Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:zerotier-apdesk [2026/01/14 08:49] – [ZeroTier Central] systemtechnical:zerotier-apdesk [2026/01/14 09:26] (current) – [Confrim on OpenWrt] system
Line 5: Line 5:
   * ZeroTier support in APdesk and MESHdesk is different when compared to Wireguard, IKEv2+IPsec or OpenVPN.   * ZeroTier support in APdesk and MESHdesk is different when compared to Wireguard, IKEv2+IPsec or OpenVPN.
   * With ZeroTier you do not have to worry about the server side since it is hosted by ZeroTier.   * With ZeroTier you do not have to worry about the server side since it is hosted by ZeroTier.
-  * Another important point about the ZeroTier VPN connection is that you can not use it to access the Internet.+  * Another important point about the ZeroTier VPN connection is that you <color #ed1c24>**can not use it to access the Internet**</color>.
   * ZeroTier is typically used to to create a **private network** where you can access devices on that network.   * ZeroTier is typically used to to create a **private network** where you can access devices on that network.
 +
 +-----------
 +===== ZeroTier Central =====
 +  * To manage ZeroTier networks, you have to register at ZeroTier (https://www.zerotier.com/).
 +  * There are free plans available which has certain restrictions in terms of the amount of devices that are allowed on the network.
 +  * There are also two versions of the dashboard, the original one is called **Legacy Central** and the new one is called **New Central**.
 +  * It seems the one you should use depends on when you registered with them.
 +  * I tried New Central and could not get to devices listed on Legacy Central.
 +  * The screenshots here are from Legacy Central.
 +
 +-------
 +==== ZeroTier Networks ====
 +  * Each network in Zerotier will have a unique Network ID which will be used by the client to join the network.
 +{{:technical:zerotier:zerotier-1.png?nolink|}}
 +  * After a client joined the network it will appear in the list of devices as an **Unauthorized** device.
 +  * You can then change its status to **Authorized** to allow it full access to the ZeroTier network
  
 ----------- -----------
Line 26: Line 42:
 </WRAP> </WRAP>
  
------------ +------ 
-===== ZeroTier Central ===== +===== Join a ZeroTier Network ===== 
-  * To manage ZeroTier networks, you have to register at ZeroTier (https://www.zerotier.com/). +  * Joining a ZeroTier Network is very easy in APdesk and MESHdesk
-  * There are free plans available which has certain restrictions in terms of the amount of devices that are allowed on the network+  * Make sure the MESHdesk firmware is recent and the ZeroTier package is included in the firmware built
-  * There are also two versions of the dashboard, the original one is called **Legacy Central** and the new one is called **New Central**+  * Edit the VPN connections of the device which you want to use to join the ZeroTier network
-  * It seems the one you should use depends on when you registered with them+  * Specify the ZeroTier Network ID
-  * I tried New Central and could not get to devices listed on Legacy Central+  * The interface name will be automatically populated when you save the entry. 
-  * The screenshots here are from Legacy Central.+{{:technical:zerotier:zerotier-2.png?nolink|}}
  
-------- +------ 
-==== ZeroTier Networks ==== +==== Split tunnel routing ==== 
-  * Each network in Zerotier will have unique Network ID which will be used by the client to join the network. +  * As stated earlier, you can not use ZeroTier network to break out into the Internet
-{{:technical:zerotier:zerotier-1.png?nolink|}} +  * This makes split tunnel routing optional since any device connected to the AP would be able to access the ZeroTier network (without having to specify anything under the **Split tunnel routing** section
-  * After a client joined the network it will appear in the list of devices as an **Unauthorized** device+  * If however you want a certain network or MAC Address to ONLY have access to the ZeroTier and no Internet access, you will be using the **Split tunnel routing** section.
-  * You can then change its status to **Authorized** to allow it full access to the ZeroTier network+
  
 +------
 +==== Onboarding ====
 +  * After you added the ZeroTier VPN entry, reboot the device in order for it to fetch its latest settings.
 +  * You should see it appear in ZoreTier Central as an **Unauthorized** device
 +{{:technical:zerotier:zerotier-3.png?nolink|}} 
 +  * Authorize it
 +{{:technical:zerotier:zerotier-4.png?nolink|}}
 +  * Reboot the device and confirm that it got an IP now
 +{{:technical:zerotier:zerotier-5.png?nolink|}}
 +  * You should now be able to reach any of the other devices on that ZeroTier network through the AP.
  
 ------ ------
 +==== Confirm on OpenWrt ====
 +  * You can log into the AP to confirm everything works as intended by issuing the following commands.
 +<code bash>
 +#Confirm it joined
 +zerotier-cli listnetworks
 +200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
 +200 listnetworks 9bee8941b51fae7b RADIUSdesk 7a:67:e9:94:c8:58 OK PRIVATE zt3jnzn36o 172.30.108.62/16
 +#Confirm that the interface is up and have an IP Address
 +ifconfig zt3jnzn36o 
 +zt3jnzn36o Link encap:Ethernet  HWaddr 7A:67:E9:94:C8:58  
 +    inet addr:172.30.108.62  Bcast:172.30.255.255  Mask:255.255.0.0
 +    inet6 addr: fe80::81:a3ff:fe2e:da69/64 Scope:Link
 +    UP BROADCAST RUNNING MULTICAST  MTU:2800  Metric:1
 +    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 +    TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
 +    collisions:0 txqueuelen:1000 
 +    RX bytes:0 (0.0 B)  TX bytes:872 (872.0 B)
 +</code>
 +
 +
 +
 +
 +
  
  • technical/zerotier-apdesk.1768373398.txt.gz
  • Last modified: 2026/01/14 08:49
  • by system