> Can the ZeroTier client create a tunnel without root access? That's the biggest weakness of WireGuard IMO.
No idea about ZeroTier, but you should be able to use WireGuard without root access using the userspace implementation in Go[0] (that's the one used in non-rooted Android phones, Windows, and maybe the BSDs)
> How do people access these servers off of their home network (or do they not?).
Wireguard, listening on the public IP with port forwarding, and using a dynamic dns client to ensure I can always connect even if the public IP changes.
> It seems like most residential ISPs don't provide a static IP and some block port 80?
Not the case here in my experience (Spain), but if you're fine being the only one with access you only need to forward the VPN port.
> I know Zero Tier, and Tailscale exist - but I don't really understand how they work
I only used ZeroTier a bit, but IIRC it was something like:
1) Create a new network in the ZeroTier One website
2) Download the ZeroTier client on your machine(s)
3) Enter the network ID
4) (optionally) authorize the device on the web UI
5) Now the device can connect to other ZeroTier peers on the network you created!
(So yeah, at least the "easy" way involves using their server, no need to selfhost it). Also this option should work without port forwarding.
I discovered it a few days ago and used the latest (1.0.19) version to boot the Linux Mint 20 iso and install it to my laptop without problems. Looks like there's also a "Tested ISO" page[0] on the official site.
• Apache: hosting a few websites and a personal (private) wiki.
• Transmission: well, as an always-on torrent client. Usually I add a torrent here, wait for it to download and then transfer it via SFTP to my laptop.
• Gitea: mostly to mirror third party repos I need or find useful.
• Wireguard: as a VPN server for all my devices and VPS, mostly so I don't need to expose SSH to the internet. Was really easy to setup and it's been painless so far.
> doesn't already have a way to sign, verify, encrypt and decrypt text.
I know it's not exactly that, but if anyone wants to use PGP in the browser with webmail clients, there's Mailvelope[0].
What I like about it is that you can use it with GnuPG as a backend[1], so I can sign and decrypt emails in the browser with an OpenPGP smartcard without importing private keys.
When I used Windows, to use an OpenPGP smartcard with SSH I used this smartcard-enabled fork of pageant[0]. According to the page it should also support Yubikeys.
The process was: launch sc-pageant.exe, insert smartcard in reader, and ready to connect with any SSH client with agent support.
However it is not open source and you have to register your key if you don't want to get an annoying popup from time to time (iirc it was 1€, but you could also email the developer if you were using an OpenPGP card).
One of the screenshots[0] shows the VMware Tools Service running, so yeah, looks like a virtualized guest.
[0]: https://signal.org/blog/images/cellebrite-dlls-loaded.png