is developped by former Google employees.

We will not write more about Tailscale but we strongly believe in their development.






Tinc VPN






SoftEther VPN

Enjoying these posts? Subscribe for more