it seems your network controllers also appear there.
I have no way to know if these unknown Leafs are yours or hostiles.
I can see that someone has suggested connecting a 3rd party service to my ZT account to do this.
Frankly this is unattractive - the longer the chain of trust the more easily it forms a noose.
So, as you know the identity of your network controllers,
if in the output of zerotier-cli peers you could flag them separately
I could then run zerotier-cli peers through grep
and immediately know if an alien has somehow joined my network.
So the request is: > in the output of zerotier-cli peers, > separately flag your LEAFs.
In any event, your network controllers, in botanic or network terms, or aren’t really “Leafs”.
I would like to be able to easily see if an unauthorised node has joined my network. I assumed zerotier-cli peers would tell me. But there are unknown (to me) Leaf’s there.
This is only known by the network controller, and that information is not transmitted to the network members. If you want to see if there’s unauthorized members trying to connect to your network, they’ll be in your network configuration page at https://my.zerotier.com. They will not be in your peers list, since they’re not authorized on the network, and will have no way to contact any other peers.
Network controllers are indeed listed in your peer list. If your network ID is, for example 8056c2e21c012345, the first 10 digits of the network ID are the controller ID that will show up in the peer list (8056c2e21c).
A LEAF is literally any other node your instance of ZeroTier-One has talked to recently that is not a root server (PLANET).
(chuckle) of course I know
“they’ll be in your network configuration page at https://my.zerotier.com”
However I’m not going to log in once an hour and visually check this against
the output of peers.
Maybe I’ll employ someone to do this (joke).
It is useful information that the network controller’s Id is the first 10 digits
of my network Id, so I can distinguish these.
It is not a big issue at the moment as I’m still testing,
And while I’ll be testing the addition of a 2nd location in another country
in about 6 weeks,
the test network won’t grow beyond 10-15 nodes,
which I can visually memorise.
However if I were to deploy it into a real network,
it would be a problem.
How do other people solve this?
Has Zerotier considered notifications when a new node is authorised?
Seems like it would not be difficult to do, and could be optional.
Having used oss for 20 years I (almost) always support projects I use,
so once I move from testing into use, I would subscribe.
But, having looked at web hooks, I was filled with no enthusiasm.
Having to learn another technology/protocol/interface and add another service to the chain,
groan. If I ever decide to quit my day job and marriage and toss out my kids and become a full-time network administrator, well then things might be different.
You could consider making simple gentlemanly email notifications one of the paid options in your
finely crafted Professional Tier menu. $5/month, easily worth it.