About ZeroTier

Published by powerfulyang on Dec 2, 2022

Route to LAN on Windows

https://www.reddit.com/r/zerotier/comments/sbbfuj/layer_3_route_to_lan_on_windows/

https://www.reddit.com/r/zerotier/comments/f5pa84/zerotier_is_great_however_creating_a_bridged/

  1. Add a managed route in ZeroTier for the subnet you will be accessing via the Windows host
  2. Network & internet => Related settings/More network adapter options, right click network and click properties option and choose sharing tab
  3. Allow other network users to connect..., choose your zerotier network
  4. Add firewall rules on the Windows host to allow the traffic

Moon server

Create moon server

  1. Create moon template
bash
1cd /var/lib/zerotier-one
2zerotier-idtool initmoon identity.public > moon.json
  1. Update moon template and modify stableEndpoints property
bash
1vim moon.json

set your vps ip here

property
1"stableEndpoints": [ "your_ip_addr/9993" ]
  1. genearte signature and you will get a file like 00000xxxx.moon
bash
1zerotier-idtool genmoon moon.json
  1. open TCP/9993 and UDP/9993 on the firewall
  2. Create moons.d directory in zerotier installed directory(/var/lib/zerotier-one)
bash
1cd /var/lib/zerotier-one
2mv 00000xxxx.moon(which you genearte in last step) moons.d
  1. restart zerotier
bash
1systemctl restart zerotier-one

Client join moon server

  • Method 1. The id is id value in moon.json
bash
1zerotier-cli orbit <id> <id>
  • Method 2. Create moons.d directory in your zerotier installed directory, copy 00000xxxx.moon into moons.d and restart zerotier service

after above all actions, you can use command zerotier-cli listpeers to check: role column has moon value.

bash
1[root@server5 ~]# zerotier-cli listpeers
2200 listpeers <ztaddr> <path> <latency> <version> <role>
3200 listpeers 0cccb***** 35.236.*.*/64393;110;10726 327 1.6.3 LEAF
4200 listpeers 3a46f***** 185.180.*.*/9993;110;757 -1 - PLANET
5200 listpeers 3ed7c***** 39.97.*.*/9993;172;79 32 1.6.3 MOON
6200 listpeers 4f838***** - -1 - LEAF
7200 listpeers 62f86***** 50.7.*.*/9993;110;4796 351 - PLANET
8200 listpeers 778cd***** 103.195.*.*/9993;5148;4887 253 - PLANET
9200 listpeers 992fc***** 195.181.*.*/9993;10161;4921 226 - PLANET
10200 listpeers 9d2b5***** - -1 - LEAF

搭配 OpenWrt 食用的一些额外操作

  1. 在 OpenWrt 管理后台找到 ZeroTier 管理页面,填写 ZeroTier Network ID,勾选自动允许管理客户端 NAT 和启用,保存并应用。
  2. 设置完并启用了 ZeroTier 后,点击“网络” > “接口” > “添加新接口”,新接口的名称 随意填写(为了方便填写为:zerotier),新接口的协议 选择 DHCP 客户端,包括以下接口 选择以太网适配器: "xxxxxxx" (可以通过 ssh 进入到 OpenWrt 系统使用 zerotier-cli listnetworks 获取网卡名, 一般一眼就能认出来是一串随机字母数字组合)
  3. 在 ZeroTier 接口内选择防火墙设置,将 创建/分配防火墙区域 选择为 不指定或新建,可以在输入框输入你想起的名字 (为了方便填写为: zerotier)
  4. 接着点击“网络” > “防火墙” > “添加”,名字随意,只需要将 入站数据出站数据转发 全部选择接受,覆盖网络 选择命名为 zerotier 的接口,允许转发到目标区域 选择为 lan 口
  5. 做完上面的步骤,另外设置好 ZeroTier 官网上的授权管理就可以开始使用了。