Dmitry Spikhalskiy Posted June 4, 2018 Share Posted June 4, 2018 (edited) Application Name: ZeroTier Application Site: https://www.zerotier.com/ Docker Hub: https://hub.docker.com/r/spikhalskiy/zerotier/ Github Docker: https://github.com/Spikhalskiy/zerotier-unraid-docker Templates Repo: https://github.com/Spikhalskiy/docker-templates Zerotier is an open source, cross-platform virtual LAN / VPN available on Android, iOS, Mac, Windows, Linux. It allows remote access to devices as if they all reside in the same local network. All traffic is encrypted end-to-end and takes the most direct path available for minimum latency and maximum performance, using VPN-like connections. Up to 100 devices for free, no need for port forwarding, very simple setup. Network and the docker image setup steps: Create a Zerotier account https://my.zerotier.com/ and create a Network there. Ensure that "Managed Routes" section of your network settings DOESN'T include the subnet of IPs that is used in your local networks. You can check FAQ at the end of the post for more information. Get an ID of the created network (looks something like b4da7454b271902c). Install this docker image on your unRaid using a template or from Community Applications and put that ID as a NETWORK_ID parameter of the container. Start the container. Go to "Settings -> Network Settings -> Routing Table" and find the name of your zerotier gateway. It will have "zt*[0-9]" format, like "ztyouzqvq5". Go to "Settings -> Network Settings -> Interface Extra" and add zerotier gateway name to "Include listening interfaces". Go to https://my.zerotier.com/network/<NETWORK_ID> to “Members section” area. Check “Auth” checkbox for the new device. Assign a meaningful name to it, copy an IP from "Managed IPs" column - it will be a static IP of your NAS in your virtual network. Install a Zerotier client to your laptop/phone/other devices, join a network with the same id and repeat the previous step for them. IP addresses that you found on the step 7 can be used to remotely access corresponding hosts from other devices connected to your virtual Zerotier network. Now, when you connect Zerotier on any of your devices - a VPN connection will be set up and all connected devices will be available like they are in the same network. SMB shares/TimeMachine will be autodetected, UIs will be accessible on <ip from the step 4>:<usual port>. Post an issue If you post about an issue, it will be helpful if you open a console of the docker from webGui, run and include in your post an output of the following commands: zerotier-cli info zerotier-cli listnetworks zerotier-cli listpeers Clean reinstall If you want to make a clean installation and start setup from scratch - don't forget to cleanup config directory which is "/mnt/user/appdata/zerotier/zerotier-one" by default. It contains an identity of your Zerotier node and generated certificates. FAQ Q: Should I change "Managed routes" on https://my.zerotier.com/network/<NETWORK_ID> to reflect my unRaid internal IP and subnet in a real physical network? A: No, ZeroTier creates a virtual network adapter to use in ZeroTier network. If your home IP range is 192.168.1.0/24 and ZeroTier by default selected "10.147.17.*" for example for you managed IPs - it's totally fine. Even opposite, if ZeroTier "Managed routes" intersect with your physical local IPs - change the Zerotier Managed routes range to be different - there was a reported problem with accessing the server remotely if this rule is violated. Edited August 25, 2023 by Dmitry Spikhalskiy Add screenshot for interfaces configuration 5 1 1 Quote Link to comment
Dmitry Spikhalskiy Posted June 4, 2018 Author Share Posted June 4, 2018 RESERVED Quote Link to comment
bonienl Posted June 5, 2018 Share Posted June 5, 2018 After setting the NETWORK_ID and starting the container, it does not appear as a member under the zeroTier network. Installing zeroTier on my laptop and mobile does create the necessary members. Anything more I need to do in the container settings or perhaps a way to manually add a member (requires node ID) ? Thanks for creating this docker container, it looks very promising. Quote Link to comment
Dmitry Spikhalskiy Posted June 5, 2018 Author Share Posted June 5, 2018 (edited) @bonienl Nope, it should be enough. Just set NETWORK_ID and start the container, after that your host should appear in your network hosts (without Auth flag setup). It could be less likely affected by your NAT type and more by your host setup. If you need help to debug what's going wrong - let's try to start with the simplest thing, could you open a console for this docker and post an output of ./zerotier-cli info ./zerotier-cli listnetworks ./zerotier-cli listpeers You will likely want to remove your specific network id from the output and replace it with some placeholder. Also, you could try to make your network "None (Public Network)" in zerotier control panel for a moment and try to start the container with this setup just to remove any potential authorization questions. Edited August 19, 2019 by Dmitry Spikhalskiy Quote Link to comment
bonienl Posted June 5, 2018 Share Posted June 5, 2018 (edited) This is the output / # ./zerotier-cli info 200 info c1421b3ccb 1.2.4 ONLINE / # ./zerotier-cli listnetworks 200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips> / # ./zerotier-cli listpeers 200 listpeers <ztaddr> <path> <latency> <version> <role> 200 listpeers 8841408a2e 2001:19f0:6800:83a4:0000:0000:0000:0064/9993;5749;5722;1.00 232 1.1.5 PLANET 200 listpeers 9d219039f3 2a03:b0c0:0002:00d0:0000:0000:007d:0001/9993;745;726;1.00 266 1.1.5 PLANET There are no networks listed Edited June 5, 2018 by bonienl Quote Link to comment
Dmitry Spikhalskiy Posted June 5, 2018 Author Share Posted June 5, 2018 (edited) @bonienl Ok cool, join to network didn't go right. What about a result of manual input ./zerotier-cli join <NETWORK_ID> Edited June 5, 2018 by Dmitry Spikhalskiy Quote Link to comment
