ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZeroTier Review

    Scheduled Pinned Locked Moved IT Discussion
    vpnreviewzerotier
    107 Posts 10 Posters 71.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @stacksofplates
      last edited by

      @johnhooks said:

      @dafyre Have you found a way to display the IP addresses assigned to each peer on your own controller?

      There has to be a way. Normal VPNs like OpenVPN do this.

      1 Reply Last reply Reply Quote 0
      • dafyreD
        dafyre @stacksofplates
        last edited by

        @johnhooks Yeah, I have. I apologize for the lack of activity, but that surgery threw me for a bigger loop than I expected, lol. I'm back in mostly good working order today...

        Anyhow, from th CLI on your controller... you should be able to:

        zerotier-cli /controller/network    #this line will list all of the networks  you have created
        zerotier-cli /controller/network/<nwid>/member #this line will list all of the clients in <nwid> 
        zerotier-cli /controller/network/<nwid>/member/<memberid>  #gives you the details of the individual client... 
        
        {
        	"nwid": "<nwid>",
        	"address": "<memberid>",
        	"controllerInstanceId": "<removed for security>",
        	"authorized": true,
        	"activeBridge": false,
        	"memberRevision": 15,
        	"clock": 1442507102271,
        	"identity": <removed for security>
        	"ipAssignments": ["192.168.251.88\/24"],
        

        As I understand it, they are planning to release an admin tool for it soon so we won't have to keep doing the CLI stuff unless you just like it, lol.

        stacksofplatesS 1 Reply Last reply Reply Quote 1
        • stacksofplatesS
          stacksofplates
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • stacksofplatesS
            stacksofplates @dafyre
            last edited by stacksofplates

            @dafyre said:

            @johnhooks Yeah, I have. I apologize for the lack of activity, but that surgery threw me for a bigger loop than I expected, lol. I'm back in mostly good working order today...

            Anyhow, from th CLI on your controller... you should be able to:

            zerotier-cli /controller/network    #this line will list all of the networks  you have created
            zerotier-cli /controller/network/<nwid>/member #this line will list all of the clients in <nwid> 
            zerotier-cli /controller/network/<nwid>/member/<memberid>  #gives you the details of the individual client... 
            
            {
            	"nwid": "<nwid>",
            	"address": "<memberid>",
            	"controllerInstanceId": "<removed for security>",
            	"authorized": true,
            	"activeBridge": false,
            	"memberRevision": 15,
            	"clock": 1442507102271,
            	"identity": <removed for security>
            	"ipAssignments": ["192.168.251.88\/24"],
            

            As I understand it, they are planning to release an admin tool for it soon so we won't have to keep doing the CLI stuff unless you just like it, lol.

            No need to apologize! I just tried it again and it worked. I must not have waited long enough last time.

            When it didn't work, I also tried
            zerotier-cli -j listpeers

            But it didn't list them either.

            1 Reply Last reply Reply Quote 0
            • dafyreD
              dafyre
              last edited by

              I think the listpeers command is for listing other "nearby" controllers that can be used when necessary.

              stacksofplatesS 1 Reply Last reply Reply Quote 0
              • stacksofplatesS
                stacksofplates @dafyre
                last edited by stacksofplates

                @dafyre said:

                I think the listpeers command is for listing other "nearby" controllers that can be used when necessary.

                It listed all of the devices on the network, but the only IP it showed was the public WAN, and it only showed the zerotier ID.

                1 Reply Last reply Reply Quote 0
                • dafyreD
                  dafyre
                  last edited by

                  Your devices also won't be assigned an IP address until you have authorized them into your network.

                  stacksofplatesS 1 Reply Last reply Reply Quote 0
                  • stacksofplatesS
                    stacksofplates @dafyre
                    last edited by stacksofplates

                    @dafyre said:

                    Your devices also won't be assigned an IP address until you have authorized them into your network.

                    I checked right after I ran the authorize script you wrote, but I must have needed to wait a little longer.

                    dafyreD 1 Reply Last reply Reply Quote 0
                    • dafyreD
                      dafyre @stacksofplates
                      last edited by

                      @johnhooks Thanks for the heads up. I'll keep that in mind.

                      1 Reply Last reply Reply Quote 1
                      • quicky2gQ
                        quicky2g
                        last edited by

                        Thanks for the code snippets to create a network and authorize a client. I modified the PHP script to change a client IP. I disconnected my client and reconnected to be safe and client started using the new IP.

                        <?PHP
                        
                        $secret=file_get_contents('authtoken.secret');
                        
                        echo "Connecting with secret of $secret\n\r";
                        
                        $networkID="aaaaaaaaaaaaaaaa";
                        $memberID="bbbbbbbbbb";
                        $NewIP=array("192.168.50.10/24");
                        
                        $url="http://localhost:9993/controller/network/$networkID/member/$memberID?auth=$secret";
                        $networkOption=array(
                         'ipAssignments'=>$NewIP
                        );
                        
                        //echo json_encode($networkOption);
                        
                        $curl=curl_init();
                        
                        $curlOptions=array(
                         CURLOPT_URL=>$url,
                         CURLOPT_POSTFIELDS=>json_encode($networkOption),
                         CURLOPT_RETURNTRANSFER=>true
                        );
                        
                        curl_setopt_array($curl,$curlOptions);
                        
                        $result=curl_exec($curl);
                        
                        print_r($result);
                        
                        /*
                        echo "Sent Data: \n\r";
                        print_r($curlOptions);
                        */
                        
                        scottalanmillerS 1 Reply Last reply Reply Quote 4
                        • scottalanmillerS
                          scottalanmiller @quicky2g
                          last edited by

                          @quicky2g Welcome to the community!

