Create a Network
A ZeroTier network works like a LAN you can use anywhere in the world. Let's create one and connect two devices to see how it works.
We'll use ping to test the connection. Any two devices that can run ZeroTier will work: laptops, phones, virtual machines, or servers.
Both devices can start at the same location. When you move one to a different network, the connection just works.
Steps:
- Create a ZeroTier network
- Join from two devices
pingbetween devices
Takes 5 minutes.
Details
Results Preview
Results summary for networking people.Not a networking person? Skip this.
Each network creates a network interface. Like adding an Ethernet port.
node1# ip -o a
1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
2: eth0 inet 192.168.182.201/24 brd 192.168.182.255 scope global dynamic noprefixroute eth0\ valid_lft 3277sec preferred_lft 2827sec
9: zt3jn2z57r inet 10.2.0.11/23 brd 10.2.1.255 scope global zt3jn2z57r\ valid_lft forever preferred_lft forever
node2# ip -o a
1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever
2: eth0 inet 192.168.182.202/24 brd 192.168.182.255 scope global dynamic noprefixroute eth0\ valid_lft 3277sec preferred_lft 2827sec
9: zt3jn2z57r inet 10.2.0.12/23 brd 10.2.1.255 scope global zt3jn2z57r\ valid_lft forever preferred_lft forever
node1# ping -c 3 10.2.0.12
PING 10.2.0.2 (10.2.0.12) 56(84) bytes of data.
64 bytes from 10.2.0.12: icmp_seq=1 ttl=64 time=5.66 ms
64 bytes from 10.2.0.12: icmp_seq=2 ttl=64 time=6.62 ms
64 bytes from 10.2.0.12: icmp_seq=3 ttl=64 time=8.50 ms
--- 10.2.0.12 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
Create your first ZeroTier network
Create an account
ZeroTier Central is free for personal and small business use (up to 25 devices across all networks). No credit card required, no trial period limitations. Larger deployments and organizations require a paid subscription.
- Go to my.zerotier.com and create an account.
Create a network
- Make sure you're on the "Networks" tab of my.zerotier.com
- Click the Create A Network button.
Creates a virtual network with random ID and name. Here: "fervent_smathers" and d5e04297a16fa690.
- Click anywhere on the network to go to the details page for this network.
See the Network Settings panel:
No settings needed. Change the name if you want.
-
Change "fervent_smathers" to "my cool network" or whatever you like.
-
Collapse the Settings panel. Click on the word "Settings" at the top of the panel.
Other settings? Leave them.
- See the Network Members panel:
It should say "No devices have joined this network".
- Leave this browser tab open. We'll look at it again later.
Setup the ZeroTier app
Download and install ZeroTier
For mobile devices, use the app store.
- Go to zerotier.com/download in a different tab of your browser.
- Run the installer
ZeroTier client now runs on your device.
Join your first ZeroTier network
Tell the client to "join" your network.
- Copy the Network ID of the network from my.zerotier.com
This is the long number that looks like like:
d5e04297a16fa690 - Paste the Network ID into the "join" command on your device
On macOS and Windows, there is a menubar/tray app. Select "join" from the menu.
- macOS
- Windows
- Command Line
- Mobile
On linux, you need to be root, or use sudo in front of the commands
On macOS, sudo is not required.
On Windows, you need to use an Admin Prompt. Type "powershell" into the start menu, then right click and "Open as Admin"
% zerotier-cli info
200 info 8af72edda7 1.10.2 ONLINE
% zerotier-cli join d5e04297a16fa690
200 join OK
Every running instance of ZeroTier has a unique address. It's the 10 digit "Address" in the app, or zerotier-cli info command.
ZeroTier addresses are a very secure method of unique identification.
Authorize your device on your network
Client says "Access Denied." Devices need permission. Even with the network ID.
- macOS
- Windows
- Linux
- Mobile
# zerotier-cli listnetworks
200 listnetworks d5e04297a16fa690 92:61:0e:25:b1:8d ACCESS_DENIED PRIVATE ztijas2mjr -
Authorize your device
- Go to the Members panel that we left open on my.zerotier.com
- Your node that just "joined" should appear here.
- The "Address" should match the address in your client.
- Click the "Auth?" check box for it.
- Give it a name. Type something like "laptop" or "bob" into the
(short name)input.
Confirm authorization
Back on your computer, your client should now say "OK" instead of "ACCESS DENIED" and it should show your custom "my cool network" name.
- macOS
- Windows
- Linux
- Mobile
% zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks d5e04297a16fa690 my cool network 92:2c:98:8f:4a:e5 OK PRIVATE feth3903 172.22.195.59/16```
One member on your network. Can't do much alone.
Repeat with another device
Need 2 devices on the same network.
