Your home/company network anytime and everywhere with ZeroTier
Imagine you visit your local hackerspace and suddenly Andy asks you if you know ZeroTier, of course you give a vague answer, just vague enough so he opens his laptop and shows you what you mean… and then you are stunned… here is why:
ZeroTier is the implementation of a decentralised network, it is based on the Google BeyondCorp papers, which are also a great read by the way.
Simple Explained (in my own words)
ZeroTier is a piece of software which you can run on Linux, Windows, Mac, Android and even some NAS. The network id is a 64bit hash, and the unique identifier for every network you create, sharing the network ID is enough for others to join this network. As a security layer you need to authenticate devices/hosts before they are allowed to access the resources. This is pretty handy done via the web interface.
The hostnames itself are a 40bit hash as a unique identifier for each system. In the interface you can set IP addresses for these hosts.
Security wise, ZeroTier can be considered a VPN. It uses Salsa20 / LZ4 and can provide speeds up to 484 mbps (see benchmark page).
A possible security flaw can be seen in the central management of the network, which for convenience hosted by ZeroTier itself, but it being Open Source, you can also host the components yourself (without the fancy web interface)
A charming fact is that the devices are inventoried, including their mac address and their device id, which is as mentioned unique, this can also support ZeroTrust decisions you might want to take on the way.
Also you can create different networks, so you could have a network for dev teams which include different servers as well as a network for finance and so on.
Interested in ZeroTrust, please read my comment
This blog post is inspired by a the Google Security Podcast by Anton Chuvakin and Timothe Peacock, they talked with…www.linkedin.com
This excites me pretty much, cause I remember all the years I spend running a OpenVPN server somewhere, and doing strange TigerVNC hopping just to bugfix my parents computer or simply access my NAS at home.
Imagine how easy LAN parties would have been if you could just make all your friends member of your private network around the globe.
The setup I tried out looks something like this:
I use a Banana Pi and NGINX to make my home systems, which don’t support ZeroTier out of the Box, available to all my mobile devices. So I can access the dashboards from wherever I am in the World.
But yes, the raspberry based Homeassistant and Brandmeister could support ZeroTier via the interface, but as my Synology is too old to run the software provided I went the NGINX way for all of them.
With this setup I also finally realised that I am more of a web guy then a networking guy, cause NGINX reverse proxy is my first solution to everything, instead of doing iptables masquerading and routing and stuff.
How to get started
You can simply sign up for an account on the ZeroTier Website
Right after that you can use the web interface to setup your first network.
From the screenshot you can spot that a network can have a maximum of 50 members in the free version.
After that you can use the Network ID to join via hosts. You will get notified via the web interface of new hosts which joined the network and you will need to authenticate them before they are able to communicate.
In addition you can assign hostnames and IP addresses. Which may makes life easier.
All the rest is just history, as they say. Instantly I was able to access the internal web pages or ssh to my banana pi.
[Update] I have now used the setup for several days, and there was not a single flicker. The network is pretty stable and I more or less only use it to ssh to some home components and access my Synology (there is also pre-build software for the newer models, but not for mine sadly)
Good luck trying it out please leave a 👏 if you like it… and always be excellent to each other