How can I update the ZeroTier client remotely

I saw another similar question in here earlier about updating Mac ZT clients remotely, but nothing on doing this procedure for Windows. For enterprise-level ZT usage, is there a way to update all clients remotely via CLI or some other tool, or will we need to uninstall the current version, install the new version, and then rejoin all devices to the ZT network? This is to combat the security vulnerabilities found in versions <1.6.6, so I’m just looking for the most efficient method that isn’t conducting manual installations/reconfigurations for all nodes individually. Thanks!

Many enterprise customers use MDM software (InTune for example) to manage software installs & upgrades. I’d recommend using whatever your enterprise uses to roll out software package updates.

Hi zt-grant,

Don’t these programs still require some command line arguments to send to the program so that it can update? Is there a way to update zt from the command line? I didn’t see anything in the command line article.

On Mac & windows, you just download the new installer package and install it to upgrade. On linux, you use the distribution’s package manager.

1 Like

Thanks do you know if this will retain settings like networks we were connected to?

It will retain all settings & networks you’re connected to

One thing to note. I found that after pushing the installer via our MDM, we had to remove and re-add the network ( can be done via command line ). Our upgrade sequence looks like this

  • Get networks currently connected to - store in Var1
  • Upgrade software version
  • For each network in Var1 - zerotier-cli leave
  • For each network in Var1 - zerotier-cli join

Potentially a reboot would do the same thing, but I found this to be the least offensive to our staff base.

@bryn.moorhouse what caused you to require that? None of that should be necessary

We found that following the install, traffic did not flow.

I put this down to the fact that the GUI didn’t open on the machine afterwards (no admin rights for the users). It may just be a quirk of the upgrade process for us specifically, but figured it was worth mentioning as it took a fair old amount of head scratching to figure out.

UI app has no bearing on traffic. It’s just a control interface to the system service. If there are any other details you can give, it’d be much appreciated. None of what you did should be necessary, and has never been necessary from our experience.

Sure Thing. We use ConnectWise Automate. Here are the scripts. Initially, I attempted just the “Deploy ZeroTier” script, but had to change tack.

Main Script - notifies staff, then runs 3 scripts, then tells the staff member it’s complete.

Deploy ZeroTier - downloads the latest version and executes it.

In theory, that should have done it, but we had issues with traffic flow. So I built this script, which in fairness does more than just remove and re-add the network from the device. I wouldn’t have built them if I didn’t have to though.
Deauth script:-

Auth script:-

That’s really strange. We’ll definitely have to look into this more over here.

No biggy my end. It’s dealt with.

@zt-grant for reference, I’ve just tried it again whilst running a ping from another PC back to the remote device.
I get ping, ran the “Deploy” script listed above. Ping stops with “Request timed out” (5 attempts). I then get 3 pings back, 1 more “request timed out” and then infinity "destination host unreachable"s.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Hey there,
Which versions were you upgrading between most recently?

Not adding much detail here, but we have noted the same issue at times, even after reboot the network wouldn’t reconnect and the fix was leave/join. This was with remote upgrades windows via RDP (msiexec /i). It is an annoying issue because the ZT network is used primarily for remote admin so when it doesn’t come back up we always need an out of band connection to restore service.

I tested 1.6.6 → 1.8.3 and 1.6.6 → 1.8.1 → 1.8.2 → 1.8.3 with msiexec on a 10 Pro VM.

It worked ok. I didn’t need to leave and join. I had ping running while the installer ran.

There’s a popup about not being able to stop a process sometimes, but I just clicked OK.

Any other ideas to reproduce this?

I just tried 1.6.5 → 1.8.3 using msiexec /i
and it still pops up a GUI asking questions, and then starts the install. Then I lose connection and it never comes back. I have a user at the remote site reboot after 20 minutes or so, and it is still at 1.6.5 so I don’t think it is completing.

Update: I tried with msiexec /forcerestart /i and it seemed happier maybe since now I have 1.8.5

1 Like