Zerotier Primer

To understand this, you'll first need to understand the very basics of how ipv4 networks work. I'll only gloss over things here, but you won't need to know a lot in order to actually use zerotier. It's mearly explaining what you should understand in order to know how to use it.

Subnets

Most devices these days are behind a firewall, and an ipv4 router. Ipv4 is comprised of addresses that are 4 octets (0 to 255), seperated by dots. It may look like 1.1.1.1 or 192.168.0.1. These addresses are broken into 2 groups. Private and public.

Private

  • 10.0.0.0/8 IP addresses: 10.0.0.0 - 10.255.255.255
  • 172.16.0.0/12 IP addresses: 172.16.0.0 - 172.31.255.255
  • 192.168.0.0/16 IP addresses: 192.168.0.0 - 192.168.255.255

These ranges are consider private, so you can assign these to devices behind a router and not conflict with anything else in the world.

Public

Anything outside of the range of these addresses is considered public. These could be things like DNS servers like 1.1.1.1, 8.8.8.8 ect, or even websites that you browse every day. Normally you use DNS addresses, but it's all these numbers under the hood in the public range that you are actually using.

Why does this matter?

Your home network has access to it's private range of addresses that allow all of your devices to talk to each other. Want to copy files back and fourth, or SSH over from one box to the other? It's all good to go. When you aren't at home, these addresses aren't accessable to you however. This is where zerotier comes into play.

Zerotier as a service, gives you a virtual private address, and everything within your own network also has one. Unlike your regular network address, this can be used to talk to your devices anywhere, as long as they are on your zerotier network, just the same as if you were home. The possibilities are truly endless here.

Why not a VPN?

A VPN is similar in concept to zerotier. You join a network, and can talk to other devices. The main difference between zerotier and a VPN is that there is no "router". Lets say you have 3 devices.

  • Laptop
  • VPN server
  • Desktop

Every time you talk from your laptop to your desktop, you will have to route through the VPN. This may not seemingly matter to you, but if the connection between either device, and the VPN is slow, or even the VPN itself is slow, the whole connection is slow. The connection visually would look something like this.

Laptop <-> VPN <-> Desktop

Zerotier on the other hand doesn't run a server. It's an ethereal network that connects devices directly in a P2P system, and no zerotier server sits in the middle. This gives you much faster connections, lower latency, and less connections to fail. Visualized, it would look like this

Laptop <-> Desktop

Security

There is an alternative to this that can be used, though it has it's drawbacks. It's port forwarding. This allows anyone with access to your public address to talk to that port. Lets say that you open port 22 on your home server to the world so you can access a shell remotely. This exposes it to anyone in the world that may want to try to get in. You'll have to harden your security to ensure that you aren't broken into, and still have to take the system load of constant attacks as bots will scan for, and try to break into any public address on the internet. Zerotier on the other hand won't open that port to the public, and only those allowed in your network can access the machine.

If you want to read into the security of Zerotier itself, here is a link to that. It's far more complex than anything I could go over.

Conclusion

I believe that zerotier is great for small users, all the way up to big buisness that wants the convenience of private networks, but without the complication, and downsides to a VPN. It's fast, secure, and flexable, as any good networking tool should be.

Bonus section: Where I use Zerotier

I use zerotier in a lot of places, and run many networks. A non exhaustive list would be

  • Nginx reverse proxy through zerotier
  • Accessing an NFS server remotely, securely
  • "LAN" gaming with friends who join a network
  • Accessing my 3D printer remotely without opening a port
  • SSH between all of my controlled machines no matter what firewalls are in place