I am using ZeroTier on Starlink's CGNAT. It works occasionally, but not always. Often having to toggle zerotier on and off to log in. But many times it just says retrying and doesnt log in. The bigger issue is how zerotier throttles my speed. On DMSS PTZ movements are fast and streaming is smooth. With Zerotier neither is the case. Are there any alternatives for Starlink that would be an improvement? I am not concerned with security level as I am just managing wildlife cameras at a farm. Speed and reliability is most important.
Alternative to ZeroTier?
- Thread starter jzobel
- Start date
I use MagicVPN feature on Unifi routers from Ubiquity..
4 networks on 4 different ISP in 2 countries, 2 of them on LTE/5G with CGNAT and no public IP..
This is P2P solution, cloud is used only to find other routers in internet...
Works like magic...
Simply select which networks from which routers should be connected..
As You see below, 2 routers/networks are on private IP from CGNAT...
ps. this solution require Unifi routers (like UCG-Ultra) on all sides...
techspecs.ui.com
ps2. I didn't tested this on starlink...
4 networks on 4 different ISP in 2 countries, 2 of them on LTE/5G with CGNAT and no public IP..
This is P2P solution, cloud is used only to find other routers in internet...
Works like magic...
Simply select which networks from which routers should be connected..
As You see below, 2 routers/networks are on private IP from CGNAT...
ps. this solution require Unifi routers (like UCG-Ultra) on all sides...
UniFi Cloud Gateway Ultra - Tech Specs
Compact Cloud Gateway with 30+ UniFi device / 300+ client support, 1 Gbps IPS routing, and multi-WAN load balancing.
ps2. I didn't tested this on starlink...
I like this. A lot. Would be easy. But I have friends who also like to log in and view the wildlife cameras on their phones. Not sure how this would be possible.
OK - primary question:
does this solution is only for VIEWING one camera installed on remote site?
if yes, then why You need any VPN?
Does Dahua P2P don't work over starlink?...
You can give access to anyone using DMSS, simply giving camera serial number and user/pass with viewing permissions...
ps2. unifi routers have also Teleport feature for mobile/desktop clients...
You install unifi app (wifiman, on google/Apple Store) and then in unifi router console generate for each VPN client unique link, which must be "clicked" in web browser on each device with wifiman... this link installs VPN permissions for specified mobile/desktop, which allows to connect to specific router/network...
this solutions also works over p2p so router can be hidden after CGNAT...
You install unifi app (wifiman, on google/Apple Store) and then in unifi router console generate for each VPN client unique link, which must be "clicked" in web browser on each device with wifiman... this link installs VPN permissions for specified mobile/desktop, which allows to connect to specific router/network...
this solutions also works over p2p so router can be hidden after CGNAT...
I'm using the free edition of Team Viewer and getting along with it fine. I don't have any comparisons to make, so this isn't so much a recommendation as it's something to try. The biggest annoyance is that it nags you to buy the non-free version.
biggen
Known around here
- May 6, 2018
- 2,691
- 3,065
Flintstone61
Known around here
+1 Tailscale. Works automagically!
I just tested with Starlink Mini. I can VPN into my entire home network and stream live video from my OTA antenna HDHomeRun box.
I just tested with Starlink Mini. I can VPN into my entire home network and stream live video from my OTA antenna HDHomeRun box.
Sounded good to me until I saw that you need to use an account from a list of places I avoid.
I have a few properties that we all use for remote viewing, we dont even need to record. So it is really nice to use the BI App on phones since it is so easy to swap between servers. DMSS while not as good as BI does indeed work great. BUT each property has multiple cameras with a Hikvision in the mix that can only use IVMS-4200, it has no P2P. Despite being a $8000 Thermal/Color PTZ. ZeroTier is so close to perfect, but the throttling of the speed is a deal killer. Nothing worse than laggy controls on a PTZ with 45X. I have heard about Tailscale but seems very similar to Zerotier and wonder if they throttle too. Also read about wireguard, but not sure I can handle that setup. I am a hardware guy, not as strong with software.
Your performance issues with Zerotier are likely due to it deciding to "relay" the traffic through a zerotier-operated server.
Tailscale may or may not have the same issue. It is certainly worth a try.
I would also make sure IPv6 is enabled and working at the location that is using Starlink and at any locations that want to connect to your cameras. I think most cellular providers have IPv6 enabled without you having to do anything (however whether it will work properly or not is anyone's guess). Once IPv6 is enabled at both ends, Zerotier and/or Tailscale may be able to use it to establish a more reliable direct link than they can through CGNAT (which is an IPv4-only thing).
If the above does not yield satisfactory results, there are many other things you could do.
If you are nerdy enough, you could run your own relay service for Zerotier or Tailscale in a cheap or free cloud VM (have a look at Oracle Cloud -- they have a great free tier)
* TCP Relay | ZeroTier Documentation
* DERP servers · Tailscale Docs
Or you could run a more traditional VPN server like Wireguard on a cloud server, connect everybody to that, and use it to route traffic between VPN clients.
I see from your post history that you use Blue Iris, which means all the remote viewing traffic actually goes through a single TCP port using HTTP(S) which means there are a few more options that don't require you and your friends and family to run any kind of VPN software on viewing devices:
Tailscale may or may not have the same issue. It is certainly worth a try.
I would also make sure IPv6 is enabled and working at the location that is using Starlink and at any locations that want to connect to your cameras. I think most cellular providers have IPv6 enabled without you having to do anything (however whether it will work properly or not is anyone's guess). Once IPv6 is enabled at both ends, Zerotier and/or Tailscale may be able to use it to establish a more reliable direct link than they can through CGNAT (which is an IPv4-only thing).
If the above does not yield satisfactory results, there are many other things you could do.
If you are nerdy enough, you could run your own relay service for Zerotier or Tailscale in a cheap or free cloud VM (have a look at Oracle Cloud -- they have a great free tier)
* TCP Relay | ZeroTier Documentation
* DERP servers · Tailscale Docs
Or you could run a more traditional VPN server like Wireguard on a cloud server, connect everybody to that, and use it to route traffic between VPN clients.
I see from your post history that you use Blue Iris, which means all the remote viewing traffic actually goes through a single TCP port using HTTP(S) which means there are a few more options that don't require you and your friends and family to run any kind of VPN software on viewing devices:
- For very light traffic, you could use a Cloudflare Tunnel and the free proxying capability available with Cloudflare DNS. Be aware it is against their terms of service to use it this way for media streaming, but for minimal usage they won't notice.
- You could run your own cloud server with Zerotier, Tailscale, or Wireguard to provide a tunnel to Blue Iris. Then add your choice of HTTPS reverse proxy software on the cloud server to proxy the traffic to Blue Iris. This way clients connect directly to the cloud server as if it was running Blue Iris itself.
Last edited:
I guess your option is to go Jason Bourne and use burner phones.
