ZeroTier is a software company that will allow us to create and manage SDN (Software Defined Networks) to intercommunicate different computers in a virtual private network (VPN) easily and quickly. ZeroTier is one of the easiest ways to communicate with computers on the Internet, without having to create our own VPN tunnels, so we will leave behind the complexity of configuring it ourselves. This tool will serve us both in the home and in the professional sphere, since we have the possibility of interconnecting up to 50 devices in the same network completely free of charge, if you need to connect more devices, then you will have to purchase the premium version.
What is ZeroTier and what is it for?
ZeroTier is one of the leading companies in SDN (Software Defined Networks), and it will provide us with the possibility of interconnecting multiple devices over the Internet, without the need to open ports in any of them. Thanks to its ZeroTier One, the company offers us a client program that allows PCs, servers, smartphones and other devices to communicate with each other through a virtual private network (VPN), and all this completely free and secure , since all the traffic in the ZeroTier network is encrypted.
Thanks to SDN technology, we will allow users to create secure networks that are very easy to configure, in addition, all devices will be on the same subnet so that there can be communication between them, as if they were in the same physical location. ZeroTier provides a web interface to configure this virtual private network in detail, where we can configure the subnet used, the clients that can be connected to it, what routes we have to give to the different clients so that they arrive correctly at their destination, and much more. , since it will also allow us to configure a firewall in detail to allow or deny certain traffic.
A very important feature of ZeroTier is that communications are point-to-point. Unlike traditional VPNs where we will have a central server or router, in this case the messages are sent directly from computer to computer, without the need to go through the central node. This gives us a minimum efficiency and latency, ideal to have the best user experience.
Regarding the security of communications with ZeroTier, we have an asymmetric public key based on Curve25519 and Ed25519 for signing, it also uses Chacha20-Poly1305 for symmetric data encryption and for message authentication. Thanks to this encryption suite that is very similar to the one used by WireGuard, all our communications between computers will be encrypted. According to the creators of ZeroTier, in the next version 2.0 that is to come, they plan to incorporate AES-GCM, so that computers with AES-NI hardware encryption acceleration take advantage of this possibility, and have the best possible performance. We recommend that you read everything about ZeroTier’s cryptography on his blog .
Lastly, ZeroTier is compatible with Windows, Linux, macOS, FreeBSD, Android, iOS operating systems and also some NAS servers (Synology, QNAP and others). We must also take into account the limitations of the free version, because you may have to purchase the professional version if you have many devices to interconnect:
- Free: up to 50 devices, one administrator and with community support.
- Professional: up to 500 devices, up to 10 administrators, priority support and only $ 49 per month.
Today in this article we are going to offer you a complete tutorial where you can see how to configure an SDN network to interconnect two Windows computers, and both computers will be connected to the Internet with different connections, one via FTTH and the other via 4G.
Registration and commissioning of the SDN network
The first thing we have to do is register in ZeroTier, because we will necessarily need a network ID to start configuring the SDN network and integrate the different equipment into it. If we go to the official website and click on «Download», a message will appear directly telling us to register, click on «Start Here» to proceed with the registration.
To register we will only need to put the name and surname, and an email with the corresponding password. Once we have registered, we proceed to confirm the email that they have sent us, and we will be ready to start a web session in ZeroTier.
The first thing that we will see when entering the SDN platform for the first time via ZeroTier’s web, is a small step-by-step configuration wizard that will explain the different menus. This wizard will be in charge of registering a new “Network” automatically, without us having to do anything at all.
On the first screen we will be welcomed to ZeroTier Central, which is where we can create and manage the different networks, the administrators of said networks and also the different members, configure advanced rules in the firewall to allow or deny traffic, and much more . In the second menu we must choose “I want to connect my devices to a Friend or colleague’s devices”, that is, the option on the right.
Next, it will tell us that we must start creating a network, clicking on “Create a Network”. Once created, we will have to share the Network ID with friends or family, so that they automatically connect to the newly created SDN network. Once we have created the network, it will tell us that we must download the ZeroTier client on the different devices, so that later they connect to the SDN network. When the different members join, we must authorize them manually, in the “Members” section, otherwise, they will not have communication with any team on the network. Finally, in the paid version we can configure different administrators.
In the main menu of the network, we will always have to copy and take into account the «Network ID» that is generated automatically, this ID is necessary in each and every one of the clients to connect to the SDN network. We can also give it a name, and even a description. In “Access control” we must always put “Private”, in this way, the nodes must be authorized by us manually before becoming members.
In the “Managed routes” section is where we can configure different subnets for the members, we will have a list of subnets that we can configure in the “Easy” section, as you can see. However, we can also click on “Advanced” and use a somewhat more advanced configuration. A very important feature is that we can manually define static routes, in this way, all members within the SDN network will obtain these routes to reach other networks.
ZeroTier is compatible with IPv6 networks, in fact, we can obtain both an IPv4 for the SDN network and also IPv6, but this is optional. The same happens with the issue of DNS servers, we can manually configure the DNS we want.
