Thanks, this is a really good point, I can try to replace the identity provider! I did not realized that cockroachDB was only a Zitadel requirement! There are many great alternatives for mesh VPNs, netmaker, nebula, and headscale as you mentioned and all of them are much lighter. I ended up hosting netbird as it is natively able to traverse my corporate NAT (maybe headscale could do it as well, I did not try it since I do not like having to configure registry keys on windows clients and losing the kernel wireguard speed on linux clients) .