SOLVED: ZeroTier VPN installation on Ubuntu OpenVZ (with A2hosting.com el cheapo account)

I wrote this as for publishing on their Knowledgebase - but folks might look here first! sorry if some of the Terminology is wrong. I’m not generally a network person. Actually I’m not anything - I bumble along…

ZeroTier VPN installation on (A2 hosting) OpenVZ Hosting account

a) Firstly your node needs TUN/TAP enabling by an admin of the OpenVZ container, raise a support ticket with your hosting provider OR it seems some allow you to do this yourself in your control panel
b) Follow the ZeroTier installation process as normal

This guide supplied assumes you are logged in as root, if not pre-fix commands with sudo

After installation, post installation errors were observed as the following:

root@u1:~# service zerotier-one status
● zerotier-one.service - ZeroTier One
Loaded: loaded (/lib/systemd/system/zerotier-one.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-09-20 21:11:20 BST; 4s ago
Main PID: 1437 (zerotier-one)
Tasks: 4 (limit: 19660)
Memory: 4.7M
CGroup: /system.slice/zerotier-one.service
└─1437 /usr/sbin/zerotier-one

Sep 20 21:09:14 u1.dubious.info systemd[1]: Stopping ZeroTier One…
Sep 20 21:09:14 u1.dubious.info systemd[1]: zerotier-one.service: Succeeded.
Sep 20 21:09:14 u1.dubious.info systemd[1]: Stopped ZeroTier One.
Sep 20 21:11:20 u1.dubious.info systemd[1]: Started ZeroTier One.
Sep 20 21:11:20 u1.dubious.info zerotier-one[1437]: ERROR: unable to configure virtual network port: could not open TUN/TAP device: No such file or directory

“ifconfig” does NOT show the TUN interface eg ztks52rrpy: which we would normally expect

Following information from this page:

https://github.com/zerotier/ZeroTierOne/issues/699

This permissions may or may not be necessary I tried it and moved on to the next step

chmod 0666 /dev/net/tun

Adding the -U option to the end of ExecStart= line resolved the issue to bind the VPN to the TUN interface for me.

vi /lib/systemd/system/zerotier-one.service
Edit away with below then:-

ESC
:wq

#########################################################
[Unit]
Description=ZeroTier One
After=network.target

[Service]
ExecStart=/usr/sbin/zerotier-one -U

#########################################################

root@u1:~# service zerotier-one stop
Warning: The unit file, source configuration file or drop-ins of zerotier-one.service changed on disk. Run ‘systemctl daemon-reload’ to reload units.

root@u1:~# systemctl daemon-reload
root@u1:~# service zerotier-one stop
root@u1:~# service zerotier-one start
root@u1:~# service zerotier-one status

root@u1:~# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 136535 bytes 24762136 (24.7 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 136535 bytes 24762136 (24.7 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP> mtu 1500
inet 127.0.0.1 netmask 255.255.255.255 broadcast 0.0.0.0 destination 127.0.0.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 0 (UNSPEC)
RX packets 1086037 bytes 319096321 (319.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1495962 bytes 935468121 (935.4 MB)
TX errors 0 dropped 1346 overruns 0 carrier 0 collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP> mtu 1500
inet 216.137.181.189 netmask 255.255.255.0 broadcast 216.137.181.255 destination 216.137.181.189
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 0 (UNSPEC)

ztks52rrpy: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 2800
inet 192.168.196.131 netmask 255.255.255.0 broadcast 192.168.196.255
inet6 fe80::89:67ff:fe9e:8fa prefixlen 64 scopeid 0x20
ether 96:48:ac:ce:8d:e0 txqueuelen 1000 (Ethernet)
RX packets 5 bytes 2111 (2.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 656 (656.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

You can then also double check your ZeroTier installation with

zerotier-cli listnetworks

Which previously returned:

200 listnetworks
200 listnetworks 17d709436ca18694 prickly_toad 96:48:ac:ce:8d:e0 PORT_ERROR PRIVATE 192.168.196.131/24

should now return, something like this:

200 listnetworks
200 listnetworks 17d709436ca18694 prickly_toad 96:48:ac:ce:8d:e0 OK PRIVATE ztks52rrpy 192.168.196.131/24

Just to confirm, this patch worked for me as well. I’m using two Linux (Debian 10) V-Server from STRATO (happarently hosted on a “virtuozzo” based hypervisor. Adding the “-U” option to the " ExecStart=/usr/sbin/zerotier-one -U" line in “/lib/systemd/system/zerotier-one.service” did the trick.

Best regards
Yonz