Private ZeroTier Network on the Public Internet

Описание

This video shows how to set up a Private ZT network on the Public Internet. This setup does not use the ZeroTier Root servers. It uses your own Root Servers (aka Moons).

Private Moons setup: https://docs.zerotier.com/zerotier/moons/

You will need to use your own tools to manage hosts or you can use the scripts I wrote: https://github.com/thedunston/bash_cli_zt or the ZTN CUI project which is web-based (currently, it doesn't have a feature to manage ACLs.) https://github.com/key-networks/ztncui-aio

You will need to keep up with any IP address changes with the ZT Root servers. Currently posted here:
https://zerotier.atlassian.net/wiki/spaces/SD/pages/7241732/Root+Server+IP+Addresses

and set up firewall rules to block those. A cron job set up to run once a day and apply the rules should be sufficient.

# For IPv4 only
for eachZTIP in $(host root.zerotier.com |grep "has address" | awk ' { print $4 } '); do

iptables -A OUTPUT -d ${eachZTIP} -j DROP
iptables -A INPUT -s ${eachZTIP} -j DROP

done