Zerotier Tutorial: Delivering the Capabilities of VPN, SDN, and SD-WAN via an Open Source System

This was wonderful. As a regular user I had tried several times to understand what ZT actually was with no luck. Your way of teaching this was awesome.

Just when I thought I had reached the end of the internet, Tom shows up with open source SD-WAN - BRILLIANT!

ZeroTier is really awesome. I use it to backup data from my main synology nas to an offsite synology nas. It runns now without any issue for about six or seven months.

This video was fantastic. An excellent overview of the product that really helped to ease any fear I had of implementing this at work. Keep up the great work!

I did install ZeroTier on both my two PCs and RDP'ed the "server" (one of the PCs I designated as a server), and it worked flawlessly.

Very very very good stuff. Huge fan of the depth-level of this video. Very accessible.

Great information! I cant believe this service has gone under my radar for so long!

Informative, concise and straightforward.

Omg! Ty!! Installed on my servers :D now can watch my videos from anywhere

Wow! Like you, Tom.... I cannot believe I did not see this before now. I am anxious to see if this will solve my problems of needing stuff from my desktop when I am not in the same room or even the same house

I'd love to see a review/setup with the pfsense package! Your channel is so informative and I've been sparked by innovation in my homelab and at work by your videos. Thanks!

Hi Tom, another great video thank you! A follow up, or perhaps one for the how they got hacked series...securing this, and preventing backdoors using zero tier. Guess as long as endpoint security is tight, but what about BYOD networks? Best explanation that I’ve seen of exact benefits of SD-WAN though!

This video helped me understand sdwan so much better.

Thanks for all the info! Excellent video.

That's another awesome video here. Thanks for sharing!

Very nice video. Looks awesome and also open source. Thanks for sharing.

Thanks for your videos Tom. I learn a lot from it and I wish I can start a company like yours.

Damn... I never heared of that and it is awesome! Thanks for sharing this!

Thank you. Very nice review here . I was looking for a replacement of Hamachi and I have found it with some very well detailed explanations .

This is really excellent software that I hadn't heard of before, thank you for bringing attention to it as I really have some great use cases for this.

Thanks a lot for this video. This will help me a lot.

Thanks for sharing this pretty cool.

great clear video! awesome product from zerotier

Freaking awesome tutorial. Thank you as always for sharing your knowledge with us all 😀

Thank you so much I’ve been wanting something like this so bad but don’t remember what for now

Awesome! I’m going to have to try this 😀

Great explanation and demo of Zerotier. Been meaning to look into this. Full-mesh network any-to-any, the possibility of setting up your own planet server, can create multiple Zerotier interfaces (perhaps we can use 'ZTI)' to connect to multiple networks, central console, and the possibility to control flows. Need to find out if it is possible to route other networks through a single ZTI, my guess is it would be.

це магія!!! дякую!

Would you consider creating a video to set this up for a site-to-site between two PfSense or Opnsense routers? Thanks.

awesome dea , nice explanation

This is awesome!

It looks a lot like VoIP "hairpinning", in regards to connecting clients directly together. I currently use OpenVPN, and don't really "need" this, but from a network maintenance perspective it could be useful to have an "always on" SSL encrypted path back to the office. Definitely worth a look, thanks!

ZeroTier is absolutely fantastic, 50 endpoint's configured with access rule's, traffic inspection setup using TEE, run your own moon using a Docker command in about 30 seconds, it's speed limit seems to be around 500MPBS which is more than enough, stable, can jump around on IP's, and OPEN SOURCE!

From the perspective of an MSP I think this would be amazing. Right now we have to setup a VPN on a lot of different devices and types of devices. It seems like this would allow us to manage those connections from a single user interface and save a lot of resources if clients want to connect. A level 1 help desk could do this instead of a level 3 at the request of a client. I agree with comments about personal devices though. Those devices would have to pass a security audit before being able to join and the client would have to sign a waiver.

This is so cool!!!

Hi Tom,
Started using open tier for 2 customers and I have to say it been fantastic. Thanks buddy.

I use the hell out of this.
Even have it installed on my OPNsense router
so I don't have to have the client on all my devices behind LAN
Bridged :)

شكراً لكم

awsome,thank you

looks amazing

Great video! thanks didnt know about this:)

Ohhh so it's basically a free open source version of Hamachi! Wow... Remember Hamachi?

thx for the video :-)

This system would be perfect for off-site back-up systems!

