Local area networks (LAN) are a collection of devices within a limited area, usually a house or an institution such as a university. However, exposing devices on a LAN network can often pose security risks if improperly setup, or sometimes a public IP address may not be available for your server/machine. Static IPs are also often note available for home internet connections, so in these cases, we can use virtual private networks to access LAN devices over the internet. SSH connections into your local server can also be vastly simplified using this method of virtual networks.
ZeroTier is a software-defined networking solution that allows access to a virtual LAN network over the internet, without having to expose ports to the public, and without need for a public IP address. This type of networking is sometimes know as intranet penetration, where we can use the ZeroTier servers to connect the server (which is LAN only) via the internet (with an ssh terminal etc.).
Network Diagram of ZeroTier’s Virtual LAN
This is in stark contrast to how you’d usually connect to servers, where you’d have to open ports and such.
Setting Up ZeroTier
In this tutorial, we’ll use a the scenario of a Windows computer remotely accessing an Ubuntu server, where the server only accepts LAN ssh connections, and is not exposed to the internet.
Sign Up to ZeroTier
ZeroTier offers 4 plans and tiers, each with different types of support and max number of clients/admin accounts allowed.
- Open Source – No limit on clients and admin accounts, but is self-hosted only
- Basic – Up to 50 network clients/members, 1 network admin
- Professional – Up to 500 network clients, 10 network admins and priority support
- Enterprise – No limit on clients and admin accounts, and the option for an SLA (service level agreement)
ZeroTier Plans and Pricing
In our scenario above, we will only be needing the basic plan, or if self-hosting is an option for you, that could be the better choice. However, as our case only requires 2 network members (Windows machine and Ubuntu server), the basic plan will be more than enough (and saves the hassle of self-hosting)!
If you really wanted to self-host, a good option can be Oracle Cloud’s free tier, where you can get up to 6 VMs (2x AMD 1GB RAM, and 4x Ampere A1 24GB total RAM).
Go ahead and sign up to ZeroTier, and you’ll be lead to the control panel.
Using ZeroTier to Setup a Network
Once you’re redirected to the dashboard, click on the Create a Network button to begin creating your first network.
Create Network
Your network will appear in the list of networks, click on the name (in this case pedantic_puskas
) to change its settings and add clients to the network.
New Network Added
Rename your network as you wish, and make sure to give it a fitting description. Scroll down and click on “Private”, if not already selected. This will ensure that the network cannot be accessed by unauthorised users, and will make sure that your server is safer against SSH attacks.
Scroll down more, and find the “Members” section. We see that no clients are connected to our network yet, so let’s add them now. Make a note of the 16 digit string after “join” in bold, this will be your Network ID.
No Members yet
Installing ZeroTier on Clients
Note
Setting up the ZeroTier client on your LAN server will require SSH access, so make sure that you can remotely access the machine first.
Go to the ZeroTier Downloads site, and click on your operating system. Then, follow the instructions to install the ZeroTier client on your machine. For the LAN server, the bash script will work for Debian, Ubuntu, CentOS, RHEL, Fedora and other Linux distributions. The website also suggests using GPG keys to verify the package’s authenticity, which can be done to further secure your installation. Otherwise, SSL will work for most users.
Setting Up ZeroTier’s Client
Windows
Open ZeroTier on your Windows machine, right click on the tray icon and open the control panel. Here you’ll find a text box to input your network address, and enter in your 16-digit Network ID from before. Press on “Join Network”, and it will register in the list above.
Adding the Network
You’ll see that there is no information next to the Network ID yet, and the down arrow menu shows “ACCESS DENIED
“. This is because we created a private network, so we’ll have to allow this device onto our network before it can be used.
Granting Access
Go to your ZeroTier dashboard, and go to the “Members” section. You’ll see that the “Auth?” checkbox is not ticked, so tick that and go back to your ZeroTier control panel. The status will now be “OK”, and on the web control panel, under Members -> Managed IPs, you’ll see that the machine has been allocated a local IP.
This IP will be the “local” IP of your machine on the ZeroTier virtual LAN network, and will be used to identify the computer on the network.
Linux
After installing ZeroTier using the script, add your server to the network using the following command:
sudo zerotier-cli join <your Network ID>
And same as before, tick the “Auth?” checkbox on the web dashboard. Now you are set up on the ZeroTier virtual LAN network.
Accesing LAN Devices Remotely Over the Internet
If you wanted to SSH into your local home server, you would find the “Managed IP” of that device on the ZeroTier dashboard, and use it instead of your local IP. For example, if you usually SSH into your server via the IP 192.168.1.10, and your ZeroTier managed IP is 172.28.15.87, you’d use the 172.28.15.87 IP instead of 192.168.1.10.
Finding the Managed IP
In this case, you can even SSH into your machine without a public IP address, as the server is not facing the internet directly. Rather, it is through ZeroTier’s virtual networking.
The post Accessing LAN Servers Over the Internet with ZeroTier without a Public IP appeared first on Jiuyu's Guide.