AirPiConsole remote access with ZeroTier
Overview
In the previous post of this AirPiConsole series (part1, part2 I used Autossh to create a reverse tunnel from the device to a cloud VPS to permit remote access.
In the previous post of this AirPiConsole series (part1, part2 I used Autossh to create a reverse tunnel from the device to a cloud VPS to permit remote access.
The VPS I use is cheap but unreliable so the tunnel was down most of the time so I started looking for a better alternative.
The solution came from the Packet Pushers podcast episode PQ134 about ZeroTier.
What is ZeroTier? TL;DR version
ZeroTier is an overlay. It works through the internet, encapsulation is similar to VXLAN. Security is guaranteed by open source and encryption keys that are only hosted on clients and not on ZeroTier servers.
The free tier
A free tier is often a great opportunity to get on-board with new products, use them for small testing/personal projects and get the confidence required to move to production.
ZeroTier community edition allows to connect up to 100 devices and provides free Android and IOS app along with Windows/OSX/Linux clients.
ZeroTier is even available on QNAP, Synology and WD Nas. This is a great boot for security, these NAS are well know for having security problems exposing all the stored data to the Internet.
Setup
Installation and setup is straightforward and well documented on the website. I got some issue installing on my RaspberryPi fixed following these instructions.
What you get
Accessing the console we can create net networks. Each network is a L2 domain and has an associated network ID.
To add devices to a network we ca use the CLI
zerotier-cli join <network ID>
or the GUI
Once the devices are connected they must be authorized from the console to actually join the network.
I've added a Raspberry, Windows 10 PC and Laptop, Android tablet and phone without any problem.
All the devices now have an additional interface and behave like they're all connected to the same switch in the cloud. It is possible to setup a custom network (I choose 10.255.255.0/24) and assign static IP addressed to devices.
What's next
ZeroTier support advanced features like Ethernet bridging (on Linux), Network Rules (stateless ACLs). The manual available online contains explanations and configuration examples.
Wrap up
I don't know if I would use ZeroTier to actually create L2 connection between datacenter, assuming this is a good idea with any other product anyways.
ZeroTier looks great for IoT and VPN, pricing is reasonable, reliability and performance looks fine based on my small and limited test environment.
ZeroTier satisfies any remote reachability need I had for my home/lab devices and works like a charm on Raspberry Pi Zero W. I can say I'm a happy customer ;-)
Free tier and easy setup makes the whole experience very positive, give it a try!
Updates
If you look for a product with similar features you can simply buy and use, consider Intertooth.
I've migrated my tunnels from Zerotier to Tailscale. I didn't noticed significant differences for my needs, both are valid.