Fantastic ...

Hi Tom, Nice presentation. Since you made Digitalocean a host in Zerotier network, can you manage your UniFi APs telling them that their Digitalocean Controller is now reachable and can be adopted using Zerotier lan ip address instead ? Thanks for your reply.

Hi Tom, excellent video. Thumps up. Your work is great indeed.
I have a small query. Will zerotier works on Freenas as well. I wanted to have backup freenas on a different location to replicate my office Freenas.

Great info relayed in an easy understandable format, keep up the good work, it's very much appreciated. I like the idea of the simplicity of Zerotier but there is no mention of the complexity of introducing multiple gateways on a client and then the extra routing required for applications etc ?...you don't have this issue with a straight forward VPN. ?

I've tried zerotier and it is rather slick, especially being essentially zero config. There are some issues though:
1. Constant Chatter. Due to using UDP whole punching to traverse NAT, keepalive packets are always sent. About 22MB a day which could be a problem for IOT LTE devices. It also means poor battery life on mobile.
2. Connections get dropped. Around 20%of my ping packets get dropped.
3. Constant background connections to root servers. Stopping the Mac menubar app doesn't shut down the interface. These connections exist to keep it warm.
3. VPN is simple. If you just need to log in to your network from the road, I'd recommend VPN for now.
4. Zerotier is really good if you don't have access or control over the router/NAT or you want to connect two mobile devices.

Nice video! can you make a video showing how to set rules ?

as I have no clue about the technicality of this, jz wondering..can I use this to make the game connection faster. I always did wonder what the things to look at when configuring my network.

Excellent tutorial, I learned about this product here first.

Since this "service" passes some or even all traffic thru the "planet" mothership...how can you be assured that the content is secure? Also since you mention "SDWAN" how resilient are their planet server(s)? And if I wanted to deploy my own MOON server is there a dependency on the planet or is the moon server strictly part of a self contained constellation?

how does zerotier integrate network logins and file shares?

I've been wanting to setup some OPNSense boxes with Zerotier clients and then run OSPF between them to setup a DMVPN type of alternative and see how the performance is. Has anyone had any experience with this?

is there any way to bridge to local network adapter to zero tier adapter so we can access our local resources just like vpn?

Powerful, but also scary. OMG, this creates a huge security hole for any networks as soon as any devices (with Internet access) behind the periphery fence have this installed and connected to that external network. I don't know what to think of this.

Nebula which Slack open sourced is worth looking at as well

Tom, can't thank you enough for this video. Nearly locked myself into a 2 year SDWAN contract for management of my network. Is there somewhere we can donate to your channel? Can't sit in my chair right now!

I wish to preconfigure a UDP-PRO for my brother's home network so it can be as much plug and play as it can be. Then I want to remotely configure it. I also need to put a copy of the existing (on a PC at his location) Unifi config on it. Can ZeroTier be used to accomplish this?

Can you please make a tutorial on how to make a ZeroTier Moon Root Sever on Linux or FreeNAS.

Well is there a way to get a client or a subnet attached to a router (lan side) which is on my ZT network to be forwarded through ZT to another router (client router to server router) which is also on my ZT network, and then out the internet of the server router. I am trying to mimmick what I do through wireguard. Same concept (wireguard not on the client PC itself) . Then if possible want to compare the speed/throughput between them.

I wish pfsense would already have this part of their package.

Sir, where is the plug-in located?

does anyone know if this will work behind a CGNAT ISP

OPNsense have a plugin for Zerotier.

any help setting one up for free i looked at source code but not sure what to do there is no you tube videos on this any help would be appreciated

Hello, thanks for the video, I didn't know about Zerotier and I'm going to try it out. But I was curious about the software you used for network diagramming. What is the name of the software?

is it possible to link win 10 pc to unraid server ( different networs (

Architecture like DNS pinhole poked as and when with the clients doing the heartbeat back to the planet to map and handshake? This seem simple but brilliant. Like a shadow network anywhere with pretty much idiot proof config. Is it really this easy?

Sounds cool what program do you use to make that visual example?

Installed last night on a couple ubuntu machines (two on LAN, one at DO). Really high latency, ssh session appeared unresponsive many times. Is this where my own moon server would come in handy? I didn't forward udp/9993 on any routers.

What software are you using for the network map? Been looking for something like that!

