ZeroTier use case feasibility

kyle · March 5, 2022, 4:30pm

Hey All, apologies if this isn’t the correct place to ask presales questions. PIcking through the documentation it’s not clear if my use case is possible with ZeroTier.

We have a product that is basically a raspberry pi that sits in a third party facility with no access to the 3rd party managed network configuration. These are typically corporate networks with strict policies; we get internet and LAN access but no port forwarding or routing capabilities. Facility network configurations are typically unique in terms of subnets although some coincidently use the same subnets. Public IP is typically static.

The rpi currently captures data from serial and network devices then pushes the captured data to an AWS api.

The goal is to facility access and monitoring of all rpis and LAN devices behind the rpis. The rpi nodes do not have to interact with each other. Currently we use remote.it for remote access to rpis.

We have 4 objectives:

Place all rpis on a single network with a centralized server for secure access/data transfer. ZeroTier provides this.
At each facility, bridge the VPN to LAN to allow rpi to access local resources ie capture data from a LAN device via telnet and pass to the centralized server in the ZeroTier VPN. ZT provides this as well.
Provide ability for a developer device ie PC to connect to the VPN and access each rpi for services like ssh. ZT provides this.
Also provide the ability for the developer device to communicate with the LAN devices behind each rpi. This is probably the part I’m confused about.

Appreciate your time. Thanks.

roberto.sanglay · March 6, 2022, 4:08am

Interesting… I guess this is doable… Would love to hear how this would progress and hopefully goes into production.

Good lick

kyle · March 6, 2022, 5:49pm

After some thought, I realized putting on these devices on a central network would be a pretty huge security risk no? Essentially, anyone able to connect to the VPN would have access to all the LAN devices at every facility?

For clarification, right now each rpi device is accessed remotely, individually, using remote.it which basically allows peer 2 peer connections of services like ssh. But doesn’t allow connected devices access to the local LAN. We’re now looking at setting up wireguard/openVPN with a bridged connection, but assuming it even works like we want, it’s another service to manage separately on every device.

So I guess the problem we’re trying to solve is how to efficiently allow and manage remote access to local LAN across dozens of independent devices. I figured putting everything on the same VPN was a good start, but I definitely don’t want all these local LAN devices on a single shared VPN. Anyway, I appreciate any thoughts on the best approach. Thanks.

zalmanlew · April 3, 2022, 11:30pm

I’m actually doing something very similar to the scenario described by Kyle (for multiple projects). So far it’s been really great using ZeroTier for it.

system · April 4, 2022, 4:31pm

This topic was automatically closed after 30 days. New replies are no longer allowed.