Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:zerotier [2024/09/03 08:36] – [Basic Configuration] Improved commands for a functional basic configuration. See https://github.com/mwarning/zerotier-openwrt/issues/124 ogarcia | docs:guide-user:services:vpn:zerotier [2024/10/18 14:51] – [Basic Configuration] andrewz | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Zerotier ====== | ====== Zerotier ====== | ||
| - | Zerotier creates a virtual network between hosts. You may refer to [zerotier-openwrt' | + | Zerotier creates a virtual network between hosts. You may refer to [[https:// |
| ===== Installation ===== | ===== Installation ===== | ||
| Line 10: | Line 10: | ||
| ===== Basic Configuration ===== | ===== Basic Configuration ===== | ||
| - | * Create | + | * Create virtual network on [[https:// |
| - | * Add the virtual network to the Openwrt | + | * Add virtual network to the OpenWrt |
| + | |||
| + | For ZeroTier version 1.14.0 or older: | ||
| < | < | ||
| uci delete zerotier.sample_config | uci delete zerotier.sample_config | ||
| uci add zerotier my_zt_net | uci add zerotier my_zt_net | ||
| - | uci add_list zerotier.my_zt_net.join=< | + | uci add_list zerotier.my_zt_net.join=< |
| uci set zerotier.my_zt_net.enabled=' | uci set zerotier.my_zt_net.enabled=' | ||
| uci commit zerotier | uci commit zerotier | ||
| service zerotier restart | service zerotier restart | ||
| </ | </ | ||
| - | | + | |
| - | * Typical communication with Zerotier peers will happen on UDP port 9993, and no additional configuration is needed for an out-of-the-box router configuration. | + | For ZeroTier version 1.14.1 or newer: |
| + | < | ||
| + | uci set zerotier.global.enabled=' | ||
| + | uci delete zerotier.earth | ||
| + | uci set zerotier.my_zt_net=network | ||
| + | uci set zerotier.my_zt_net.id=< | ||
| + | uci commit zerotier | ||
| + | service zerotier restart | ||
| + | </ | ||
| + | |||
| + | | ||
| + | * Typical communication with Zerotier peers will happen on port 9993/udp, and no additional configuration is needed for an out-of-the-box router configuration. | ||
| * To use the virtual network, the device must be authorized on Zerotier Central by clicking the " | * To use the virtual network, the device must be authorized on Zerotier Central by clicking the " | ||
| - | * Device connectivity can be seen by using the " | + | * Device connectivity |
| < | < | ||
| - | zerotier-cli info | + | root@OpenWrt# |
| + | 200 info xxxxxxxxxx 1.14.0 ONLINE | ||
| </ | </ | ||
| * Some services (eg dropbear, luci) may need to be reconfigured to allow access from the new Zerotier virtual interface. The easy way is to un-restrict them from specific networks/ | * Some services (eg dropbear, luci) may need to be reconfigured to allow access from the new Zerotier virtual interface. The easy way is to un-restrict them from specific networks/ | ||
| * For dropbear (allow access from anywhere, potentially unsafe): | * For dropbear (allow access from anywhere, potentially unsafe): | ||
| < | < | ||
| - | cat / | + | root@OpenWrt# |
| config dropbear | config dropbear | ||
| Line 37: | Line 51: | ||
| </ | </ | ||
| - | **You must reboot | + | :!: You must reboot |
| + | |||
| + | After reboot get the device name using your 16-digit Network ID: | ||
| + | < | ||
| + | root@OpenWrt# | ||
| + | ztXXXXXXXX | ||
| + | </ | ||
| + | |||
| + | Alternatively run '' | ||
| <code bash> | <code bash> | ||
| Line 44: | Line 66: | ||
| uci set network.ZeroTier=interface | uci set network.ZeroTier=interface | ||
| uci set network.ZeroTier.proto=' | uci set network.ZeroTier.proto=' | ||
| - | uci set network.ZeroTier.device=' | + | uci set network.ZeroTier.device=' |
| # Configure firewall zone | # Configure firewall zone | ||
| Line 62: | Line 84: | ||
| uci add firewall forwarding | uci add firewall forwarding | ||
| uci set firewall.@forwarding[-1].src=' | uci set firewall.@forwarding[-1].src=' | ||
| - | uci set firewall.@forwarding[-1].dest=' | + | uci set firewall.@forwarding[-1].dest=' |
| # Commit changes | # Commit changes | ||