• I recently got a mini host for the office, thinking it would be convenient to configure an environment and have occasional access at home. I temporarily deployed internal network penetration using frp – specifying port forwarding, which requires a public server with a connection quality dependent on its bandwidth. Instead, I experimented with a fresh Zerotier virtual LAN, similar to a VPN, where I created a virtual network card locally and all machines joined it into a single virtual network.

What is ZeroTier

ZeroTier is a software-defined wide area network (SD-WAN) solution that allows users to create secure virtual networks between devices in different geographic locations. Through ZeroTier, you can easily connect multiple computers, servers, and devices into a virtual, encrypted network – as if they were on the same local network. This helps developers and IT professionals securely share data and resources across different locations without complex network setups or VPN configurations.

1. ZeroTier Networks: A ZeroTier network is a virtual, global LAN that allows different devices to connect together over the internet, as if they were on the same physical network. This network can contain multiple subnets, with all devices connected through ZeroTier technology.

2. Planet Servers: Planet servers are a key component of the ZeroTier network. They are global and responsible for maintaining and managing the entire ZeroTier network topology, routing information, and network status. The planet server acts as a central control center for the global network, without directly transferring data. User devices need to connect to at least one planet server to participate in the ZeroTier network.

3. Transit Servers: Transit servers are auxiliary nodes within the ZeroTier network that help establish direct communication channels between devices. When devices cannot connect directly, they can use transit servers to transmit data. This helps improve network reachability and performance. Transit servers are typically located around the world, acting as data transmission hubs.

In essence, ZeroTier uses the assistance of planet servers and transit servers to enable devices to create virtual local networks globally, achieving secure and fast communication between devices. The planet server is responsible for global network management, while the transit server helps devices establish connections when needed.

Installation & Deployment

1. Visit the ZeroTier official website (https://www.zerotier.com/) to obtain installation files and documentation.
2. Download and install the ZeroTier One client according to your operating system. It supports Windows, macOS, Linux, and many other platforms.
3. Launch the ZeroTier One client after installation.
4. Register a ZeroTier account if you don’t already have one. You can create an account within the client.
5. Log in with your ZeroTier account and create a new network. This network will have a unique 16-character ID, which you need to remember.
6. Join this network on your device. You can either enter the network ID in the client or use the QR code scanning feature.
7. Devices installed and configured with the ZeroTier client will be added to the same virtual network. These devices can now communicate directly with each other as if they were on the same local area network.
8. You can manage network settings, add devices, and monitor network traffic in the ZeroTier control panel.

Installing and Deploying Moon

Many domestic operators have banned UDP tunneling, and the frp service is stable. Due to using the TCP protocol, deploying Zerotier intermediate servers can achieve similar effects. The firewall needs to open udp 9993.

curl -s https://install.zerotier.com/ | sudo bash

Check installation success:

zerotier-cli info

Join the local network:

zerotier-cli join network-id

Create moon:

cd /var/lib/zerotier-one && sudo zerotier-idtool initmoon identity.public > moon.json

Edit the configuration file, adjust the stableEndpoints node, “server public IP/9993”

Generate a signature configuration, create the moons.d folder, move the previous files to this folder, and restart the service:

sudo zerotier-idtool genmoon moon.json
mkdir moons.d && mv 000000eb444ec0d8.moon moons.d/
systemctl restart zerotier-one.service

Client nodes join the moon server, taking the ID from the JSON configuration file’s id field:

zerotier-cli.bat orbit ztaddr ztaddr

# Observe whether new moon nodes appear, with IDs and information matching the server configuration
[root@idv-36f9d5 ~]# zerotier-cli listpeers
200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 0cccb***** 35.236.*.*/64393;110;10726 327 1.6.3 LEAF
200 listpeers 3a46f***** 185.180.*.*/9993;110;757 -1 - PLANET
200 listpeers 3ed7c***** 39.97.*.*/9993;172;79 32 1.6.3 MOON
200 listpeers 4f838***** - -1 - LEAF
200 listpeers 62f86***** 50.7.*.*/9993;110;4796 351 - PLANET
200 listpeers 778cd***** 103.195.*.*/9993;5148;4887 253 - PLANET
200 listpeers 992fc***** 195.181.*.*/9993;10161;4921 226 - PLANET
200 listpeers 9d2b5***** - -1 - LEAF

On the Windows platform, start the terminal with administrator privileges and use the zerotier-cli.bat command-line interface. On the Linux platform, use the zerotier-cli interface. The listpeers subcommand displays connected nodes and shows all nodes when using listpeers, indicating a successful join.

Uninstalling

How to uninstall on the Windows platform is beyond the scope of this document, as it follows standard operating procedures – typically through the Control Panel. We will focus on the Ubuntu instructions:

1. Remove the zerotier-one service using dpkg:

sudo dpkg -P zerotier-one

1. Delete the zerotier-one directory, which stores the address information; deleting it will result in a new address upon reinstallation:

sudo rm -rf /var/lib/zerotier-one/

Epilogue

They were originally all decommissioned, and when the servers arrived, there weren’t suitable services as proxy nodes. Alibaba was doing sales promotion, providing development trial servers with low configurations, priced affordably in 1999, and used them for two years. What was valued was the bandwidth provided by the servers.

References

• https://www.wnark.com/archives/152.html
• https://www.cnblogs.com/Yogile/p/12642423.html