Zerotier One Windows 7

6 views
Skip to first unread message

Torie Crivello

unread,
Aug 3, 2024, 4:30:46 PM8/3/24
to trudimanpen

Be sure to approve installation of the driver during the install process. Note: Windows 7 and Server 2012 users, please download ZeroTier 1.6.6, as there is no Windows 7 support in ZeroTier 1.8 or later.

Debian and RPM based distributions including Debian, Ubuntu, CentOS, RHEL, Fedora, and others are supported via a script that adds the right repository and installs the package. Other Linux distributions may have their own packages. If not try building and installing from source.

You can get our official Docker images on Docker Hub. We also publish a Dockerfile in the public ZeroTierOne repository which you can use for local development on ZeroTier itself, or as a starting point for your own containerized deployments.

ZeroTier One can be compiled easily from source for use on OSes other than those that we support via pre-built packages. This includes less common versions of Linux, older FreeBSD, OpenBSD, NetBSD, etc.

ZeroTier One for Western Digital MyCloud EX2/4/Ultra NAS and personal cloud devices, with packages at download.zerotier.com. Once installed you can join virtual networks from the ZeroTier One command line interface. See the ZeroTierNAS repository for more information.

ZeroTier One is a service that can run on laptops, desktops, servers,virtual machines, and containers to provide virtual network connectivitythrough a virtual network port much like a VPN client. It can also actas a network controller and as a federated root server.

After the service is installed and started, networks can be joined usingtheir 16-digit network IDs. Each network appears as a virtual "tap"network port on your system that behaves just like an ordinary Ethernetport.

For the app to talk to the service, it needs access to the secret token.If the user running the UI app can't access the token, it can't talk the service, so they can't leave or join networks or change other settings.

A file called local.conf in the ZeroTier home folder containsconfiguration options that apply to the local node. It can be used toset up trusted paths, blacklist physical paths, set up physical pathhints for certain nodes, and define trusted upstream devices (federatedroots). Most of the time, you don't need to change any of these settings.

local.conf is a JSON format file that can also be edited and rewrittenby ZeroTier One itself, so ensure that proper JSON formatting is used. Paste your JSON into a JSON tool before saving your configuration file.

To control the ZeroTier system service, you need the token. If you don't have the token, you can't leave or join networks, for example. The UI app uses the token to control the system service. The cli, zerotier-cli, uses it also.

I transformed a linux machine (for example a rpi 4) into a router thanks to linux forwarding. Once done, you must define this linux router as the default gateway of your incompatible device. Once this is done, thanks to iptables rules, the requests from your incompatible device that will go through your linux router will go either to the zerotier interface of the linux router, or to the lan interface of the linux router. Your device will therefore have access to the internet and to zerotier via the linux router.

I think the number of suggestions in this thread proves that there are a few options for achieving physical network bridging with a Windows box, and it depends on your situation which option is best for you:

If the Server 2008 RRAS box is the default gateway for the security camera network then at this point you might be able to get all the way through to 10.10.0.200, but if not, you might need to add a NAT rule in RRAS:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

It is very likely to be the windows firewall. By default, it will block connections from other subnets. You need to set the firewall to allow connections from subnets other than the one currently in use (or disable the firewall entirely as a test) and it should work.

For Windows just disable the firewall to test.
If this is the problem then you can open up the firewall for traffic from the WG subnet.
Windows firewall blocks all traffic not coming from its own subnet.
Advanced Firewall (WF.msc), new incoming rule, scope, add VPN subnet to local scope.

There is an alternative solution, if this is the problem, you can SNAT WG server traffic out of br-lan, but you will loose logging and access restriction on your network, if your WG server clients are trusted that is not a great deal

I have a bunch of servers running in docker containers with docker-for-windows. Because of how docker works on windows these all get shoved inside of hyper-v vm and then the containers run there. So to access a server that is bound to localhost, i actually use the ip of the hyper-v virtual adapter.

So i can connect to my server using 10.0.75.2:3579 when im on the host windows machine. Now i want to user zerotier to bridge all my docker containers to a virtual lan so that i can access my containers outside of my schools network. ZeroTier creates a virtual adapter called "zerotier one virtual port": How it works now is that if i run servers on the host windows machine (bare metal) then i can access them using my zerotier ip10.147.17.221:port. BUT this doesn't connect my docker stuff since its on a different adapter, meaning i must be physically on machine to do any docker related stuff. How do i route or bridge the zerotier adapter to the hyper-v docker adapter so that i can access my docker containers externally using the zerotier ip?

Trying to set up a Windows Server 2016 install so that we can access it over a ZeroTier network instead of the current VPN solution. Connecting to it in Desktop/PC mode is no problem at all, but when I try to add a Workspace to use published apps I can authenticate and pull down the list of applications, but when it tries to connect to and configure the gateway for the connection it fails on the Mac with error 0x300005f.

The connection dialog shows that it is trying to connect to the IP address set up for the VPN, it is as though the gateway (sorry, I don't have all the right terms) is not pulling the right IP address based on where we are connecting from.

What piece am I missing that would allow the server to accept connections on more than one IP address for Workspaces/RDWeb apps? It is maddening that it works 99% except for actually launching the application.

It would be great if somehow we could just add the workspace with the IP address (which I am using in the URL), but it seems to have to route through the gateway which is configuring things for the wrong IP address.

The public IP is blocked by firewall, I had set up a Linux azure VM running a VPN on the same virtual network as the windows server host, and they were using that to connect to the system using the NIC IP address.

The problem is that while I can start a remote desktop session as PC/Desktop, trying to access workspace/published apps gives an error because it is trying to connect to the NIC address instead of the zerotier network interface the connection is coming in on. I don't know why the two types of connections behave differently.

And maybe your problem will need to capture some dumps or traces to further analysis, which I suggest to contact Microsoft Customer Support and Services where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

You may find phone number for your region accordingly from the link below:
Global Customer Service phone numbers
-us/help/4051701/global-customer-service-phone-numbers

It has nothing to do with Azure networking, as I can connect to it using any of the IP addresses, so all networking is functioning as it should. The problem is that however the published apps work, they insist on using the wrong IP which seems squarely in the gateway/broker/whatever configuration.

How does one set up a server with multiple NICs on different nets and allow full remote app functionality? Essentially that is what this is, but it is trying to make everyone connecting on NIC2 connect to the IP of NIC1 which they can not reach.

Clients will be able to connect to Zerotier with pretty much any internet connection, static/dynamic IPs, NAT/behind a firewall. The only port used by the client to connect with the Zerotier server is port 9993 UDP outbound, so it is very unlikely you will have problems with your internet connection or any SIM card.

Each Teltonika also has a local network with local devices, which we want to be able to access from the Zerotier network. For this purpose, we are going to set up firewall rules on the Teltonika so that we can access our local devices using some selected ports.

The difference between "Private" and "Public" is that with a "Public" network, any client that attempts to connect to the network will be granted access by default. When set as "Private", the network will only accept clients once the user flags them as "Authorized" on their first connection attempt. We will see this later.

Your clients will have multiple networks to access and each network should use a different IP range. If your local networks on the Teltonika routers are using "192.168.1.*" (like in our example), the Zerotier network should use a different range, and your engineering laptop (which is most likely connecting to the internet over WiFi or LAN) should have the local WiFI or LAN network IP range different again, to avoid clashes.

The firmware version used in this guide is 00.07.03, and we are connected to the internet using a wired WAN connection. A 4G SIM card would work exactly the same, just make sure you run through your first setup and get the router connected to the internet and ready for the next steps

c80f0f1006
Reply all
Reply to author
Forward
0 new messages