Home Assistant Community Add-on: ZeroTier One

Ah! Right. I had changed that earlier today because I had read stuff (probably even near the start of this thread!?) suggesting that it was necessary to have them in the same subnet but with non-overlapping IP allocation from DHCP & from ZeroTier.

But now that you have pointed this out, I’ve realised that this is when my problem started :grin:

You’re a genius sir. Thank you for the help.

1 Like

Right so the way this stuff works - taking a computer with NO VPN as an example:

1 Network interface. 192.168.0.2. The network rules say that ALL traffic not destined for 192.168.0.0/24 should be sent to the router - and out on the internet.

2 Network Interfaces. 192.168.0.2 and 10.10.72.8. The network rules say that all traffic destined for 192.168.0.0/24 should go out on Interface 1. All traffic for 10.10.72.0/24 should go out on Interface 2. And ALL traffic not destined for either of those networks should go to the router, via the primary network interface - probably Interface 1 (192.168.0.2).

Now when you add virtual networks in to the mix, the rules get even more complicated. But taking your situation, if you have 192.168.68.0/24 on Interface 1, and then on a virtual network you have an IP address in the same address range as interface 1, the computer will EITHER continue to send all requests that should be going to the VPN, out on interface 1, or it will send ALL requests for ALL LAN traffic out to the VPN. Which option the computer uses, depends on what priority the interface has been assigned. But under either option - it will break stuff.

1 Like

I think I understood that :grin:

It was this posting above that led me astray:

https://community.home-assistant.io/t/home-assistant-community-add-on-zerotier-one/109091/49

1 Like

The post being replied to - has the magic lines:

bridge_ports eth0 zthnhn7lko
bridge_fd 0
bridge_maxage 0

That tells the computer that the networks are linked.

In any case, it’s a terrible idea as many other people in that thread point out. You really need to be good with your understanding of how networks communicate and route traffic, to be able to pull off stuff like that. The post a bit further down about installing ZeroTier on a Pi and enabling IP forwarding though, that is do-able. I don’t personally use Zero Tier I use Wireguard on a PI, with IP forwarding enabled - which allows me to access anything on my LAN from outside the network, without having to install anything on any of the other machines. And because my Wireguard setup points to my internal DNS server (which is Pi Hole), I get ad-blocking when I am connected to other people’s networks.

Oh, now that sounds interesting - is it tricky to setup WireGuard VPN at home and use it to ‘tunnel’ into my LAN when away from home? Can you point me at any reasonably comprehendible guides?

I have an rpi2b sitting in a drawer, an rpi0w already running Pi-hole, and an rpi4b running RaspberryPi OS with a 2nd HomeAssistant in a docker. I’ve also got a Win11 PC running VirtualBox - so plenty of places to put a WireGuard server isn’t there?

UPDATE: I did some Googling. Is it necessary for your WireGuard VPN server to have a static IP address from your ISP? I use 4G broadband at home, so my IP address on the internet changes all the time and because they use CGNAT I dont think I have a public facing IP address. Sorry for being off the thread topic.

UPDATE2: Seems not having a public IP address & being behind my ISPs CGNAT, means it’s not easy to use a VPN tunnel into my network (looks like various workarounds using reverse tunnels & assorted cloud services). I think I’ll stick to this excellent HomeAssistant ZeroTier integration as it seems to do everything I need.

Try Hassos Addon - Cloudflare Argo Tunnel
This allows exposing your HA instance under a domain (or subdomain) and to apply security (including 2FA).
Sadly there is no official addon, but hopefully, it will be added at some point :crossed_fingers:

I played around with ZeroTier over night and was quite impressed with it.

My LAN IP range is 192.168.2.x
My brothers LAN IP range is 192.168.1.x

I installed ZeroTier on his Plex server (where Wireguard is also installed). and added him to the network. I installed ZeroTier on my Raspberry Pi (where Wireguard is installed) and added that to the network.

Then I made his assigned ZeroTier IP static, 10.241.x.1
And then I added a new route: 192.168.1.0/24 via 10.241.x.1

And sure enough now I can access anything on his LAN from my LAN (to do this with Wireguard, I would typically have to tell Wireguard to send ALL traffic over the VPN, meaning while connected I would lose access to my own network resources)

EDIT: There is a wee bit more work involved in making that work, but a chunk of it was already done when I set up Wireguard. There are some firewall rules that need to be added to the “exit” node.

So, I’m in need of some help here…

I live in the Netherlands and I am trying to manage an HA install in the USA.
I’ve installed Zerotier on the HA instance in the USA and created an account on the ZeroTier webpage.
There, I created a new network and let the HA instance connect to it.
I’ve installed the Zerotier client on my Windows PC here in NL and let that client connect to the created Zerotier network.
When I type in the assigned Zerotier address from the HA instance in my browser in NL I can connect to the frontend of HA. So one might think it works!