                          quicky2gQ 1 Reply Last reply Reply Quote 0
                          • quicky2gQ
                            quicky2g @scottalanmiller
                            last edited by

                            @scottalanmiller Thanks! Co-worker put me onto this article and seems like a pretty cool site. Might have to stick around 🙂

                            dafyreD 1 Reply Last reply Reply Quote 2
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              Awesome! Great to see people starting to steer others over here!

                              1 Reply Last reply Reply Quote 0
                              • dafyreD
                                dafyre @quicky2g
                                last edited by

                                @quicky2g said:

                                @scottalanmiller Thanks! Co-worker put me onto this article and seems like a pretty cool site. Might have to stick around 🙂

                                Welcome aboard & Thanks for the code update!

                                1 Reply Last reply Reply Quote 0
                                • travisdh1T
                                  travisdh1
                                  last edited by

                                  I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?

                                  dafyreD 1 Reply Last reply Reply Quote 0
                                  • dafyreD
                                    dafyre @travisdh1
                                    last edited by

                                    @travisdh1 said:

                                    I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?

                                    If you haven't read up in the FAQ yet, check it out here: https://www.zerotier.com/tech_faq.shtml -- especially the security section.

                                    What kind of use case are you seeing for it?

                                    quicky2gQ travisdh1T DashrenderD 3 Replies Last reply Reply Quote 1
                                    • quicky2gQ
                                      quicky2g @dafyre
                                      last edited by

                                      @dafyre said:

                                      @travisdh1 said:

                                      I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?

                                      If you haven't read up in the FAQ yet, check it out here: https://www.zerotier.com/tech_faq.shtml -- especially the security section.

                                      What kind of use case are you seeing for it?

                                      I did Wireshark on the traffic yesterday. All I saw was encrypted data inside a UDP packet. Not sure if there are any vulnerabilities or security holes in the dependent applications.

                                      1 Reply Last reply Reply Quote 1
                                      • travisdh1T
                                        travisdh1 @dafyre
                                        last edited by

                                        @dafyre said:

                                        @travisdh1 said:

                                        I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?

                                        If you haven't read up in the FAQ yet, check it out here: https://www.zerotier.com/tech_faq.shtml -- especially the security section.

                                        What kind of use case are you seeing for it?

                                        I've got two locations, one with the worst "high-speed" internet you're likely to find outside of satellite (good riddance to satellite!) 1 vm host and 1 backup target at each location. Ether XenServer or ProxMox running on the servers. I'm thinking I'll be able to manage most things at both sites with a jumpbox vm. Maybe even make xrdp available as well, tho that would be painful with the DSL connection (756kb/250kb actual measured 600kb/300kb.)

                                        quicky2gQ 1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @dafyre
                                          last edited by

                                          @dafyre said:

                                          What kind of use case are you seeing for it?

                                          The use case I see is a primarily mobile workforce. But also something like more modern offices mostly seen on the west coast - just let anyone on the network because the network is just a connection medium. ZT over the physical is what would actually allow you access to services for the company.

                                          1 Reply Last reply Reply Quote 2
                                          • quicky2gQ
                                            quicky2g @travisdh1
                                            last edited by

                                            @travisdh1 said:

                                            @dafyre said:

                                            @travisdh1 said:

                                            I'm really liking how easy it is to setup. Just want to see some security review by a trusted security person before I go ahead and roll it out. Anyone seen a review on it from someone like Steve Gibson, Brian Krebs, or the like?

                                            If you haven't read up in the FAQ yet, check it out here: https://www.zerotier.com/tech_faq.shtml -- especially the security section.

                                            What kind of use case are you seeing for it?

                                            I've got two locations, one with the worst "high-speed" internet you're likely to find outside of satellite (good riddance to satellite!) 1 vm host and 1 backup target at each location. Ether XenServer or ProxMox running on the servers. I'm thinking I'll be able to manage most things at both sites with a jumpbox vm. Maybe even make xrdp available as well, tho that would be painful with the DSL connection (756kb/250kb actual measured 600kb/300kb.)

                                            ZeroTier must use some kind of compression so might help with your speed issues. I have 5mbps upload at home. Did an upload test with iPerf between my house and my work office and saw 5mbps with Hamachi:

                                            0_1452090858124_hamachi.png

                                            Did the same test with ZeroTier between the same endpoints:

                                            0_1452090880951_zerotier.png

                                            dafyreD travisdh1T 2 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 4 / 6
                                            • First post
                                              Last post