Featured image of post S(z)etting up your private networks with ZeroTier

S(z)etting up your private networks with ZeroTier

This is where ZeroTier comes in, being a SD-WAN (Software Defined Wide Area Network) it doesn't depend on new hardware, it can just be set up using whatever

At Vectops we use a combination of different technologies for different purposes. Ranging from homelabs, to full-blown multinational production systems that our staff works on during office hours (sometimes beyond office hours). We’ve tested and use daily different ways to connect to private infrastructures, ussually through a VPN connection.

This is where ZeroTier comes in, being a SD-WAN (Software Defined Wide Area Network) it doesn’t depend on new hardware, it can just be set up using whatever you already have, as long as you have more than one machine. Take into account that your phone counts :). This is basically a P2P network that only your devices can access.

ZeroTier’s virtual networks are defined by it’s creators as:

ZeroTier virtual networks are like chat rooms for machines. Just create virtual networks, join them from your devices and systems, approve authorization for the things you’ve added, and you’re done! Advanced features like our network rules engine help you manage your networks like a pro, and automatic end-to-end encryption keeps everything private and secure.

Registering

To be able to use ZeroTier you need to register on their website, this is so you can control the P2P network: ZeroTier. Click on Login and then Register:

Register

After you register and confirm your email, you could purchase a subscription since the service doesn’t allow more than 100 devices on the free plan, also there’s no support if you’re not paying. That’s just how the world works, even though the service is free, people need to be paid for their work.

Let’s get started.

Creating Networks

You need to create a network for your machines (and phone) to connect, click on Networks and then on Create a Network. Take into account that even using the free plan you still get to be able to create unlimited networks here.

The network creation is immediate, it comes with a Network ID and a random name:

Empty Network

This network can be Private or Public.

Private networks are the safest way to go around, but also mean you have to make a couple of clicks per machine you add to the network.

Public networks allow anyone with the network ID to connect to it and be authorized.

Afterwards, you can set up the actual network.

Setting up the network

IPv4 ranges can be selected from the network control panel, it comes with the Auto-Assign from range option pre-selected and a random range selected too. Note that all of these ranges are private IPs, you can’t see them outside of your ZeroTier network. Since you’re using the free plan there’s no actual reason to use anything more than a /24 range, select one, in this case: 192.168.195.x:

Network Ranges

These ranges also come with an established route, if you would like to change them you could do so as well.

In the case of IPv6 you can also Auto-Assign the IPs, depending on what you need you could use:

  • ZeroTier RFC4193 (/128 for each device)
  • ZeroTier 6PLANE (/80 routable for each device)
  • Auto-Assign from Range

Now to the machines:

Setting up our peers

We’re going to use a couple of examples here so you can see how to set up different machines on different OS’s, although ZeroTier’s documentation is pretty complete about it:

Linux machine

Make sure you have curl and gpg installed. Most modern distros come with gpg, but not always curl. Depending on your linux distro just use your package manager to install these. Once installed run this command:

curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi

There’s another method to install the client, daemon services, and repository but it doesn’t check for cryptographic signatures and relies fully on SSL, just a simple script:

curl -s https://install.zerotier.com | sudo bash

After the script is done just join the node with the zerotier-cli using your network ID:

zerotier-cli join d3ecf5726d62e220

And finally, authorize it from your control panel by checking on the checkbox that appears on your panel with the node ID (This node ID is shown on the terminal when the installation process finishes)

Android phone

Yes, we’re including this because not everyone has more than one machine and not everyone wants to create VMs and some people need a connection straight to their laptops or desktop machines from their phones:

Go on the Play Store and search for ZeroTier, install it and join a network, pretty easy, pretty straightforward.

Oh and don’t forget to authorize the phone.

Final set up

There’s no final set up, just go ahead and connect to your devices, doesn’t matter if you’re on the same Wifi or on a different country, as long as the machine as an internet connection you should be able to get to it.

Don’t forget to fill the names and/or description fields on the control panel for the machines, else you’re gonna have a bad time after it gets to more than a couple machines.

Good Luck!

© 2019 - 2024 Vectops
Built with Hugo