Differences between ZeroTier and Tailscale

网上基本上没人说这两个有什么差别，其实实际使用的时候区别还是蛮大的。

先说结论，ZeroTier用的是私有协议，Tailscale用的是WireGuard。但是ZeroTier有点像玩具，Tailscale更完善。

ZeroTier

ZeroTier 是一种虚拟局域网解决方案，它可以将不同地点的设备连接到同一个网络中，如同它们处于同一物理网络。

Tailscale

Tailscale 是一种基于 WireGuard 的 VPN 解决方案，可以安全地连接您的设备和应用，无需复杂的防火墙配置。

协议以及网络结构

ZeroTier使用的是私有协议，Tailscale使用的是WireGuard。ZeroTier和Tailscale都提供自定义中继服务器，分别是MOON和DERP服务器。
在网络结构上，ZeroTier是一个P2P网络，Tailscale是一个Mesh网络。

连接稳定性(最大区别)

Tailscale的稳定性比ZeroTier要好的多。

• Tailscale在网络中，如果对其他节点没有数据交互，会设置为idle状态，在开始数据交换，会先由DERP服务器进行中转，同时开始尝试进行NAT穿透。对于客户端，可以通过tailscale status命令来查看连接状态。
• ZeroTier在网络中，默认会尝试对所有节点进行连接，并直接进行NAT穿透。ZeroTier的MOON服务器会在连接不稳定的时候，自动进行中转。对于客户端，可以通过zerotier-cli peers命令来查看连接状态。

但是ZeroTier的MOON服务器只提供UDP中继，默认不提供TCP中继！
如果要使用TCP中继，需要自行编译源代码并且配置，非常麻烦。
而UDP中继在国内网络环境下，基本上不可用的，这就导致如果显示为REPLYING的节点，基本上无法连接。

这就导致了ZeroTier中，如果双方有任意一方在较差的网络环境下，连接会非常不稳定，甚至无法连接。而Tailscale则不会出现这种情况。

穿透NAT(速度)

ZeroTier的私有协议在穿透NAT方面做得非常好，Tailscale的WireGuard没有ZeroTier好。

安全性

都差不多，对普通人没啥区别。

Basically, no one on the internet talks about the differences between these two, but the distinction is quite significant in actual use.

First, the conclusion: ZeroTier uses a proprietary protocol, while Tailscale uses WireGuard. However, ZeroTier is a bit toy-like, while Tailscale is more mature.

ZeroTier

ZeroTier is a virtual LAN solution that can connect devices from different locations into the same network, as if they were on the same physical network.

Tailscale

Tailscale is a WireGuard-based VPN solution that securely connects your devices and applications without requiring complex firewall configuration.

Protocol and Network Architecture

ZeroTier uses a proprietary protocol, while Tailscale uses WireGuard. Both ZeroTier and Tailscale allow for custom relay servers, namely MOON and DERP servers.
In terms of network architecture, ZeroTier is a P2P network, whereas Tailscale is a Mesh network.

Connection Stability (The Biggest Difference)

Tailscale is significantly more stable than ZeroTier.

• In Tailscale’s network, if there is no data exchange with other nodes, the connection is set to an idle state. When data exchange begins, traffic is first relayed through the DERP server while simultaneously attempting NAT traversal. On the client side, you can use the tailscale status command to check the connection status.
• In ZeroTier’s network, it attempts to connect to all nodes by default and performs NAT traversal directly. ZeroTier’s MOON server automatically relays traffic when the connection is unstable. On the client side, you can use the zerotier-cli peers command to check the connection status.

However, ZeroTier’s MOON server only provides UDP relay and does not offer TCP relay by default!
To use TCP relay, you need to compile the source code and configure it yourself, which is very troublesome.
Under typical network conditions in China, UDP relay is basically unusable, which means nodes showing as REPLYING are often unreachable.

This results in ZeroTier connections being very unstable or even failing when either party is in a poor network environment, while Tailscale does not have this issue.

NAT Traversal (Speed)

ZeroTier’s proprietary protocol excels at NAT traversal, while Tailscale’s WireGuard is not as good as ZeroTier in this regard.

Security

They are similar, and for the average user, there is no significant difference.