- Repeat the join and authorize steps with your second device.
Test connectivity
Two authorized nodes. They can talk over ZeroTier.
Your Network Members section should look something like this:
The "Managed IPs" will be different on your network.
Test with ping. Exists on every OS by default.
Command line program. You can do it.
Gotcha: Windows blocks ping
Windows blocks ping by default.
ZeroTier enables ping automatically. Skip this step.
How to enable ping on Windows
- Search for Windows Firewall in the Start Menu, and click to open it.
- Click Advanced Settings on the left.
- From the left pane of the resulting window, click Inbound Rules.
- In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In).
- Right-click each rule and choose Enable Rule.
Here is a tutorial by Microsoft
Open the command line
- Open the command line on your computer
- macOS
- Windows
- Linux
- Mobile
- Use Spotlight (cmd-space) to search for Terminal
- Search for "powershell" and open it
- It's different on every flavor of Linux. You'll have to search duckduckgo for "open terminal ubuntu" or similar.
Mobile operating systems don't have a command line. You can download a "ping" app from your app store if you want.
Or ping your phone from your desktop computer.
Try switching your phone from wifi to cell and back. It may take about a minute, but ZeroTier should automatically keep the connection working.
Find the ZeroTier IP Addresses of your devices
Try the ping command
For macOS and Linux users, you are going to do the following.
Back in the Command Line / Terminal that you just opened:
- type
ping -c 5 $ZEROTIER_IP_ADDRESS<enter>into your command line.
A successful ping:
% ping -c 5 172.22.217.93
PING 172.22.217.93 (172.22.217.93): 56 data bytes
64 bytes from 172.22.217.93: icmp_seq=0 ttl=64 time=22.362 ms
64 bytes from 172.22.217.93: icmp_seq=1 ttl=64 time=10.157 ms
64 bytes from 172.22.217.93: icmp_seq=2 ttl=64 time=9.414 ms
64 bytes from 172.22.217.93: icmp_seq=3 ttl=64 time=9.019 ms
64 bytes from 172.22.217.93: icmp_seq=4 ttl=64 time=9.180 ms
--- 172.22.217.93 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.019/12.026/22.362/5.182 ms
Try it with both ZeroTier Managed addresses on your network.
One of them is the same device you're on, so you're pinging yourself. Pinging the other device might be a little more interesting.
If something goes wrong you might see something like:
% ping -c 5 172.22.217.92
PING 172.22.217.92 (172.22.217.92): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
--- 172.22.217.92 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
or
ping -c 5 192.168.123.234
PING 192.168.123.234 (192.168.123.234): 56 data bytes
92 bytes from 192.168.82.1: Destination Port Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 56e7 0 0000 3f 01 d4ad 192.168.82.217 192.168.123.234
For Windows users, the -c parameter is explained as something else. If you want to send 5 packages, you will do the following.
- type
ping -n 5 $ZEROTIER_IP_ADDRESS<enter>into your command line.
A successful ping:
C:\> ping -n 5 172.22.217.93
Pinging 172.22.217.93 with 32 bytes of data
Reply from 172.22.217.93: bytes=32 time=22ms TTL=64
Reply from 172.22.217.93: bytes=32 time=10ms TTL=64
Reply from 172.22.217.93: bytes=32 time=9ms TTL=64
Reply from 172.22.217.93: bytes=32 time=7ms TTL=64
Reply from 172.22.217.93: bytes=32 time=9ms TTL=64
Ping statistics for 172.22.217.93:
Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 5ms, Maximum = 7ms, Average = 6ms
There may just be a typo in the IP address. Double check that your device is authorized at my.zerotier.com
Contact support and see the troubleshooting section if you get stuck.
Conclusion
ping proves ZeroTier works. Useful for troubleshooting any network.
Need help? Contact support.
Leaving a Network
When you no longer need to be connected to a network, you can leave it:
macOS and Windows
- Click the ZeroTier icon in your menu bar/system tray
- Click the network name to uncheck it (or use Network Details to uncheck the Connected checkbox)
- To permanently remove a network, use Network Details -> Delete Network
Command Line
sudo zerotier-cli leave NETWORK_ID
Now, use ZeroTier to do something you want to do
Some popular uses
- Windows Remote Desktop
- ssh (try mosh)
- Private Gaming LAN
- Access the web interfaces of your home lab
- Build your own VPN
- Route to a remote subnet
- Route to a Docker network
- Add dns to your network
Join multiple networks
A node can join many networks at once. Make sure they don't use the same subnet!
You can have a home network, a friends network, and a work network, for example.
They don't all need to be networks that you've created. You can join other people's networks.
Check out the Whitepaper
For more info on the cryptography and protocol, see the: Design Whitepaper