bonienl Posted June 5, 2018 Share Posted June 5, 2018 Thanks for the quick response. When I do a manual join, I get access denied / # ./zerotier-cli join xxxxxxxxxxxxxxxx 200 join OK / # ./zerotier-cli listnetworks 200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips> 200 listnetworks xxxxxxxxxxxxxxxx 62:81:eb:a9:69:bf ACCESS_DENIED PRIVATE zt0 - 1 Quote Link to comment
Dmitry Spikhalskiy Posted June 5, 2018 Author Share Posted June 5, 2018 @bonienl And it's a good result! After getting this state you need to go to your control panel and setup the Auth flag for the new host, you should see it now. Quote Link to comment
bonienl Posted June 5, 2018 Share Posted June 5, 2018 I added this member manually (using the node ID given in info), and now it works Thanks for helping out. 1 Quote Link to comment
Dmitry Spikhalskiy Posted June 5, 2018 Author Share Posted June 5, 2018 (edited) @bonienl Thank you for debugging! Will add this way in the instruction for guys who got an issue and will try to replay your flow on the evening and maybe address it better. Edited June 6, 2018 by Dmitry Spikhalskiy Quote Link to comment
Dmitry Spikhalskiy Posted June 6, 2018 Author Share Posted June 6, 2018 (edited) [Update] Update to the docker image has been posted that addresses the problem of initial join reported above Edited June 6, 2018 by Dmitry Spikhalskiy Quote Link to comment
RSQtech Posted June 7, 2018 Share Posted June 7, 2018 So I have done all the steps above and have gotten the server assigned but when i try to connect my phone i get what you see in the picture. Quote Link to comment
Dmitry Spikhalskiy Posted June 7, 2018 Author Share Posted June 7, 2018 (edited) @RSQtech yeah, but how it's related and what you are going to find there? There is no need to enable "Enable default route" on Zerotier on your phone. If you don't do this - Zerotier doesn't affect anything you see in online "whats my ip" services. It's not a regular VPN that tunnels whole phone traffic thru some server and changes your public IP for google. Zerotier by default does it only with "managed IPs". If you want to check if everything works - better just open https://my.zerotier.com/network/<NETWORK_ID>, find NAS in your device list, take an IP of your NAS and open a web browser on your phone with that IP and your regular webGui port - 80 by default. If you got webGui authentication window - you good. Also, you may try to skip IP lookup and just use the .local hostname of your unRaid - it usually works too. Edited June 7, 2018 by Dmitry Spikhalskiy Quote Link to comment
RSQtech Posted June 7, 2018 Share Posted June 7, 2018 I have looked over my network details and found the network range was wrong ( 192.168.192.0/24 was what was showing... I changed it to 192.168.1.0/24) but when i connect my phone to the zerotier app it still will not see local ip's on the netwrok. Quote Link to comment
Dmitry Spikhalskiy Posted June 7, 2018 Author Share Posted June 7, 2018 (edited) @RSQtech This is interesting! Looks like you were able to connect all devices to Zerotier network. I didn't get where did you make this change "192.168.192.0/24 was what was showing... I changed it to 192.168.1.0/24". It doesn't sound right and as something that you should do. Did you try to make Zerotier Managed addresses exactly same as your physical local network addresses? If you did - I think it's not a good idea. If your local network addresses (where unRaid are) in 192.168.1.x - select something else! Address that your device will have in Zerotier network should be different from its address in a physical local network and it should be on another subnet. The address of my unRaid in a physical local network is 10.0.0.43, in a Zerotier one - 10.147.17.49 Edited August 19, 2019 by Dmitry Spikhalskiy Quote Link to comment
RSQtech Posted June 7, 2018 Share Posted June 7, 2018 I am just going to scrap it all and try again later Quote Link to comment
Dmitry Spikhalskiy Posted June 7, 2018 Author Share Posted June 7, 2018 @RSQtech Ok! don't forget to throw away identity config directory to make a clean setup. By default it's "/mnt/user/appdata/zerotier/zerotier-one". Quote Link to comment
RSQtech Posted June 7, 2018 Share Posted June 7, 2018 are you going to make a step by step guide or video for this in the future? Quote Link to comment
Dmitry Spikhalskiy Posted June 7, 2018 Author Share Posted June 7, 2018 @RSQtech I think that I already did it in the first post, to be honest. It's really always was that simple for me. If I find some potential complications, for example from your experience - sure, will think about it. Quote Link to comment
RSQtech Posted June 7, 2018 Share Posted June 7, 2018 I think it would be helpful if you did or at least teamed up with user SpaceInvafter One to mane a video tutorial Quote Link to comment
Dmitry Spikhalskiy Posted June 7, 2018 Author Share Posted June 7, 2018 @RSQtech I wouldn't personally mount videos likely, just not a fan activity for me at all. Adopt the first post guide to address user issues and different experiences and make it more clear - for sure. Can offer you a 5 minutes screen sharing call to show how to setup everything in exchange for your opinion, what is absent in the original guide, not a problem Quote Link to comment
RSQtech Posted June 7, 2018 Share Posted June 7, 2018 I think I can work with that.. I think my biggest issue is that I am just not familiar with this type of stuff.... my background is in Emergency Medicine and i do the tech stuff as a relief from all the drama i deal with daily. When would you be available to help? Quote Link to comment
Dmitry Spikhalskiy Posted June 7, 2018 Author Share Posted June 7, 2018 @RSQtech Cool! Will be at home in half a hour, just text me your skype/hangout/whatever contact in private message and when to call you. I’m in EST timezone. 1 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.