[Support] spikhalskiy - ZeroTier


Recommended Posts

Application Name: ZeroTier

Application Site: https://www.zerotier.com/

Docker Hub: https://hub.docker.com/r/spikhalskiy/zerotier/

Github Docker: https://github.com/Spikhalskiy/zerotier-unraid-docker

Templates Repo: https://github.com/Spikhalskiy/docker-templates

 

Zerotier is an open source, cross-platform virtual LAN / VPN available on Android, iOS, Mac, Windows, Linux.

It allows remote access to devices as if they all reside in the same local network.

All traffic is encrypted end-to-end and takes the most direct path available for minimum latency and maximum performance, using VPN-like connections.

Up to 100 devices for free, no need for port forwarding, very simple setup.

 

Network and the docker image setup steps:

  1. Create a Zerotier account https://my.zerotier.com/ and create a Network there.
  2. Ensure that "Managed Routes" section of your network settings DOESN'T include the subnet of IPs that is used in your local networks. You can check FAQ at the end of the post for more information.
  3. Get an ID of the created network (looks something like b4da7454b271902c).
  4. Install this docker image on your unRaid using a template or from Community Applications and put that ID as a NETWORK_ID parameter of the container. Start the container.
  5. Go to "Settings -> Network Settings -> Routing Table" and find the name of your zerotier gateway. It will have "zt*[0-9]" format, like "ztyouzqvq5".
  6. Go to "Settings -> Network Settings -> Interface Extra" and add zerotier gateway name to "Include listening interfaces".interfaces.thumb.jpg.6bf71d1c2096c521d09490bede78521e.jpg
  7. Go to https://my.zerotier.com/network/<NETWORK_ID> to “Members section” area. Check “Auth” checkbox for the new device. Assign a meaningful name to it, copy an IP from "Managed IPs" column - it will be a static IP of your NAS in your virtual network.
  8. Install a Zerotier client to your laptop/phone/other devices, join a network with the same id and repeat the previous step for them.
  9. IP addresses that you found on the step 7 can be used to remotely access corresponding hosts from other devices connected to your virtual Zerotier network. 

 

Now, when you connect Zerotier on any of your devices - a VPN connection will be set up and all connected devices will be available like they are in the same network. SMB shares/TimeMachine will be autodetected, UIs will be accessible on <ip from the step 4>:<usual port>.

 

Post an issue

If you post about an issue, it will be helpful if you open a console of the docker from webGui, run and include in your post an output of the following commands:

zerotier-cli info
zerotier-cli listnetworks
zerotier-cli listpeers

 

Clean reinstall

If you want to make a clean installation and start setup from scratch - don't forget to cleanup config directory which is "/mnt/user/appdata/zerotier/zerotier-one" by default. It contains an identity of your Zerotier node and generated certificates.

 

FAQ

Q: Should I change "Managed routes" on https://my.zerotier.com/network/<NETWORK_ID> to reflect my unRaid internal IP and subnet in a real physical network?

Managed_Routes_1.png.bf456d06a8b53d307d50dbe5c1c1f4af.png

 

A: No, ZeroTier creates a virtual network adapter to use in ZeroTier network. If your home IP range is 192.168.1.0/24 and ZeroTier by default selected "10.147.17.*" for example for you managed IPs - it's totally fine. Even opposite, if ZeroTier "Managed routes" intersect with your physical local IPs - change the Zerotier Managed routes range to be different - there was a reported problem with accessing the server remotely if this rule is violated.

Edited by Dmitry Spikhalskiy
Add screenshot for interfaces configuration
  • Like 5
  • Thanks 1
  • Upvote 1
Link to comment

After setting the NETWORK_ID and starting the container, it does not appear as a member under the zeroTier network.

 

Installing zeroTier on my laptop and mobile does create the necessary members.

 

Anything more I need to do in the container settings or perhaps a way to manually add a member (requires node ID) ?

