ZeroTier Review
-
@johnhooks I activated the bridging functionality within ZeroTier when I created the network, and then authorized the client (at my destination network) to be a bridge, and then I set up the route on my remote ztClient.... I should probably draw it out, lol.
I did have to set up a Linux VM to get the routing to work right. Windows doesn't do routing without having to install RRAS, and I didn't feel like settingall that up (and I had a fresh Fedora VM with nothing on it anyway, lol)...
... |---(Llinksys, NAT)---- (public internet)--------------(remote client, 192.168.251.49/24, zt0)
(SITE A)--|
... |--(SITE A LAN, 192.168.10.0/24)--(192.168.10.10/24, eth0)--ztRouter(192.168.251.179/24, zt0)On my Linksys, I added a route to 192.168.251.0/24 via 192.168.10.10.
On the remote client, I added a route to 192.168.10.0/24 via 192.68.251.179 -
@dafyre said:
@johnhooks I activated the bridging functionality within ZeroTier when I created the network, and then authorized the client (at my destination network) to be a bridge, and then I set up the route on my remote ztClient.... I should probably draw it out, lol.
I did have to set up a Linux VM to get the routing to work right. Windows doesn't do routing without having to install RRAS, and I didn't feel like settingall that up (and I had a fresh Fedora VM with nothing on it anyway, lol)...
... |---(Llinksys, NAT)---- (public internet)--------------(remote client, 192.168.251.49/24, zt0)
(SITE A)--|
... |--(SITE A LAN, 192.168.10.0/24)--(192.168.10.10/24, eth0)--ztRouter(192.168.251.179/24, zt0)On my Linksys, I added a route to 192.168.251.0/24 via 192.168.10.10.
On the remote client, I added a route to 192.168.10.0/24 via 192.68.251.179Thanks so much for all of your help. I did get everything to work between my laptop and a VM. I didn't know if when I checked bridge on the web interface I had to bridge the zt0 and eth0 interfaces.
Took me a while to figure everything out. I could ping my eth0 ip for my laptop but nothing else. After much wailing and gnashing of teeth I realized I had set masquerading up incorrectly.
This might not work for the intended purpose since routing would have to be set up on the hospital side and they are most likely not going to do anything (also they are using Windows).
-
I gotcha. It may be best, then to have the server hosting the software run ZeroTier, and then your other Doctors join your ZeroTier network as well...
But it seems to me that I remember reading somebody didn't want it done that way...
-
@dafyre said:
I gotcha. It may be best, then to have the server hosting the software run ZeroTier, and then your other Doctors join your ZeroTier network as well...
But it seems to me that I remember reading somebody didn't want it done that way...
That would have been the easiest, but I can't get access to the application server. It's locked down and the software company has to ssh in to change anything. They won't install any third party packages. But I don't expect them to, that could be a big issue.
-
So, can I install this software on one computer, and use it to access the entire network?
-
@anonymous said:
So, can I install this software on one computer, and use it to access the entire network?
It's the same as Pertino in that way, or Hamachi. You can access any node that also has the software on it or anything sitting behind a gateway.
-
-
@anonymous said:
@scottalanmiller said:
or anything sitting behind a gateway.
Can you explain that?
It's like a site to site, or client to site VPN. You (or a firewall) connect to a gateway device on the network you want to connect to, then you appear as a node on that network simply able to connect to things as if you were local.
This is a bit more complex as you need to setup routing, etc.
-
@anonymous said:
@scottalanmiller said:
or anything sitting behind a gateway.
Can you explain that?
A gateway connects the VPN to the network behind it, same as any "normal" VPN device.
-
I needed a quick and dirty single device to my server connection for a project that is suppose to last about a month. I went from zero to finished in about 30 mins. Using ZeroTier as the host, damn that was fast and easy
Frankly I looked at Pertino first thinking they had a free for 10 users type thing, but I couldn't find immediately so I bailed and moved onto ZeroTier.
Now time to see about standing up my own ZT host.
