Can someone briefly explain how me and my friend can connect to each other without a central server in between? Don’t you usually need port forwarding rules on your modem for that? How does ZeroTier accomplish this without the need for that and central servers?
There are central servers involved, the root servers know the address information for your two clients, as provided by the clients themselves. When the clients try to contact each other, they are handed this information by the root servers and proceed to contact each other directly.
To get around the NAT problem, hole-punching is used to allow them to contact each other.
My terminology in the above might not be correct, just that’s the general process.
Thanks.
1 Like
Hello, I have several questions about how ZeroTier works, I hope someone will answer them.
How exactly does a controller work? I have self host one but I can’t figure out how it allows nodes to communicate with each other. I noticed that the controller stored the identity.public of each authorized node. But I don’t see any trace of the other nodes of the same network on a node. On one node I only see information about the network (controller).
I also noticed packets going out to the root servers containing my identity.public, what’s the point?
Next, how does zerotier encryption work in general?
Is data integrity checked by the zerotier client since udp doesn’t do it on its own?
Why does zerotier need 3 ports?
and finally, what is vl1 and vl2? I analyzed the packets a bit with wireshark and for me I would link vl1 with the encrypted udp packets passing over my connection and vl2 would be the zerotier virtual interface present on my pc, am I right?
Thank you very much, I did not find an answer to these questions in the doc and I would need this information for a school job.