ZeroTier Review
-
@Dashrender said:
I needed a quick and dirty single device to my server connection for a project that is suppose to last about a month. I went from zero to finished in about 30 mins. Using ZeroTier as the host, damn that was fast and easy
Frankly I looked at Pertino first thinking they had a free for 10 users type thing, but I couldn't find immediately so I bailed and moved onto ZeroTier.
Now time to see about standing up my own ZT host.
A Pertino account with no paid subscription can have 3 devices on the network.
Works a treat for one off stuff like you mentioned as long as you need only a 1 to 1 access. I like to use it to provide RDP access to an internal PC or VM that the user can then use to access whatever they need.
-
@JaredBusch said:
@Dashrender said:
I needed a quick and dirty single device to my server connection for a project that is suppose to last about a month. I went from zero to finished in about 30 mins. Using ZeroTier as the host, damn that was fast and easy
Frankly I looked at Pertino first thinking they had a free for 10 users type thing, but I couldn't find immediately so I bailed and moved onto ZeroTier.
Now time to see about standing up my own ZT host.
A Pertino account with no paid subscription can have 3 devices on the network.
Works a treat for one off stuff like you mentioned as long as you need only a 1 to 1 access. I like to use it to provide RDP access to an internal PC or VM that the user can then use to access whatever they need.
Aww, thanks - wow.. 3 devices, makes that super restricted, even for a casual user. ZT's 10 is fairly usable.
-
@dafyre Have you found a way to display the IP addresses assigned to each peer on your own controller?
-
@johnhooks said:
@dafyre Have you found a way to display the IP addresses assigned to each peer on your own controller?
There has to be a way. Normal VPNs like OpenVPN do this.
-
@johnhooks Yeah, I have. I apologize for the lack of activity, but that surgery threw me for a bigger loop than I expected, lol. I'm back in mostly good working order today...
Anyhow, from th CLI on your controller... you should be able to:
zerotier-cli /controller/network #this line will list all of the networks you have created zerotier-cli /controller/network/<nwid>/member #this line will list all of the clients in <nwid> zerotier-cli /controller/network/<nwid>/member/<memberid> #gives you the details of the individual client...
{ "nwid": "<nwid>", "address": "<memberid>", "controllerInstanceId": "<removed for security>", "authorized": true, "activeBridge": false, "memberRevision": 15, "clock": 1442507102271, "identity": <removed for security> "ipAssignments": ["192.168.251.88\/24"],
As I understand it, they are planning to release an admin tool for it soon so we won't have to keep doing the CLI stuff unless you just like it, lol.
-
This post is deleted! -
@dafyre said:
@johnhooks Yeah, I have. I apologize for the lack of activity, but that surgery threw me for a bigger loop than I expected, lol. I'm back in mostly good working order today...
Anyhow, from th CLI on your controller... you should be able to:
zerotier-cli /controller/network #this line will list all of the networks you have created zerotier-cli /controller/network/<nwid>/member #this line will list all of the clients in <nwid> zerotier-cli /controller/network/<nwid>/member/<memberid> #gives you the details of the individual client...
{ "nwid": "<nwid>", "address": "<memberid>", "controllerInstanceId": "<removed for security>", "authorized": true, "activeBridge": false, "memberRevision": 15, "clock": 1442507102271, "identity": <removed for security> "ipAssignments": ["192.168.251.88\/24"],
As I understand it, they are planning to release an admin tool for it soon so we won't have to keep doing the CLI stuff unless you just like it, lol.
No need to apologize! I just tried it again and it worked. I must not have waited long enough last time.
When it didn't work, I also tried
zerotier-cli -j listpeers
But it didn't list them either.
-
I think the listpeers command is for listing other "nearby" controllers that can be used when necessary.
-
@dafyre said:
I think the listpeers command is for listing other "nearby" controllers that can be used when necessary.
It listed all of the devices on the network, but the only IP it showed was the public WAN, and it only showed the zerotier ID.
-
Your devices also won't be assigned an IP address until you have authorized them into your network.
-
@dafyre said:
Your devices also won't be assigned an IP address until you have authorized them into your network.
I checked right after I ran the authorize script you wrote, but I must have needed to wait a little longer.
-
@johnhooks Thanks for the heads up. I'll keep that in mind.
-
Thanks for the code snippets to create a network and authorize a client. I modified the PHP script to change a client IP. I disconnected my client and reconnected to be safe and client started using the new IP.
<?PHP $secret=file_get_contents('authtoken.secret'); echo "Connecting with secret of $secret\n\r"; $networkID="aaaaaaaaaaaaaaaa"; $memberID="bbbbbbbbbb"; $NewIP=array("192.168.50.10/24"); $url="http://localhost:9993/controller/network/$networkID/member/$memberID?auth=$secret"; $networkOption=array( 'ipAssignments'=>$NewIP ); //echo json_encode($networkOption); $curl=curl_init(); $curlOptions=array( CURLOPT_URL=>$url, CURLOPT_POSTFIELDS=>json_encode($networkOption), CURLOPT_RETURNTRANSFER=>true ); curl_setopt_array($curl,$curlOptions); $result=curl_exec($curl); print_r($result); /* echo "Sent Data: \n\r"; print_r($curlOptions); */
-
@quicky2g Welcome to the community!
-
@scottalanmiller Thanks! Co-worker put me onto this article and seems like a pretty cool site. Might have to stick around
-
Awesome! Great to see people starting to steer others over here!
-
@quicky2g said:
@scottalanmiller Thanks! Co-worker put me onto this article and seems like a pretty cool site. Might have to stick around
Welcome aboard & Thanks for the code update!
-
I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?
-
@travisdh1 said:
I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?
If you haven't read up in the FAQ yet, check it out here: https://www.zerotier.com/tech_faq.shtml -- especially the security section.
What kind of use case are you seeing for it?
-
@dafyre said:
@travisdh1 said:
I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?
If you haven't read up in the FAQ yet, check it out here: https://www.zerotier.com/tech_faq.shtml -- especially the security section.
What kind of use case are you seeing for it?
I did Wireshark on the traffic yesterday. All I saw was encrypted data inside a UDP packet. Not sure if there are any vulnerabilities or security holes in the dependent applications.