The time most of us have feared has come. We can no longer go to work in our offices because of a global crisis. As the need for social distancing is critical in preventing the spread of the Corona Virus, being able to conduct your business remotely is required in order for your business to keep operating during this crisis.
You owe it to yourself and your employees to give them the flexibility to work from the safety of their own homes. Luckily, there are some great solutions available that allow you to set up access to all of your office resources safely and securely.
Today, we are going to focus on ZeroTier. ZeroTier is a Global Area Networking tool that allows you to easily connect cloud, mobile, desktop, server, and data center assets from anywhere. It’s open-source (which means free in this case), simple, and secure. To learn more about ZeroTier in detail, I suggest you check out the documentation on the ZeroTier Official Website. In this tutorial, I am going to show you how to set up ZeroTier in a Windows + Linux environment. This can easily be done in an Apple/Mac environment as well.
1. The Current Network
Our company is called ACME Accounting. The network consists of 2 Laptops, 1 Desktop, a Linux Web Server, a Windows Quickbooks/File Server, and a ZoneMinder CCTV System.
The internal LAN network is 192.168.1.0/24.
The only configuration that needs to be done on your internet router/firewall is that outbound traffic needs to be allowed on UDP 9993. However, most small businesses/home routers already allow all outbound traffic by default on their routers/firewalls so this should not be an issue for most people.
If we run ipconfig one of our company Windows machines, we can see that there is only 1 network interface installed on the machine.
2. Setting Up for Remote Access on the Business Computers
You need your employees to be able to work from home. To do this, we are going to use ZeroTier.
First, you need to setup a ZeroTier account. Go to www.my.zerotier.com and make an account. You can use an existing Google account to register.
Next, you are going to want to go to the Networks tab and click Create a Network:
A new network gets instantly created. You will notice there is a Network ID and a Name. The Network ID is the most important part of your ZeroTier network. Try not to share your Network ID with anyone besides your employees. This is how access is requested to join your ZeroTier network, which will be explained below.
Next, click on your new network and scroll to the top of the page to the Basics section. Fill out a name (I suggest your company name, and a description of what this is being used for.)
Under the Advanced section, I would choose a subnet that will not overlap with your existing subnet. In our example, our LAN subnet/network is using 192.168.1.0/24 (192.168.1.1-192.168.1.254).
In this case, I am going to choose a ZeroTier subnet that I don’t foresee ever being utilized on my internal network. I chose 10.242.0.0/16 which gives me plenty of IP space. You can choose a custom range and add specific routes, but for this example, we are just going to leave everything as is.
Now scroll down to Members. We can see that we have no devices in our network.
3. Adding Devices
To add some devices, we have install ZeroTier on our end point devices. First we will go to https://www.zerotier.com/download/ and download the Windows MSI installer for our windows machines.
We are going to first install ZeroTier on Max’s Work Laptop, and then follow up with all the other Windows Assets on the business network. (ZeroTier can be installed on Windows 10 and Windows Server. Check the downloads page for installation instructions for Mac, Linux and other devices.)
After following the installation instructions and installing ZeroTier, you will see a tray yellow tray icon. The first thing you are going to want to do is right click on the icon and hit Preferences and click Launch ZeroTier on Startup. This will ensure that if your remote device reboots, it will still be accessible remotely.
Now, you have two ways to get your device to join to your ZeroTier network: by Node ID or by joining the network. For this step tutorial, we are going to Join by Network.
Click the Tray Icon and we are going to hit Join Network
Now, remember that Network ID we spoke about earlier, we need to copy and paste that ID into this box. (It can be found under the Networks tab on your my.zerotier.com account.)
For now, we are going to only click Allow Managed. Hit Join.
(If you want to know what those other two options do, this is from the ZeroTier manual)
Now if we check our network interfaces again using ipconfig in cmd prompt on Max's Work Laptop, we can see a new interface has been created:
However, we can see that their is no IP assigned yet. Now we need to go back to the ZeroTier console and accept the device into our ZeroTier Network. If we scroll down on the ZeroTier Console, we can see our device has joined the network. We can verify it's our device by looking at the Node ID and matching it to output on the ZeroTier tray icon or by MAC address and matching it to our ipconfig output.
