I have a fairly simple network at the moment: two servers behind a NAT; two laptops; an android phone; a desktop behind a NAT opnsense router, that opnsense router, which is behind CGNAT; and a cloud VPS, acting as a gateway.
Due to the CGNAT, any devices behind the opnsense router (double NAT) end up having to relay to the two servers, and kills performance – UPnP should fix this, but I haven’t been able to get opnsense working quite right with it, and there are other times I end up double NAT or behind a highly restrictive NAT and have to relay regardless.
From what I understand, the proper answer would be to make my own moons that are closer to my physical locations. It would be nice to just enable my gateway to be a moon, but it explicitly says in the documentation that moons should not join networks and the like. Why is that? If nothing else, Zerotier means I don’t have to open ports in the firewall of my cloud VPSs, which I adore from a management perspective, so I am hesitant on setting up moons if I can’t have them join the rest of the network so I can remotely manage them over my ZT network.
One of the only missing features that Tinc seems to have over ZT is that it can relay between any nodes in the network and not just moons or planets. I know I could accomplish something like this with OSPF or other dynamic routing protocols, but running that on end device clients like laptops and phones is untenable. Is there a better solution I am missing here?