ZeroTier has been growing fast! In addition to a much needed web face-lift we are pleased to announce an upcoming point release, continued progress toward our milestone version 2.0, and a pricing update that will help us have enough resources to meet the needs of our growing customer base while continuing to innovate and improve our products.
Since version 2.0 is taking longer than we hoped, we decided to back-port several of the most requested features to the 1.6 tree and offer these in an earlier release. These are:
DNS server management as part of virtual network configuration, allowing virtual networks to push DNS settings that apply when connected. (This is initially only implemented for the Windows and Macintosh platforms. We are studying how to best implement it for Linux, BSD, and others.)
Full multipath support with rapid failover and load balancing, allowing ZeroTier to be used as a full SD-WAN solution that can aggregate multiple ISP links for improved stability and performance.
A new AES-based mode of operation that has better security bounds than our old encryption mode, performs quite a bit better on CPUs with AES acceleration (which includes most CPUs made after 2010), and can be FIPS certified. Actual FIPS certification will have to wait for 2.0 due to other requirements, but our AES mode of operation means we are now using FIPS-compliant symmetric encryption algorithms and are most of the way there.
We expect this release to be available for beta testing very soon. Meanwhile we are continuing work on the next major release.
In addition to the features outlined above, the full version 2.0 release should include:
A fully re-written concurrent I/O path for higher performance on multi-core systems, eliminating the single core I/O bottleneck present in earlier versions.
A redesigned command line interface that is more powerful and easier to use.
A partial rewrite of packet encoding, decoding, and handling to reduce the amount of memory copying for higher performance and reduced memory bus overhead.
Easier deployment of self-hosted root servers.
A new identity type using both the existing Curve25519 and the NIST P-384 elliptic curve, with the latter being present to permit FIPS certification. Both curves are used together for key agreement in a construction that guarantees security equivalent to that of the strongest curve, meaning those with concerns about the security of NIST curves can rest assured that an attacker would also have to break Curve25519. Inclusion of a Curve25519 key in the new identity type also allows seamless backward compatibility with older type identities that use only Curve25519 key pairs.
Continuous ephemeral key re-negotiation for forward secrecy and generally improved security bounds.
ZeroTier’s revenue comes from two sources: licensing for certain types of commercial use, and hosted network controllers at my.zerotier.com. We have updated our pricing for the latter to improve our ability to receive revenue from business and power users of ZeroTier while retaining a free option for individuals and small teams. See our new pricing page for details.
Keep in mind that pricing for my.zerotier.com applies only to those using that service to host their networks. It remains possible to run your own network controller on your own systems and create as many networks with as many members as you want. This can be done free of charge as long as you’re not incorporating our code into a proprietary closed-source product.
As part of our web presence redesign we are working to improve our online community efforts. To replace our old community chat system we’ve added a new online discussion forum that makes it easier to search for related threads and contribute more substantial content. We’ve also increased our activity on Twitter and Reddit’s /r/zerotier forum, two popular areas where users learn about ZeroTier and ask questions.
We would like to thank all our users who have continued to support us and advocate for us over these five years. We could not have done this without you!
Note: In a previous version of this post, we numbered our upcoming ZeroTier release 1.4.8. After initial publication, we wanted to highlight the powerful features included in this version, and have renumbered this release to 1.6. The ZeroTier 1.6 beta will be available in late September 2020.