If we have not configured the Network ID on any computer, then we will see the empty “Members” section, and it will indicate that no device has joined the network, and that we must use ZeroTier One with the corresponding Network ID so that they appear here. .
Just below we will have the advanced options of ZeroTier, and that is that we will be able to configure «Flow rules», to allow or deny the traffic between the different devices. In principle, both IPv4 and IPv6 traffic and communication between the different members are accepted by default, but from here we can configure these parameters in detail.
If we go further down the menu, we can see a basic syntax of how these “Flow Rules” work, and even what actions we can perform, as you can see, ZeroTier’s advanced configuration possibilities are really interesting and very advanced. Finally, it will indicate that we can only configure an administrator, but we have the menu to add more if we pay for the professional version, we must remember that we are using the “Free” version of ZeroTier, and we can also eliminate this network that we have just created. If we delete a network and create another, it will have a different Network ID.
Once we have seen ZeroTier Central where we will have access to the administration of the SDN network, now we are going to install ZeroTier on end devices.
ZeroTier installation on end devices (PC, smartphone etc)
The installation of ZeroTier on end devices has no mystery, we must download the software from the official ZeroTier website, and then install it on the PC or Mac, and even on mobile devices. Once we have the program installed, we will have to perform two actions:
- Enter the Network ID in ZeroTier One
- Accept the newly added member from the administration panel.
Once we have seen how ZeroTier One is installed on Windows 10 computers, we will see how to register the PCs and devices on the ZeroTier network.
Register the PCs and devices in the ZeroTier network
In ZeroTier’s main menu we can see both the Network ID, as well as the configuration of the private subnet that is going to be assigned, we must remember that we can select the subnet that we want, although we can also go to the “Advanced” section and configure the network more in detail, the DHCP server and more.
In the ZeroTier One client, we can see the “Node ID” which is the identifier of the node where we have installed it. Each computer where we install it will have a different “Node ID”. In order to join the ZeroTier network that we have just created, we must click on «Join Network», in the «Show Networks» section we will be able to see which network or networks this node is connected to.
In the «Join a Network» menu is where we will have to put the «Network ID» of the network, the options that appear below are used for the following:
- Allow Managed – If checked, ZeroTier managed private IP addresses and routes are assigned.
- Allow Global – If checked, ZeroTier managed private IP addresses and routes are assigned, but can overlap with public IP space.
- Allow Default : the program can override the default path of the operating system, and forward all traffic through the tunnel.
- Allow DNS : DNS retrieval is allowed through the ZeroTier managed network.
Once we click on «Join», Windows 10 will tell us that, if we want to allow other PCs and devices on the network to which we have joined to detect our PC, it is basically to configure in «Private network» or «Public network ». The normal thing is to put it in «Private network» so that we can communicate with each other without problems.
If we click on «Show Networks» of the ZeroTier One client on our PC, we will be able to see the status of the network, the type of network, and the characteristics of whether we have the «Allow» of which we have spoken before, at any time we can allow or not these features. The most important thing about this is the “Status: ACCESS_DENIED”, and it is that, although we have successfully connected to the ZeroTier network, we will not have full access until we authorize it manually.
If we go back into the ZeroTier Central administration panel, we will be able to see the team or teams that have connected, and are waiting to be authenticated. All we have to do is click on the box « Auth? »To allow them access. Then we can put a name, a description and even the IP address that we want. It will also show us if you are currently connected, the last connection date, the version of the client you are using, and even the public IP address from where you are connecting.
Once we have authorized it, after a few seconds, “Status: OK” will appear, therefore, it will already be perfectly connected to the SDN network.
In the Windows networks section we can see a new adapter, which Network ID we are connected to, and also what private IP address it currently has.
At any time we can modify the members, we must bear in mind that in the “Free” version we can add up to 50 members to the SDN network, if we go over we will not be able to add more.
We must not forget that we can also obtain an IPv6 address, we can not only create an IPv4 network as you have seen previously.
In our case, we have connected two computers with Windows 10 as follows:
- AMD Ryzen 7 PC via cable to a symmetric 600Mbps FTTH Pepephone fiber connection.
- Lenovo X1 Carbon PC connected via 4G to Yoigo’s network.
When creating the network, although the computers are behind a NAT, and in the case of the Lenovo X1 Carbon we have a CG-NAT, they will be able to communicate without any problem, making use of the private addressing that has been provided. Below, you can see how from the laptop we can communicate with the desktop PC without any problem.
As you have seen, there is communication, the only problem is the latency of the connection, this will depend on the operator or operators and the form of connection you are using.
Official ZeroTier Documentation and Help Forums
One of the things we like the most about ZeroTier is the great community it has in its forums, and also the large number of tutorials and wikis to know everything about this tool, and all its possibilities. For example, we can add a node and have all the Internet traffic of the entire network flow through it, creating a default route in ZeroTier Central itself.
We recommend you visit the official ZeroTier manual where you will find answers to all your questions, you can also access the Wiki where you will find a lot of information about this great tool.