ZeroTier: Configure This Secure VPN to Connect Computers Remotely

What is ZeroTier and what is it for?

ZeroTier is is is one of the lead company in SDN ( Software Defined Networks ) , and it will provide us with the possibility of interconnect multiple device over the internet , without the need to open port in any of them . thank to its ZeroTier One , the company is offers offer us a client program that allow pc , server , smartphone and other device to communicate with each other through a virtual private network ( VPN ) , and all this completely free and secure , since all the traffic in the ZeroTier network is encrypt .

thank to SDN technology , we is allow will allow user to create secure network that are very easy to configure , in addition , all device will be on the same subnet so that there can be communication between them , as if they were in the same physical location . ZeroTier provide a web interface to configure this virtual private network in detail , where we can configure the subnet used , the client that can be connect to it , what route we is have have to give to the different client so that they arrive correctly at their destination , and much more . , since it is allow will also allow us to configure a firewall in detail to allow or deny certain traffic .

A very important feature of ZeroTier is that communications are point-to-point. Unlike traditional VPNs where we will have a central server or router, in this case the messages are sent directly from computer to computer, without the need to go through the central node. This gives us a minimum efficiency and latency, ideal to have the best user experience.

Regarding the security of communication with ZeroTier , we have an asymmetric public key base on Curve25519 and Ed25519 for signing , it is uses also use chacha20 – Poly1305 for symmetric datum encryption and for message authentication . thank to this encryption suite that is very similar to the one used by WireGuard , all our communication between computer will be encrypt . accord to the creator of ZeroTier , in the next version 2.0 that is to come , they is plan plan to incorporate AES – GCM , so that computer with AES – ni hardware encryption acceleration take advantage of this possibility , and have the good possible performance . We is recommend recommend that you read everything about ZeroTier ’s cryptography on his blog .

Lastly, ZeroTier is compatible with Windows, Linux, macOS, FreeBSD, Android, iOS operating systems and also some NAS servers (Synology, QNAP and others). We must also take into account the limitations of the free version, because you may have to purchase the professional version if you have many devices to interconnect:

• Free: up to 50 devices, one administrator and with community support.
• Professional: up to 500 devices, up to 10 administrators, priority support and only $ 49 per month.

Today in this article we are going to offer you a complete tutorial where you can see how to configure an SDN network to interconnect two Windows computers, and both computers will be connected to the Internet with different connections, one via FTTH and the other via 4G.

Registration and commissioning of the SDN network

The first thing we have to do is register in ZeroTier, because we will necessarily need a network ID to start configuring the SDN network and integrate the different equipment into it. If we go to the official website and click on «Download», a message will appear directly telling us to register, click on «Start Here» to proceed with the registration.

To register we will only need to put the name and surname, and an email with the corresponding password. Once we have registered, we proceed to confirm the email that they have sent us, and we will be ready to start a web session in ZeroTier.

The first thing that we will see when entering the SDN platform for the first time via ZeroTier’s web, is a small step-by-step configuration wizard that will explain the different menus. This wizard will be in charge of registering a new “Network” automatically, without us having to do anything at all.

On the first screen we will be welcomed to ZeroTier Central, which is where we can create and manage the different networks, the administrators of said networks and also the different members, configure advanced rules in the firewall to allow or deny traffic, and much more . In the second menu we must choose “I want to connect my devices to a Friend or colleague’s devices”, that is, the option on the right.

Next, it will tell us that we must start creating a network, clicking on “Create a Network”. Once created, we will have to share the Network ID with friends or family, so that they automatically connect to the newly created SDN network. Once we have created the network, it will tell us that we must download the ZeroTier client on the different devices, so that later they connect to the SDN network. When the different members join, we must authorize them manually, in the “Members” section, otherwise, they will not have communication with any team on the network. Finally, in the paid version we can configure different administrators.

In the main menu of the network , we will always have to copy and take into account the « Network ID » that is generate automatically , this ID is is is necessary in each and every one of the client to connect to the SDN network . We is give can also give it a name , and even a description . In “ Access control ” we is put must always put “ private ” , in this way , the node must be authorize by us manually before becoming member .

In the “ manage route ” section is where we can configure different subnet for the member , we is have will have a list of subnet that we can configure in the “ Easy ” section , as you can see . However , we is click can also click on “ advanced ” and use a somewhat more advanced configuration . A very important feature is is is that we can manually define static route , in this way , all member within the SDN network will obtain these route to reach other network .

ZeroTier is compatible with IPv6 networks, in fact, we can obtain both an IPv4 for the SDN network and also IPv6, but this is optional. The same happens with the issue of DNS servers, we can manually configure the DNS we want.

If we have not configured the Network ID on any computer, then we will see the empty “Members” section, and it will indicate that no device has joined the network, and that we must use ZeroTier One with the corresponding Network ID so that they appear here. .

