Opening TCP Ports using Zerotier

Dear All,
A question from a new user of Zerotier. I have set up my two devices (windows PC & Raspberry PI) and both can be seen in the zerotier portal. I can also ping the PI from the PC (all good so far).

I am trying to use a piece of software called VurtualHere, which allows USB ports on the PI to be controlled from the PC. This software requires a TCP port 7575 to be open.

My question is, can this port be opened via Zerotier? Or will I need to open the port via Upnp (or an alternative) independently? Or open the port on the router?

Eventually the PI will live behind a corporate Firewall and opening ports on the firewall / Router manually is likely to be impossible.

Hope to hear from you soon


welcome to the forum. That’s a cool use-case.
Your zerotier interfaces/adapters will be wide open. (This can be locked down more with the rules engine if desired)

If something is blocking VirtualHere, it’s Windows firewall or the iptables on the rpi.

For the underlying/physical transport, zerotier uses a few UDP ports.
Here’s a little explanation

Many thanks for coming back to the call. I have switched the windows firewall off and looked at the iptables on the pi. The iptables look blank? My assumption is if the iptables are blank it is letting everything though?

I have looked at the Zerotier software status on the Windows machine and I see it is showing ACCESS_DENIED, and only the managed IP option is ticked. I assume this tick box is the same as the portal option “Managed Routes”? I have a feeling this needs filling in on the portal? What intrigues me is in the zerotier portal both devices show online and have an external IP address?

Currently I’m trying to find in the manual what all the sections in the portal mean and if they need filling in?

Sorry to sound dense, I’m not a network engineer and in the past on my own router at home I have just opened ports to specific devices and used a UPNP utility to force ports open. In the repeaters location this isn’t an option as the network is looked after by an IT company and I have no assess to firewall or router.

Here’s looking forward to the next thrilling instalment!


Hi! The only required step is to click the “Auth” checkbox next to each device/“member” in the portal. The rest of the defaults are designed to just work.

After they are authorized they get a Managed IP address. These are the IP addresses you use.

Two other suggested things to change are the networks’ name and each member’s name.

The website should have guided you through this, but that must’ve failed somehow.

Many thanks Travis,

I must have had a senior moment! After doing that it all came to life :wink: and all relevant fields were filled.
Even the SSH on the pi (an added bonus). This allows me to control a relay to remotely disable the repeater.

One final question before you put your “Super Hero” cape away, The Windows device is on a laptop if I move it around into other LANS do the Managed routes change automatically?

All joking aside. Many thanks for sticking with me on this one your help has been invaluable.


You can move your laptop to any physical network and zerotier will work the same! You don’t need to change any settings from here on. The managed routes and managed IPs will stay the same forever, unless you want to change them.

*it is possible for a physical network to block zerotier’s underlying connection. Just something to be aware of, if you go onto a bank’s wifi or something like that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.