ZeroTier - install for lab access

How to install ZeroTier on external devices (admin laptops, etc.) and reach the lab host over VPN.

Lab network: b103a835d2ead2b6 - Join.

See host-config for the Ansible role on the orchestration host, and gateway for gateway router install.

---

1. Linux (Debian, Ubuntu, Fedora, etc.)

curl -fsSL https://install.zerotier.com | sudo bash

sudo systemctl start zerotier-one
sudo systemctl enable zerotier-one

sudo zerotier-cli join b103a835d2ead2b6

zerotier-cli listnetworks   # ACCESS_DENIED until authorized

If zerotier-cli shows "missing port and zerotier-one.port not found": the daemon is not running.

• With systemd (Debian, Ubuntu, Fedora): sudo systemctl start zerotier-one
• Without systemd (OpenWrt, etc.): /etc/init.d/zerotier start

Wait a few seconds before retrying zerotier-cli.

---

2. OpenWrt

opkg install zerotier
uci set zerotier.global.enabled='1'
uci commit zerotier
/etc/init.d/zerotier enable
/etc/init.d/zerotier start

Network persistence (after reboot, node rejoins lab NWID): on OpenWrt, /etc/init.d/zerotier only applies UCI sections of type network with option id '<16 hex>'. zerotier-cli join alone or sections with list join / openwrt_network are not enough if the init script does not read them. Full config, firewall, troubleshooting: gateway 5.7 - ZeroTier (TL-WDR3500 / lab gateway).

On OpenWrt 24.x with apk, the same UCI concepts apply; startup is still /etc/init.d/zerotier.

---

3. Authorization

A lab admin must authorize the node in my.zerotier.com → network b103a835d2ead2b6 → Members → check Auth for the new device. The device then gets a ZeroTier IP.

---

4. Connect to the host

Once authorized, SSH to the host using its ZeroTier IP (visible in ZeroTier Central or zerotier-cli listnetworks on the host):

ssh user@<HOST_ZEROTIER_IP>