ZeroTier Configuration
ZeroTier One is an open source software product which establishes Peer to Peer VPN (P2PVPN) connection between laptops, desktops, phones, embedded devices, cloud resources, and apps.
Introduction
This article contains step-by-step instructions on how to set up and manage a Zerotier network network using Teltonika-Networks devices alongs with other equipment.
Setting up a ZeroTier network
- Go to https://my.zerotier.com/login and log in or create an account if you haven't already.
- Open the 'Networks' tab and click the 'Create a Network' button.
- Click the newly created network to begin configuration.
- Before configuring anything else, you may want to set up some basic settings.
- Copy the Network ID; you will need it later for ZeroTier node configuration.
- Optionally, set up a name and description for your network for easier management.
- Select 'Private' access control type; unless you want nodes to connect freely, without authorization.
- Scroll down to find the 'IPv4 Auto-Assign' section. Select one of the provided private IP ranges for your network or click 'Advanced' and set up the range manually. For this example we'll be using the 10.147.17.* selection which means our network will be using the 10.147.17.0/24 IP range.
The last step concludes the ZeroTier network configuration. However, you may want to modify to the settings based on your specific requirements, but the network will function without any additional settings.
The next step is configuring members (aka nodes) for our ZeroTier network.
Node configuration
Zerotier nodes or members are clients that can connect to a ZeroTier network. This section provides information on how to configure ZeroTier nodes on different types of machines.
Teltonika-Networks device
- Log in to your device's WebUI, and navigate to the Services → Package Manager page.
- Find the ZeroTier package in the list and install it.
- Navigate to the Services → VPN → ZeroTier page and create a new ZeroTier configuration.
- Enter a custom name for the configuration.
- Click 'Add'.
- Click the 'Edit' button next to the newly created configuration.
- Complete the configuration.
- Turn the configuration on.
- Paste the ZeroTier Network ID into the 'Networks' field.
- Click 'Save & Apply'.
Windows device
- Download and install ZeroTier for Windows from https://www.zerotier.com/download/.
- Look to the Windows taskbar and perform these actions:
- Click 'Show hidden icons'.
- Right-click the ZeroTier icon and click 'Join Network...'
- Look to the Windows taskbar and perform these actions:
- Paste the ZeroTier Network ID.
- Click 'Join'.
Android/Apple iOS device
- Open the 'Google Play Store' or the 'App Store' depending on your mobile device.
- Find the 'ZeroTier One' app and install it.
- Open the application and configure it as follows.
- Click the plus symbol.
- Enter the ZeroTier Network ID.
- Click 'Add Network'.
- Enable the connection to this network by moving the slider next to it.
- In the 'Connection request' pop-up click 'OK' to confirm the connection.
- After you have authorized the new member (your phone), the status indication at the bottom of the screen should turn to 'Online'.
Node authorization
When Access Control is set to 'Private', you will have to approve new nodes manually from the ZeroTier dashboard before they can become members of the network.
To do this, simply scroll down to the 'Members' section and:
- Place check marks next to nodes you wish to authorize.
- Additionally, you may want to add names and descriptions for your nodes to make it easier to differentiate between them.
Private network access
If you have configured ZeroTier in accordance with these instructions, your topology may look something like this:
For this routing example, let's assume that we want to provide access to the 192.168.1.0/24 network behind the Teltonika device to your other ZeroTier nodes. There are several ways you can accomplish this.
ZeroTier routing
- Go ZeroTier Central and find the 'Managed Routes' box in the 'Advanced' section.
- Add the following route.
- Specify 192.168.1.0/24 as the destination.
- Specify 10.147.17.23 (Teltonika device ZeroTier IP) in the 'via' field.
- Click 'Submit'.
Configuring it like this will make the entire 192.168.1.0/24 network accessible to other ZeroTier nodes via the Teltonika device's ZeroTier IP address. To configure a route to a single IP address instead, you can specify the address with a /32 netmask:
Port forwarding
- Enter your Teltonika device's WebUI and navigate to the Network → Firewall → Port Forwards page.
- Find the 'Add New Port Forward' section and add rule such as this:
- Enter a custom name for the rule.
- Select zerotier as the external zone.
- Enter an external port number for listening for incoming connections.
- Select lan as the internal zone.
- Enter a device's IP in the local network.
- Enter a device's listening port number.
- Click 'Add'.
- Since this configuration concerns port 80, the default HTTP port, configuring it like this would eliminate WebUI access to the Teltonika device over the ZeroTier network. To maintain that access, consider using a different external port: