Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:vpn:zerotier [2024/09/28 08:41] – [Basic Configuration] andrewzdocs:guide-user:services:vpn:zerotier [2024/10/18 14:51] – [Basic Configuration] andrewz
Line 10: Line 10:
  
 ===== Basic Configuration ===== ===== Basic Configuration =====
-  * Create the virtual network on [[https://my.zerotier.com|Zerotier Central]]. Note the //Network ID//. +  * Create virtual network on [[https://my.zerotier.com|Zerotier Central]]. Note the //Network ID//. 
-  * Add the virtual network to the Openwrt zerotier config (the section name ''my_zt_net'' is arbitrary, you can consistently replace it with whatever label you want)+  * Add virtual network to the OpenWrt zerotier config (the section name ''my_zt_net'' is arbitrary, you can consistently replace it with whatever label you want) 
 + 
 +For ZeroTier version 1.14.0 or older:
 <code> <code>
 uci delete zerotier.sample_config uci delete zerotier.sample_config
 uci add zerotier my_zt_net uci add zerotier my_zt_net
-uci add_list zerotier.my_zt_net.join=<network_id_from_zerotier_central>+uci add_list zerotier.my_zt_net.join=<network_id>
 uci set zerotier.my_zt_net.enabled='1' uci set zerotier.my_zt_net.enabled='1'
 uci commit zerotier uci commit zerotier
 service zerotier restart service zerotier restart
 </code> </code>
-  * When a new virtual network is joined, a secret will be generated, which may take a while. When it's finished, the secret will be saved in /etc/config/zerotier, and the device will join the virtual network. + 
-    * Typical communication with Zerotier peers will happen on UDP port 9993, and no additional configuration is needed for an out-of-the-box router configuration.+For ZeroTier version 1.14.1 or newer:  
 +<code> 
 +uci set zerotier.global.enabled='1' 
 +uci delete zerotier.earth 
 +uci set zerotier.my_zt_net=network 
 +uci set zerotier.my_zt_net.id=<network_id> 
 +uci commit zerotier 
 +service zerotier restart 
 +</code> 
 + 
 +  * When a new virtual network is joined, a //secret// will be generated, which may take a while. When it's finished, the //secret// will be saved in ''/etc/config/zerotier'', and the device will join the virtual network. 
 +  * Typical communication with Zerotier peers will happen on port 9993/udp, and no additional configuration is needed for an out-of-the-box router configuration.
   * To use the virtual network, the device must be authorized on Zerotier Central by clicking the "Auth?" box next to the device under Members   * To use the virtual network, the device must be authorized on Zerotier Central by clicking the "Auth?" box next to the device under Members
-  * Device connectivity can be seen by using the "info" command:+  * Device connectivity (or ONLINE status) can be seen by using the "info" command:
 <code> <code>
-zerotier-cli info+root@OpenWrt# zerotier-cli info 
 +200 info xxxxxxxxxx 1.14.0 ONLINE
 </code> </code>
   * Some services (eg dropbear, luci) may need to be reconfigured to allow access from the new Zerotier virtual interface. The easy way is to un-restrict them from specific networks/interfaces.   * Some services (eg dropbear, luci) may need to be reconfigured to allow access from the new Zerotier virtual interface. The easy way is to un-restrict them from specific networks/interfaces.
     * For dropbear (allow access from anywhere, potentially unsafe):     * For dropbear (allow access from anywhere, potentially unsafe):
 <code> <code>
-cat /etc/config/dropbear +root@OpenWrt# cat /etc/config/dropbear
  
 config dropbear config dropbear
Line 37: Line 51:
 </code> </code>
  
-**You must reboot here OpenWRT before continue otherwise the `ztXXXXXXXX` interface won't be created.**+:!: You must reboot OpenWrt router at this point otherwise ''ztXXXXXXXX'' network device won't be created. 
 + 
 +After reboot get the device name using your 16-digit Network ID: 
 +<code> 
 +root@OpenWrt# zerotier-cli get {network_id} portDeviceName 
 +ztXXXXXXXX 
 +</code> 
 + 
 +Alternatively run ''zerotier-cli listnetworks'', that will give you more details.
  
 <code bash> <code bash>
Line 44: Line 66:
 uci set network.ZeroTier=interface uci set network.ZeroTier=interface
 uci set network.ZeroTier.proto='none' uci set network.ZeroTier.proto='none'
-uci set network.ZeroTier.device='ztXXXXXXXX' # Replace ztXXXXXXXX with your own ZeroTier interface name+uci set network.ZeroTier.device='ztXXXXXXXX' # Replace ztXXXXXXXX with your own ZeroTier device name
  
 # Configure firewall zone # Configure firewall zone
  • Last modified: 2024/10/18 14:58
  • by andrewz