Zerotier is a service that can be used to create a zero-trust network. It acts as a relay service between devices on different networks without a central server. This lets you establish a local connection to devices included in your virtual network using a bridge that has internet access or is on the same local network with internet.
The setup is very simple. After logging in, you get a network ID. Then, you install the Zerotier application for your device’s platform. Link.
Example Scenario
You can use a system like the one below to remotely connect to an embedded Raspberry Pi.
curl -s https://install.zerotier.com | sudo bashAfter installation, enable the IP Forwarding kernel parameter on the Raspberry Pi with this command:
sudo sysctl -w net.ipv4.ip_forward=1You must join the 16-character network ID to the agents.
zerotier-cli join $ZEROTIER_NETWORK_IDAfter the device is authorized on the site, you can access the Raspberry Pi using its IP address. To allow the Raspberry Pi to access devices on the network it’s connected to, you need to forward the packets using iptables rules.
Based on the output of the ip a command, define the network names you want to bridge as follows:
PHY_IFACE=eth0; ZT_IFACE=zt7nnig26Use the commands below to bridge the two networks.
sudo iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
sudo iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPTAfter this, run the following commands in order to make the connection permanent after a possible power outage.
sudo apt install iptables-persistent
sudo bash -c iptables-save > /etc/iptables/rules.v4