Why would I want to share my data with with some untrusted third party with this software, when I can just run ospf over openvpn, wireguard or IPSec?

damn, they used to offer 10 clients for free, fast forward to 2023 and it's only 25 now, still plenty for home users tho.

Thanks for another great video Tom and it seems like a great project! However, I checked out the release notes and after a flurry of point releases the last activity was in July 2018. The pre-order for the Edge points to an expired Indegogo campaign and the Synology packages are only for DSM 6.1. I'm wondering what your thoughts are of Zerotier being supported enough that it can actually be used outside of lab experiments or for a home network? I can think of numerous use cases for production environments so I'm hoping this project has legs.

Thanks to you, I now have a nice SDN toy to play with.
I saw the tweet from #freenas who loved the video. I tested it on 2 linux distros and a win64 machine

Is this also how synology’s Quickconnect works?

i was wandering about what to do about auto connecting Linux clients after reboots for persistence like cron job or does it have built in auto run options

Had to open UDP port 8384 to make it work.

You ve mentioned that one of the services that zerotier would be good would be for server apps. If that app runs on the server with an ip address for instance 192.168.1.100 and all clients joined together with a virtual ip of a different subnet like 10.10.1.0/24 then none of the clients would be able to run that server app.
Also if you configure in the zerotier network the ip assigment to be in the 192.168.1.0/24 scope then how wouldnt there be a conflict if that server hosting the app would be a DHCP server also and giving ip's to the clients of the same 192.168.1.0/24 ???? Weird question i know
PS I think that for the above to work a solution (at least I didnt find any other way) would be to define to the server-app side an automated DHCP scope 192.168.1.50 - 99 for the clients at the office leaving for example the scope 192.168.1.10 - 49 for the remote clients in order to avoid the conflict. Of course in zerotier situation you dont make the server-app oc a zerotier server but you add that pc also to the network which is different from other solutions ........ but still if the virtual segment is different from the local one I dont get how the remote clients going to access the server app.

Loving zerotier except on one point, puching DNS servers is still not an optionmakes it quite hard to work with AD.

Have you tried a direct integration into pfsense? Maybe use pfsense / ZeroTier DIY controller too?

I want to use Windows 10 vm (Unraid) with quickbooks database server (at my home) and have users be able to connect to it remotely just as if it were on the local network. Would zerotier be capable of that?

Anyone else having difficulty with this app on windows machines? Cuz I can connect them to the network no problem but trying to ping it or actually using it to play a LAN game doesn't work, I can use my main Linux machine to ping all other operating systems but Windows but the windows machine can ping to my linux and other devices and get something back I even allowed zerotier through the windows firewall but still does not work at all.

Hi I have OpenVPN running on Untangle, whilst I appreciate this is different, I am struggling to see what advantage it would have for a simple 'access home' scenario. I guess the point of this is to have multiple devices connecting from multiple locations? Is there any advantage to me installing it on a server rather than running openVPN? (the price is certainly right)

Can Zerotier work for Voip?

Really wish PFSense would integrate seamlessly

It's here some chance run zerotier from FreeNAS jail? 😉

Which ports are needed on a fully locked down firewall?

So you're connecting individual devices to an overlay network, and you have to install a 3rd party client on each device? This seems limited in usefulness. Can you not bridge entire networks? I don't see how this "delivers the capabilities of VPN" Am I missing something?

I wish pfSense implements this soon like OPNsense.

Should I use this instead of OpenVPN?

Can this be integrated into a PFSENSE box ?

One big thing i use with zerotier is bridge mode so i can have one server that bridge all my home network devices on that specific vlan. So not every device need to have a client installed. zerotier.atlassian.net/wiki/spaces/SD/pages/7471125/Layer+2+Bridging+of+Ethernet+and+ZeroTier+Networks+on+Linux

Like flexiwan SD WAN

Only was half listening and not watching as I'm at work (Shhh... Don't tell the boss!), But... How would this work as a 'replacement' for a OpenVPN setup for getting a remote user (Android phone) connected to a FreePBX server so it can make and receive calls?
Long story short, and I will ask in the forums, I'm looking for a way to connect my Android phone to my FreePBX server for calls, but don't really want *ALL* traffic from my phone to go through a VPN. I'm in an area with crappy DSL service and don't want to add a hurdle I don't need.

i just tried to set this up. but when i tried to join on by ubuntu server i got.... miss authentication token and authtoken.secrets

It's not opensource anymore :(

Free is now 25 devices not 100