...
- Hosting a game server at home (useful for LAN only games) or simply creating a LAN party with your friends;
- Accessing LAN devices behind NAT directly;
- Accessing LAN devices via SSH without opening port to the Internet;
- Using your local Pi-Hole setup from anywhere via the Internet;
Video tutorial
Required Network Configuration
...
- Register on my.zerotier.com and Create A Network, obtain the Network ID, in this example: 1d71939404912b40;
- Download and Install ZeroTier NPK package in RouterOS, you can find under in the "Extra packages", upload package on the device and reboot the unit;
Enable the default (official) ZeroTier instance:
Code Block language ros [admin@mikrotik] > zerotier/enable zt1
Add a new network, specifying the network ID you created in the ZeroTier cloud console:
Code Block language ros [admin@mikrotik] zerotier/interface/add network=1d71939404912b40 instance=zt1
Verify ZeroTier configuration:
Code Block language ros [admin@MikroTik] > zerotier/interface/print Flags: R - RUNNING Columns: NAME, MAC-ADDRESS, NETWORK, NETWORK-NAME, STATUS # NAME MAC-ADDRESS NETWORK NETWORK-NAME STATUS 0 R zerotier1 42:AC:0D:0F:C6:F6 1d71939404912b40 modest_metcalfe OK
Now you might need to allow connections from the ZeroTier interface to your router, and optionally, to your other LAN interfaces:
Code Block language ros [admin@mikrotik] /ip firewall filter>filter add action=accept chain=forward in-interface=zerotier1 place-before=0 [admin@mikrotik] /ip firewall filter>filter add action=accept chain=input in-interface=zerotier1 place-before=0
- Install a ZeroTier client on your smartphone or computer, follow the ZeroTier manual on how to connect to the same network from there.
- If "Access Control" is set to "Private", you must authorize nodes before they become members:
Code Block language ros [admin@MikroTik] > ip/address/print where interface~"zero" Flags: D - DYNAMIC Columns: ADDRESS, NETWORK, INTERFACE # ADDRESS NETWORK INTERFACE 3 D 192.168.192.105/24 192.168.192.0 zerotier1 [admin@MikroTik] > ping 192.168.192.252 count=3 SEQ HOST SIZE TTL TIME STATUS 0 192.168.192.252 56 64 407us 1 192.168.192.252 56 64 452us 2 192.168.192.252 56 64 451us sent=3 received=3 packet-loss=0% min-rtt=407us avg-rtt=436us max-rtt=452us
...
| Property | Description |
|---|---|
| name (string; default: zt1) | Instance name. |
| port (number; default: 9993) | Port number the instance listen to. |
| identity (string; default) | Instance 40-bit unique address. |
| interface (string; default: all) | Interfaces ZeroTier uses toList of interfaces that are used in order to discover ZeroTier peers, by using ARP and IP type connections. |
| route-distance (number; default: 1 ) | Route distance for routes obtained from planet/moon servers. |
...
| Note |
|---|
Also all other new hosts you have to authorize under the /zerotier/controller/member/ section. |
Moons
All ZeroTier nodes on a planet effectively inhabit a single data center. This makes it easy to directly connect devices anywhere, but it has the disadvantage of not working without an Internet connection. A user-defined set of roots is called a moon. When a node “orbits” a moon, it adds the moon’s roots to its root server set. Nodes orbiting moons will still use planetary roots, but they’ll use the moon’s roots if they look faster or if nothing else is available.
More information you can find here, but further in this article, we will take a more detailed overview of very basic operations with moons in RouterOS.