Just below we will have the advanced options of ZeroTier, and that is that we will be able to configure «Flow rules», to allow or deny the traffic between the different devices. In principle, both IPv4 and IPv6 traffic and communication between the different members are accepted by default, but from here we can configure these parameters in detail.

If we go further down the menu, we can see a basic syntax of how these “Flow Rules” work, and even what actions we can perform, as you can see, ZeroTier’s advanced configuration possibilities are really interesting and very advanced. Finally, it will indicate that we can only configure an administrator, but we have the menu to add more if we pay for the professional version, we must remember that we are using the “Free” version of ZeroTier, and we can also eliminate this network that we have just created. If we delete a network and create another, it will have a different Network ID.

Once we have seen ZeroTier Central where we will have access to the administration of the SDN network, now we are going to install ZeroTier on end devices.

ZeroTier installation on end devices (PC, smartphone etc)

The installation of ZeroTier on end devices has no mystery, we must download the software from the official ZeroTier website, and then install it on the PC or Mac, and even on mobile devices. Once we have the program installed, we will have to perform two actions:

• Enter the Network ID in ZeroTier One
• accept the newly add member from the administration panel .

Once we have see how ZeroTier One is instal on Windows 10 computer , we is see will see how to register the pc and device on the ZeroTier network .

Register the PCs and devices in the ZeroTier network

In ZeroTier’s main menu we can see both the Network ID, as well as the configuration of the private subnet that is going to be assigned, we must remember that we can select the subnet that we want, although we can also go to the “Advanced” section and configure the network more in detail, the DHCP server and more.

In the ZeroTier One client, we can see the “Node ID” which is the identifier of the node where we have installed it. Each computer where we install it will have a different “Node ID”. In order to join the ZeroTier network that we have just created, we must click on «Join Network», in the «Show Networks» section we will be able to see which network or networks this node is connected to.

In the « join a Network » menu is where we will have to put the « Network ID » of the network , the option that appear below are used for the follow :

• Allow Managed – If checked, ZeroTier managed private IP addresses and routes are assigned.
• Allow Global – If checked, ZeroTier managed private IP addresses and routes are assigned, but can overlap with public IP space.
• Allow Default : the program can override the default path of the operating system, and forward all traffic through the tunnel.
• allow dns : DNS retrieval is allow through the ZeroTier manage network .

Once we click on «Join», Windows 10 will tell us that, if we want to allow other PCs and devices on the network to which we have joined to detect our PC, it is basically to configure in «Private network» or «Public network ». The normal thing is to put it in «Private network» so that we can communicate with each other without problems.

If we click on «Show Networks» of the ZeroTier One client on our PC, we will be able to see the status of the network, the type of network, and the characteristics of whether we have the «Allow» of which we have spoken before, at any time we can allow or not these features. The most important thing about this is the “Status: ACCESS_DENIED”, and it is that, although we have successfully connected to the ZeroTier network, we will not have full access until we authorize it manually.

If we go back into the ZeroTier Central administration panel, we will be able to see the team or teams that have connected, and are waiting to be authenticated. All we have to do is click on the box « Auth? »To allow them access. Then we can put a name, a description and even the IP address that we want. It will also show us if you are currently connected, the last connection date, the version of the client you are using, and even the public IP address from where you are connecting.

Once we have authorized it, after a few seconds, “Status: OK” will appear, therefore, it will already be perfectly connected to the SDN network.

In the Windows networks section we can see a new adapter, which Network ID we are connected to, and also what private IP address it currently has.

At any time we can modify the members, we must bear in mind that in the “Free” version we can add up to 50 members to the SDN network, if we go over we will not be able to add more.

We must not forget that we can also obtain an IPv6 address, we can not only create an IPv4 network as you have seen previously.

In our case, we have connected two computers with Windows 10 as follows:

• AMD Ryzen 7 PC via cable to a symmetric 600Mbps FTTH Pepephone fiber connection.
• Lenovo X1 Carbon PC connected via 4G to Yoigo’s network.

When creating the network, although the computers are behind a NAT, and in the case of the Lenovo X1 Carbon we have a CG-NAT, they will be able to communicate without any problem, making use of the private addressing that has been provided. Below, you can see how from the laptop we can communicate with the desktop PC without any problem.

As you have seen, there is communication, the only problem is the latency of the connection, this will depend on the operator or operators and the form of connection you are using.

official ZeroTier Documentation and help forum

One of the things we like the most about ZeroTier is the great community it has in its forums, and also the large number of tutorials and wikis to know everything about this tool, and all its possibilities. For example, we can add a node and have all the Internet traffic of the entire network flow through it, creating a default route in ZeroTier Central itself.

We recommend you visit the official ZeroTier manual where you will find answers to all your questions, you can also access the Wiki where you will find a lot of information about this great tool.