Simple Explanation (in my own terms)

ZeroTier is a software application compatible with various operating systems, including Linux, Windows, Mac, Android, and certain NAS devices. Each network you create has a unique 64-bit hash as its ID, allowing others to join simply by sharing this identifier. To enhance security, device authentication is required before access to network resources is granted, conveniently managed through a web interface.

The individual hostnames are represented by a unique 40-bit hash. Within the interface, you can also assign IP addresses to these hosts. In terms of security, ZeroTier functions similarly to a VPN, leveraging Salsa20 encryption and LZ4 for data compression, achieving speeds of up to 484 Mbps (see benchmark page for details).

While there is a potential vulnerability associated with the centralized management of the network hosted by ZeroTier, the open-source nature of the software allows you to host the components independently, albeit without the user-friendly web interface. A notable feature is the inventory of devices, which includes their MAC addresses and unique device IDs, supporting Zero Trust decisions you may wish to implement.

You can also create multiple networks tailored to different purposes, such as a network for development teams that includes various servers, alongside a separate network for finance-related tasks.

For those intrigued by Zero Trust principles, I recommend checking out my comment below.

Joerg S. on LinkedIn: I ZeroTrust you to do anything else

This blog post draws inspiration from the Google Security Podcast featuring Anton Chuvakin and Timothe Peacock, who discussed...

www.linkedin.com

High-Level Overview of My ZeroTier Configuration

I utilized a Banana Pi and NGINX to make my home systems accessible to all my mobile devices, even if they don’t support ZeroTier natively. This allows me to access dashboards from virtually anywhere in the world. While my Raspberry Pi-based Home Assistant and Brandmeister could support ZeroTier, my older Synology device required me to adopt the NGINX approach for connectivity.

With this setup, I’ve come to realize that my strengths lie more in web development than networking, as I often default to NGINX reverse proxy solutions instead of delving into iptables masquerading and routing intricacies.

Section 2.1: Getting Started with ZeroTier

To kick things off, you can easily register for an account on the ZeroTier website.

ZeroTier Registration Page

Once registered, you can use the web interface to establish your first network. As depicted in the screenshot, the free version permits up to 50 members in a single network.

Creating Networks is Quite Simple

After setting up your network, you can share the Network ID for hosts to join. The web interface notifies you when new hosts connect, and you must authenticate them before they can communicate. Additionally, you can assign hostnames and IP addresses to simplify management.

Managing Hosts and IPs

From that point onward, accessing internal web pages or SSH-ing into my Banana Pi became a breeze.

[Update] After using this setup for several days, I’ve experienced no issues; the network remains stable, and I primarily use it to SSH into home devices and access my Synology (although newer models have pre-built software, mine does not).

Feel free to give it a try, and let me know if you enjoy it! Always remember to be excellent to each other.