Generate a moon
In the following example with the update-moon-json configuration command we generate a .json type file and its corresponding .moon file:
| Code Block | ||
|---|---|---|
| ||
[admin@office] /zerotier> update-moon-json identity=zt1 address=172.17.17.15
[admin@office] /zerotier> /file pr
Columns: NAME, TYPE, SIZE, CREATION-TIME
# NAME TYPE SIZE CREATION-TIME
0 000000879c0b5265.moon .moon file 259 jan/12/2022 16:10:06
1 000000879c0b5265.moon.json .json file 757 jan/12/2022 16:10:06
2 flash disk jan/12/2022 16:08:20
3 flash/skins directory jan/12/2022 02:00:20 |
The .json will contain something like:
| Code Block |
|---|
{
"id": "879c0b5265",
"objtype": "world",
"roots": [
{
"identity": "879c0b5265:0:d5fd2d17805e011d9b93ce8779385e427c8f405e520eea9284809d8444de0335a817xxb21aa4ba153bfbc229ca34d94e08de96d925a4aaa19b252da546693a28",
"stableEndpoints": [
"172.17.17.15"
]
}
],
"signingKey": "ed0cc50bda211da1fdb383629164f5411e74f954b8bb9db58369cb0749c3575a141a04b82ab0350e38f325fac5f87671ed1d7f171c5a7e9a238b097643a3612a",
"signingKey_SECRET": "f7963c501d8c254c8719ae9d1d6f9f442612aa888b63d668d1a78296a9b3463b09736014be27f561e85de3d4beaf57d3d3a859773110a5885d3fda9947062927",
"updatesMustBeSignedBy": "ed0cc50bda211da1fdb383629164f5411e74f954b8bb9db58369cb0794c3411a575a04b82ab0350e38f325fac5f87671ed1d7f171c5a7e9a238b097643a3612a",
"worldType": "moon"
} |
Add moon
If you configure update-moon-json with moon-json and existing .json file:
| Code Block | ||
|---|---|---|
| ||
[admin@Home] /zerotier> update-moon-json moon-json=000000879c0b5265.moon.json address=172.17.17.13 identity="deb55dc5b1:0:705c7afebc91bbed3ef81a754b0be4256c9edac702d2c7befd7da8f9c4ec2850a95fd3a863a4249f81c57a91ed784ab145bb915cf4b67abda2665e8775565307" |
First, we notice that the file size increases from 757 to 974:
| Code Block | ||
|---|---|---|
| ||
[admin@Home] /zerotier> /file print
Columns: NAME, TYPE, SIZE, CREATION-TIME
# NAME TYPE SIZE CREATION-TIME
0 000000879c0b5265.moon .moon file 338 jan/12/2022 16:30:56
1 000000879c0b5265.moon.json .json file 974 jan/12/2022 16:30:56
2 flash disk jan/12/2022 16:08:20
3 flash/skins directory jan/12/2022 02:00:20 |
By opening the updated .json file we can find an additional root:
| Code Block |
|---|
{
"id": "879c0b5265",
"objtype": "world",
"roots": [
{
"identity": "879c0b5265:0:d5fd2d17805e011d9b93ce8779385e427c8f405e520eea9284809d8444de0335a817ccb21aa4ba153bfbc229ca34d94e08de96d925a4aaa19b252da546693a28",
"stableEndpoints": [
"172.17.17.15"
]
},
{
"identity": "deb55dc5b1:0:705c7fmarc91bbed3ef81a754b0be4256c9edac702d2c7befd7da8f9c4ec2850a95fd3a863a4249f81c57a91ed784ab145bb915cf4b67abda2665e8775565307",
"stableEndpoints": [
"172.17.17.13"
]
}
],
"signingKey": "ed0cc50bda211da1fdb383629164f5411e74f954b8bb9db58369cb0749c3575a141a04b82ab0350e38f325fac5f87671ed1d7f171c5a7e9a238b097643a3612a",
"signingKey_SECRET": "f7963c501d8c254c8719ae9d1d6f9f442612aa888b63d668d1a78296a9b3463b09736014be27f561e85de3d4beaf57d3d3a859773110a5885d3fda9947062927",
"updatesMustBeSignedBy": "ed0cc50bda211da1fdb383629164f5411e74f954b8bb9db58369cb0794c3411a575a04b82ab0350e38f325fac5f87671ed1d7f171c5a7e9a238b097643a3612a",
"worldType": "moon"
} |
Export moon
As the self-explained export-moon command indicates, you can export the moon from the working ZeroTier instance:
| Code Block | ||
|---|---|---|
| ||
[admin@office] > zerotier/export-moon zt1 moon=000000deb55dc5b1
[admin@office] > file pr where name~"moon"
Columns: NAME, TYPE, SIZE, CREATION-TIME
# NAME TYPE SIZE CREATION-TIME
0 000000879c0b5265.moon .moon file 259 jan/12/2022 16:18:10 |
Import moon
To import a moon you have to select an instance and the moon file for import, in the following example we will import the moon from "RouterOS Office" to the "RouterOS Home" device:
| Code Block | ||
|---|---|---|
| ||
[admin@Home] /zerotier> peer/pr
Columns: INSTANCE, ZT-ADDRESS, LATENCY, ROLE, PATH
4 zt1 deb55dc5b1 29ms LEAF active,preferred,159.148.172.243/9993,recvd:3s962ms,sent:3s962ms
[admin@Home] /zerotier> import-moon moon=000000deb55dc5b1.moon zt1
[admin@Home] /zerotier> peer/pr
Columns: INSTANCE, ZT-ADDRESS, LATENCY, ROLE, PATH
4 zt1 deb55dc5b1 MOON |
Drop moon
To remove the moon from the instance, use the drop-moon command as follows:
| Code Block | ||
|---|---|---|
| ||
[admin@office] > /zerotier> drop-moon moon=000000deb55dc5b1 zt1 |
Orbit moon
The orbit-moon feature allows you to fetch moon configurations from the moon itself with a pointing IP address:
...
| language | ros |
|---|
...
