Hetzner DIY Private Networking with Tinc

Use WireGuard[1] instead. It&#x27;s way faster than Tinc and other userland VPN implementations. I&#x27;ve been using it for the same purpose as the author of the article and it has been rock solid - not a single issue during almost two years. Setup and configuration is a breeze[2].<p>[1] <a href="https:&#x2F;&#x2F;www.wireguard.com&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.wireguard.com&#x2F;</a> [2] <a href="https:&#x2F;&#x2F;github.com&#x2F;hobby-kube&#x2F;guide#wireguard-setup" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;hobby-kube&#x2F;guide#wireguard-setup</a><p>Edit: Benchmarks on Hetzner Cloud (1vCPU, 2GB)<p><pre><code> $ iperf3 -c kube1 Connecting to host kube1, port 5201 [ 4] local 10.0.1.2 port 57622 connected to 10.0.1.1 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 77.2 MBytes 647 Mbits&#x2F;sec 79 1.37 MBytes [ 4] 1.00-2.00 sec 78.8 MBytes 661 Mbits&#x2F;sec 0 1.51 MBytes [ 4] 2.00-3.00 sec 81.2 MBytes 681 Mbits&#x2F;sec 0 1.62 MBytes [ 4] 3.00-4.00 sec 85.0 MBytes 713 Mbits&#x2F;sec 134 1.20 MBytes [ 4] 4.00-5.00 sec 80.0 MBytes 671 Mbits&#x2F;sec 0 1.28 MBytes [ 4] 5.00-6.00 sec 77.5 MBytes 651 Mbits&#x2F;sec 0 1.33 MBytes [ 4] 6.00-7.00 sec 88.8 MBytes 745 Mbits&#x2F;sec 0 1.37 MBytes [ 4] 7.00-8.00 sec 73.8 MBytes 619 Mbits&#x2F;sec 0 1.39 MBytes [ 4] 8.00-9.00 sec 78.8 MBytes 661 Mbits&#x2F;sec 0 1.41 MBytes [ 4] 9.00-10.00 sec 80.0 MBytes 671 Mbits&#x2F;sec 0 1.42 MBytes</code></pre>

You can achieve something similar with Hetzner&#x27;s recently introduced &quot;vSwitch feature&quot;. Works across their different DCs, which is nice. Some docs here: <a href="https:&#x2F;&#x2F;wiki.hetzner.de&#x2F;index.php&#x2F;Vswitch&#x2F;en" rel="nofollow">https:&#x2F;&#x2F;wiki.hetzner.de&#x2F;index.php&#x2F;Vswitch&#x2F;en</a><p>I&#x27;ve been using ZeroTier to give a common backplane to my Hetzner servers, DO droplets and AWS instances.

&gt; Normally you only get one public IP and no private interfaces.<p>From my understanding, this statement is not quite correct, as Hetzner allows you to set up VLANs:<p>&gt; With the vSwitch feature, you can connect your dedicated root servers in multiple locations to each other using VLAN via the administration interface Robot.<p>You probably still want to encrypt the traffic passing through those VLANs.<p>They also offer the option to install custom hardware, so you might even be able to get a second NIC connected to your own private switch.

Isn&#x27;t the point of DO&#x27;s private networking that you don&#x27;t need to encrypt the traffic? Or is it just internal, but not private?

What about Zerotier with Hetzner?