Zerotier Tutorial: Delivering the Capabilities of VPN, SDN, and SD-WAN via an

#1

This software is quite amazing and so far really lives up to the claims on their web site.
https://www.zerotier.com/

2 Likes
#2

I’m still confuse between the difference of SD-WAN and VPN, I hope someone can elaborate it to me.

#3

@LTS_Tom Just to confirm your statement about zero problems with pf-Sense. Would like to see Zerotier have their code audited might even help their sales. Going to take a stab at building with a colleague. Thanks for tracking innovation of the better kind. By the way Linus Tech Tips did a short post about gaming on Linux and promoted POPOS as gaming ready.

#4

Here is an interview with the founder, they appear to be doing very well.

#5

Like Adam’s business ethics. Well thought out approach. Well I now know what I’m doing this weekend. How did you find Zerotier?

#6

I googled open source SD-WAN solution

#7

Hi Tom,

after seeing your video i have set up the zerotier on the freenas… seems to working fine.

can access the webgui and also the shares while on different network away from home also from a different continent…but the file transfer speeds are awful… not sure this is related to software not being optimised …? the network speeds are resonable though.,!

have you played with freenas and zerotier… you did say in your video you will be doing on synology …but you never mentioned freenas…

#8

@LTS_Tom I saw your live stream yesterday that people have been asking about Zerotier on pfSense. I found this video https://www.youtube.com/watch?v=t0L_C7_LUgY you’ll have to turn up the volume, the guy who posted it speaks very quietly. It’s from two years ago, not sure if it still works as shown.

#9

They have a github, but it has not been updated in a year. It’s not officially supported on pfsense or endorsed by the pfsense dev team so I will not be loading it. https://github.com/ChanceM/pfSense-pkg-zerotier

#10

I wanted to cover a few things not in the first video so I made this today: “ZeroTier VS VPN and A Look At The Data Stream With Wireshark.”

#11

This looks like a great way to help secure an RDP session without having to go through the trouble of setting up a VPN server.

1 Like
#12

someone already request to implement this on pfsense.

https://redmine.pfsense.org/issues/9238

and the target version is 2.5.0, looking forward to able use this with my pfsense baby.

#13

Has anyone tried to use Zerotier on Unifi USG (smaller SMB Customers with Telco NAT) or even manage endpoints through hosted SolarwindsMSP ?

Interested in hearing your thoughts?

#14

I’ve been running ZeroTier for a couple years for different clients. Found out about it on Spiceworks.

#15

I setup a layer 2 bridge in my homelab using Zerotier to my datacenter. I set it up with an Asus 4 port router with DD-WRT on it. I put it together to create a use case for a client of mine. The idea is to layer 2 bridge all remote sites and default route the internet out of the datacenter. This way we only pay for the fancy firewall UTM features with layer 7 filtering in the data-center and no longer at the remote offices. Its almost been 8 months and its still working solid.

https://zerotier.atlassian.net/wiki/spaces/SD/pages/7438339/Layer+2+Bridging+with+LEDE+OpenWRT

2 Likes
#16

Here is the guide on setting up the bridge in linux:

https://zerotier.atlassian.net/wiki/spaces/SD/pages/7471125/Layer+2+Bridging+of+Ethernet+and+ZeroTier+Networks+on+Linux

Once we get ready for production we will load it on some quality hardware.

1 Like
#17

I built the Zerotier plugin for pfSense and got it to work for simple ping and remote management but my limited skills in route management and bridging a ZT 10.10.0.0/24 into my local 192.168.0.0/20 lan resulted in crashing both ends and full re-install of pfsense to re-gain access to the gui… (yes I tried all the recovery console options, and thank god for configuration backups!) Fyi as far as i can tell the unofficial zerotier plugin DOES BREAK RECOVERY!!! Just a heads up to anyone else who tries this make backups and have OS disk handy…

#18

What about Tinc VPN?

#19

I set up zerotier on my little ‘personal cloud’ of ~10 physical machines and vps’es, just to see what worked and not. When one node in a conversation was a routeable address, it was good. It works over IPv6 too. With both nodes behind different NATs, with plain iptables masquerade, it sometimes worked, sometimes 50% loss depending on the health of the relay servers.

I did find some strange behaviour, though. One of the machines I installed it on is the Linux machine that is my home router. It IS a bit unusual, in that it has IPv4, IPv6, about 14 VPN links, and runs policy routing with multiple tables (example: My ISP blocks tcp/25 outbound, so that is routed out over a vpn to a vps, which NATs the vpn networks ‘behind’ it).

On the networks behind the home router (multiple vlans), when zerotier is running, I see very strange ARP requests that don’t belong on there. The router is ARPing for addresses such as
107.191.46.210 root-bob-par-01.zerotier.com
131.255.6.16 root-alice-arg-01.zerotier.com
10.4.1.1 this is a lan address on a remote router
100.82.210.245 this is the wan address of the router that has 10.4.1.1
even though the network is a /24 and does not include the above addresses.

zerotier must be doing this directly; The kernel doesn’t generate ARP on interfaces unless the address is within a network on that interface. And these ARP requests are also sent on the wan interface: No one there will answer them or notice them - with the exception of the ISPs monitoring…