-
@Dashrender said:
I needed a quick and dirty single device to my server connection for a project that is suppose to last about a month. I went from zero to finished in about 30 mins. Using ZeroTier as the host, damn that was fast and easy
Frankly I looked at Pertino first thinking they had a free for 10 users type thing, but I couldn't find immediately so I bailed and moved onto ZeroTier.
Now time to see about standing up my own ZT host.
A Pertino account with no paid subscription can have 3 devices on the network.
Works a treat for one off stuff like you mentioned as long as you need only a 1 to 1 access. I like to use it to provide RDP access to an internal PC or VM that the user can then use to access whatever they need.
-
@JaredBusch said:
@Dashrender said:
I needed a quick and dirty single device to my server connection for a project that is suppose to last about a month. I went from zero to finished in about 30 mins. Using ZeroTier as the host, damn that was fast and easy
Frankly I looked at Pertino first thinking they had a free for 10 users type thing, but I couldn't find immediately so I bailed and moved onto ZeroTier.
Now time to see about standing up my own ZT host.
A Pertino account with no paid subscription can have 3 devices on the network.
Works a treat for one off stuff like you mentioned as long as you need only a 1 to 1 access. I like to use it to provide RDP access to an internal PC or VM that the user can then use to access whatever they need.
Aww, thanks - wow.. 3 devices, makes that super restricted, even for a casual user. ZT's 10 is fairly usable.
-
@dafyre Have you found a way to display the IP addresses assigned to each peer on your own controller?
-
@johnhooks said:
@dafyre Have you found a way to display the IP addresses assigned to each peer on your own controller?
There has to be a way. Normal VPNs like OpenVPN do this.
-
@johnhooks Yeah, I have. I apologize for the lack of activity, but that surgery threw me for a bigger loop than I expected, lol. I'm back in mostly good working order today...
Anyhow, from th CLI on your controller... you should be able to:
zerotier-cli /controller/network #this line will list all of the networks you have created zerotier-cli /controller/network/<nwid>/member #this line will list all of the clients in <nwid> zerotier-cli /controller/network/<nwid>/member/<memberid> #gives you the details of the individual client...{ "nwid": "<nwid>", "address": "<memberid>", "controllerInstanceId": "<removed for security>", "authorized": true, "activeBridge": false, "memberRevision": 15, "clock": 1442507102271, "identity": <removed for security> "ipAssignments": ["192.168.251.88\/24"],As I understand it, they are planning to release an admin tool for it soon so we won't have to keep doing the CLI stuff unless you just like it, lol.
-
This post is deleted! -
@dafyre said:
@johnhooks Yeah, I have. I apologize for the lack of activity, but that surgery threw me for a bigger loop than I expected, lol. I'm back in mostly good working order today...
Anyhow, from th CLI on your controller... you should be able to:
zerotier-cli /controller/network #this line will list all of the networks you have created zerotier-cli /controller/network/<nwid>/member #this line will list all of the clients in <nwid> zerotier-cli /controller/network/<nwid>/member/<memberid> #gives you the details of the individual client...{ "nwid": "<nwid>", "address": "<memberid>", "controllerInstanceId": "<removed for security>", "authorized": true, "activeBridge": false, "memberRevision": 15, "clock": 1442507102271, "identity": <removed for security> "ipAssignments": ["192.168.251.88\/24"],As I understand it, they are planning to release an admin tool for it soon so we won't have to keep doing the CLI stuff unless you just like it, lol.
No need to apologize! I just tried it again and it worked. I must not have waited long enough last time.
When it didn't work, I also tried
zerotier-cli -j listpeersBut it didn't list them either.
-
I think the listpeers command is for listing other "nearby" controllers that can be used when necessary.
-
@dafyre said:
I think the listpeers command is for listing other "nearby" controllers that can be used when necessary.
It listed all of the devices on the network, but the only IP it showed was the public WAN, and it only showed the zerotier ID.
-
Your devices also won't be assigned an IP address until you have authorized them into your network.
