Hello!
Can anyone tell me if it is possible to install Zerotier on an Ubuntu server?
Install ZeroTier on Ubuntu server for clients to have access only via zerotier vpn.
Is there any tourotial?
Thanks
That’s standard out of the box functionality. I’ve installed it on Ubuntu servers with no problems. You can even enable IP forwarding on the server and set up a route to give access to other clients to the local network that the Ubuntu server is running on.
Can you tell me how to do this?
Is there a tutorial?
For the installation, all of then instructions for installing on a Linux box (server or otherwise) are on the downloads page at Download – ZeroTier
For the routing option, there’s a tutorial here: https://zerotier.atlassian.net/wiki/spaces/SD/pages/224395274/Route+between+ZeroTier+and+Physical+Networks
It uses a NAT connection to the LAN, but you could also just use straight routing if you want.
@Erik
Thanks for the help.
If I follow these steps I only have access via zerotier VPN, correct?
I intend to install zerotier on ubuntu and give clients access to the website only via vpn
@erik
What I intend is for customers to only have access to the website via VPN.
And it’s not possible using the real IP
That works. You need to have the zerotier client on your server and the clients. Then they will all have an IP address in a zerotier subnet that they can use to communicate so the clients will be able to go to the website using the zerotier IP address that has been assigned to the server.
But do I still have to activate routing?
And isn’t there an option to replace the server’s real ip with the zerotier ip?
If customers discover the real IP
The server will need two addresses - one for internet access in order for Zerotier to work and then one for participating in the Zerotier network. If the server is just hosting a web application, then the clients will only see whatever the web server presents to them, so there’s no way for them to determine the main IP address of the server.
Think of it like adding a second network card to the server connected to a switch where the other zerotier clients are connected.
The diagram is logical in that the actual traffic has to run over the existing network connections, but it has no knowledge of that path or the addresses being used.
If all your clients need is access to this server then there’s no need to activate routing. If you don’t want them to have access to other devices on the server’s network don’t activate routing. In this example there is no routing being done since the server and all of the clients are all in the same zerotier network space so they see each other as local connections.
@erik
Thanks a lot for the help.
But I still need to understand one thing. for example, I install zerotier on the server and the clients also install zerotier, then I give the website’s dns to the client,
If he does a ping, does he find out the real IP of the server?
Run zerotier-cli peers
at a command prompt as Administrator or Root.
Do you care if your clients know the information in the rightmost “path” column? – ZeroTier won’t conceal it from clients.
If you do care, then you should be using something like a Tor Service instead of ZeroTier.
@dajhorn
I intend to use zerotier and give access to the site to users with dns but if they ping the dns they give the zerotier ip, is it possible?
What is the routing option for?
@erik
So just install zerotier on the ubuntu server and then on the clients?
So giving the DNS they can’t know the public IP?
And why should routing be?
As a matter of due diligence, if you’re offering a service, then assume that the host IP address and other identifying information will eventually become apparent to your end-users.
You haven’t provided nearly enough detail to get a specific solution, and you’re asking the wrong questions to get a generic solution.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.