 

Thanks for creating this docker container, it looks very promising.

 

Link to comment

@bonienl Nope, it should be enough. Just set NETWORK_ID and start the container, after that your host should appear in your network hosts (without Auth flag setup). It could be less likely affected by your NAT type and more by your host setup. If you need help to debug what's going wrong - let's try to start with the simplest thing, could you open a console for this docker and post an output of 

./zerotier-cli info
./zerotier-cli listnetworks
./zerotier-cli listpeers

You will likely want to remove your specific network id from the output and replace it with some placeholder.

 

Also, you could try to make your network "None (Public Network)" in zerotier control panel for a moment and try to start the container with this setup just to remove any potential authorization questions.

Edited by Dmitry Spikhalskiy
Link to comment

This is the output

/ # ./zerotier-cli info
200 info c1421b3ccb 1.2.4 ONLINE

/ # ./zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>

/ # ./zerotier-cli listpeers
200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 8841408a2e 2001:19f0:6800:83a4:0000:0000:0000:0064/9993;5749;5722;1.00 232 1.1.5 PLANET
200 listpeers 9d219039f3 2a03:b0c0:0002:00d0:0000:0000:007d:0001/9993;745;726;1.00 266 1.1.5 PLANET

There are no networks listed

 

Edited by bonienl
Link to comment

Thanks for the quick response. 

When I do a manual join, I get access denied

/ # ./zerotier-cli join xxxxxxxxxxxxxxxx
200 join OK

/ # ./zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks xxxxxxxxxxxxxxxx  62:81:eb:a9:69:bf ACCESS_DENIED PRIVATE zt0 -
  

 

  • Like 1
Link to comment

@RSQtech yeah, but how it's related and what you are going to find there? There is no need to enable "Enable default route" on Zerotier on your phone. If you don't do this - Zerotier doesn't affect anything you see in online "whats my ip" services. It's not a regular VPN that tunnels whole phone traffic thru some server and changes your public IP for google. Zerotier by default does it only with "managed IPs".

If you want to check if everything works - better just open https://my.zerotier.com/network/<NETWORK_ID>, find NAS in your device list, take an IP of your NAS and open a web browser on your phone with that IP and your regular webGui port - 80 by default. If you got webGui authentication window - you good. Also, you may try to skip IP lookup and just use the .local hostname of your unRaid - it usually works too.zerotier_panel.thumb.png.c54ba38ceb4a95f5459e41188272bf1b.png

 

ios_zerotier.thumb.png.e1401c0205bdd276600cad8f22dc3615.pngauth.png

 

Edited by Dmitry Spikhalskiy
Link to comment

I have looked over my network details and found the network range was wrong ( 192.168.192.0/24 was what was showing... I changed it to 192.168.1.0/24) but when i connect my phone  to the zerotier app it still will not see local ip's on the netwrok.

Link to comment

@RSQtech This is interesting! Looks like you were able to connect all devices to Zerotier network.

I didn't get where did you make this change "192.168.192.0/24 was what was showing... I changed it to 192.168.1.0/24". It doesn't sound right and as something that you should do.

Did you try to make Zerotier Managed addresses exactly same as your physical local network addresses? If you did - I think it's not a good idea. If your local network addresses (where unRaid are) in 192.168.1.x - select something else! Address that your device will have in Zerotier network should be different from its address in a physical local network and it should be on another subnet.

1218049657_Screenshot2018-06-0717_34_36.thumb.png.4374ec00e3d34aff145b237b500c4236.png

 

The address of my unRaid in a physical local network is 10.0.0.43, in a Zerotier one - 10.147.17.49

Edited by Dmitry Spikhalskiy
Link to comment

I think I can work with that.. I think my biggest issue is that I am just not familiar with this type of stuff.... my background is in Emergency Medicine and i do the tech stuff as a relief from all the drama i deal with daily. When would you be available to help?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.