I manage a largely fixed set of devices, and decentralization is important to me. While Zerotier makes new devices very simple to set up, it makes me uncomfortable that anyone who compromises Zerotier’s servers is able to read all of the traffic over my network (for instance, by modifying routing rules to insert their own peer as a man in the middle for all traffic) and negate all of my devices’ firewalls. While both of these can be worked around with some firewall rules and nesting SSH tunnels through Zerotier, that workaround comes at an unacceptable cost in performance and convenience.
I’m not interested in self-hosting my own network controller due to availability issues, plus the fact that it doesn’t fix the fundamental centralization problem discussed above.
What I really want is a local config file where I can declaratively specify a list of peers by their ztaddr, altogether removing the need for Zerotier Central’s authentication service. Is this possible without patching the client?