Let’s add in some information about the device and hit the Auth check box.
We can now see our device has a new IP address in the ZeroTier Console. We can also see that our ipconfig output now has an IP address also on the ZeroTier NIC.
Now I am going to repeat this process with all my Windows devices and Linux systems at the office location and show you my assets fully configured.
As you can see, all my devices have joined, have their IP’s, and can now talk to each other over the ZeroTier network.
Here is a ping from the Front Desk Desktop to the Linux Web Server:
4. Setting Up Access from Employee Homes
Now that all your computers are part of a ZeroTier network, it’s time to add you and your employee’s home devices into the network. Just like we did on the office computers, we have to install ZeroTier and have them join the network.
Have your employees download and ZeroTier from www.zerotier.com/download and provide them the Network ID (like we did for the office computers). You can use the email instructions button to easily email all your information to your employees, including the Network ID.
Once they join, give them a proper Name/Description and have them join the network.
5. Now What?
Now, all you need to do is share the ZeroTier Network IP addresses with your employees and they can use tools like Remote Desktop, SSH, FTP, SFTP seamlessly from their homes. Just be sure your work systems are configured to allow services such as Remote Desktop. To enable and use Windows Remote Desktop on a Windows Computer, click the Start button and type in Remote Desktop Settings and click Remote Desktop Settings.
Then make sure Enable Remote Desktop is set to On.
Now from the CEO Personal Laptop (Your employee would do this from their personal, which in this scenario, is the CEO Personal Laptop), I can Remote Desktop into the Windows File Server by typing in Remote Desktop Connection into the Start menu:
Input the ZeroTier IP of the Windows File Server and hit Connect and put in the credentials for that server (Hit don’t ask me again and Yes on any certificate warning)
Now you can see I have remote access into my Windows File Server over the ZeroTier network.
Another great use for ZeroTier is to connect it to your CCTV system. If your CCTV system runs on a Linux OS or Synology, you can access and install ZeroTier directly on those systems. You can also use remote desktop to access your CCTV systems that are normally only accessible from office systems.
Here is an example of an install of ZeroTier on a ZoneMinder CCTV system and accessing the console through the ZeroTier IP address.
6. Conclusion
Although this may seem confusing to some, its actually quite simple:
Make a ZeroTier account and network
Install the agent on your computers
Add your Network ID
Authorize the Device
And you're done!
We haven’t even touched the surface of Flow rules and routing settings, but for a quick and simple solution, ZeroTier is the way to go when you need a quick remote access solution.
If you like ZeroTier, you can pay for their dedicated support and have access to unlimited networks. I personally think it’s a great price of $30 a month for such a simple and easy to use VPN system. They have higher tier plans available as well. For any question or concerns about setting up ZeroTier at your business/home, please reach out to us at contact@spikefishsolutions.com. We’d be happy to answer any questions or concerns you may have.
Also check out our remote access page for information about our free offerings during this global pandemic. www.spikefishsolutions/remote-access UPDATE: ZeroTier was kind enough to feature us on their blog. Check out their statement on the CoronaVirus. Stay safe!
Follow us on Twitter/Instagram: @teamspikefish
Hey @lemarjackson, In order to use ZeroTier on a router, you would either have to have a router that is running Linux. Your other option would be to get a dedicated device to run ZeroTier (like a Raspberry Pi) and setup routes to the ZeroTier network. However, the beauty of ZeroTier is that you don't really have to do anything with routers/firewalls in order to get it to work. ZeroTier works by coordinating connections between different nodes through their public root servers and then connections are made node-to-node. The only thing I've seen that prevents ZeroTier from working is an IPS that considers ZeroTier to be a malicious tool. In terms of IoT devices, I doubt you would be able to inst…
How do you set this up to remote access a router and IOT devices on a network? Currently using OpenVPN which works fine except want to switch from DSL to TMobile Home Internet which doesnt allow OpenVPN. Thanks in advance.