However, when I try to FTP / SMB into the HA instance it refuses me to.
Tried a lot and even disabled my Windows Firewall without any luck.

Anyone who can help me on this case?

Can anyone give me a little guidance on how (or even if) I can send an HTTP POST webhook trigger to my HomeAssistant which is configured to be part of a ZeroTier network?

In the past, I could configure Port-forwarding in my router and with a DDNS service, I could trigger a HomeAssistant webhook Automation to run by sending an HTTP POST request (eg. something like http://myddns.com:8123/api/webhook/<webhook_id>)

However, my current ISP uses CGNAT so my home network is not allocated an external IP address on the internet, so Port Forwarding is useless to me. I’ve got the ZeroTier add-on working in my HomeAssistant and I can access it remotely using the ZeroTier network allocated local IP address from any client that also is part of my ZeroTier network, but I want to know if I can trigger a HomeAssistant webhook Automation using some sort of ZeroTier public URL for my configured ZeroTier network (if that makes sense?)

Basically, I want to run a HomeAssistant Automation from a device like Amazon Alexa by sending a webhook HTTP POST request via my ZeroTier network.

Is this possible?

Hi All, I have a question about routing between zeroteir and physical lan using HA.

I have several tasmota devices and some other devices with a web interface on my LAN, and would like to access them from my phone while away from home.

in the Zeroteir documentation there are instructions on how to setup a raspberry pi to do exactly this, however I don’t want to setup another device just to do this. https://zerotier.atlassian.net/wiki/spaces/SD/pages/224395274/Route+between+ZeroTier+and+Physical+Networks

Is there a way to add rules to iptables in HA? can it be done from the zerotier Addon config?

for those interested… i figured this out and it wasn’t to daunting. I’ve added step by step to the other thread
https://community.home-assistant.io/t/zerotier-one-bridging/132436/4

3 Likes

Hi all

so super wierd issue. I got zerotier working well on the iPad (s) , iPhone etc.

for some weird reason on the Mac it just won’t connect to Home assistant.

The Mac zerotier app says its connected. and the web interface shows the Mac connected

but I cannot connect to my Home assistant not via the Mac app or the browser…again works perfectly on iOS

what am I missing here :slight_smile:

thx

Z

My iphone has problems with zerotier over Wifi, but it works well over 4G. I suspect it has something to do with the ZT+Wifi+Apple combo, not with the zerotier HA-addon.

thx @nilux !

I tried with both wifi and 4/5G…still cant connect

any other things I can try?

best

Z

My brain doesn’t compute with anything apple… i remember trying to print some tickets from my wifes macbook once! i tried until she was ready to leave 3hrs later… she did it in 30seconds. i still dont understand why the print button for the word app is in the start menu for the whole computer

But anyway, I have had a few times where it just wont work, it shows connected but doesn’t allow network access, but disconnecting Zerotier and reconnecting seems to fix the problem.

is it just home assistant you cant access on the remote network? or can you not connect to any devices on the remote network?

1 Like

Noticed my HA instance was inaccessible via ZeroTier, but the host was still showing as ONLINE on the ZeroTier website. I locked in the logs for the addon and it was JUST solid:

recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer

so I restarted and now I get:-

[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing... 
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] zerotier.sh: executing... 
[10:20:40] INFO: ZeroTier node address: x
[10:20:43] INFO: Configuring network: x
[cont-init.d] zerotier.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[10:20:43] INFO: Starting ZeroTier One...
recv: Connection reset by peer

Hi all

I’ve installed and activated Zerotier as addon and installed client on an android phone and I can reach HA.

HA is installed as VM in Proxmox.

How is it possible to see also Proxmox (and all other VMs and LXCs) in that network using Zerotier?

Thanks

Hi,

I lost connection via ZeroTier since last week. The last time I was connecting was on Wednesday 08/03 - with no issue. Yesterday I tried with no success. On ZeroTier panel both nodes are online, but mobile app can’t connect. Today I spotted that in the meanwhile was update of this add-on. Any one has similar issue?
I restarted system several times, installed all system updates - no result. In the log there is nothing at all.

[18:34:10] INFO: Starting ZeroTier One…
s6-rc: info: service legacy-services successfully started

best
Andrzej

I’ve noticed the same behaviour. After update ( v. 0.16.1 ) the component keeps reporting

connect: Operation timed out

Restart seems to resolve the problem but after sono time it disconnect again

In my log appeared there after:

[18:34:10] INFO: Starting ZeroTier One…
s6-rc: info: service legacy-services successfully started
connect: Host is unreachable
connect: Host is unreachable
connect: Host is unreachable
connect: Host is unreachable
connect: Host is unreachable
connect: Host is unreachable