Home Assistant Community Add-on: ZeroTier One

I don’t even know what a web hook is :smile:
.

I do use Google Home to control some HASSIO devices (around 50 between lights, locks and switches).

Sometimes I need to connect to a QNAP inside the lan.

The best solution I found is piVPN, all other solutions would break frequently

Well VPN isn’t going to work with Google Home and neither will ZeroTier… If you are using Nabu Casa / Cloud - different story.

I used ZertTier last week on my mobile phone which does not have IPv6 and it was great. Works perfectly.

Sorry I was not clear. I don’t need Google Home when I am away from home…

It has nothing to do with being away from home! Google Assistant Manual Configuration REQUIRES an externally accessible SSL address such as provided by LetsEncrypt and DuckDNS. You can’t set up the GA integration without that. Nabu Casa integration does not require that.

Hi, I am trying this too, but its not working, could you please lead me a bit?

My internal LAN is 192.168.1.xxx (from 1 to 254)
The LAN I created in ZeroTier (under Advanced - Manage routes) is 192.168.192.0/24

I wanted to access from abroad various devices within my LAN: all devices for which I installed Zerotier are accessible with 192.168.192.yyy (yyy I setup in Zerotier configuration, one for each device).
So this is fine.

But I can’t get this bridging to work, in order to access from outside my LAN those devices that I can’t install Zerotier on (cameras and so on).

I followed the instruction to install zerotier on a raspberry pi3 (BTW thanks for the working curl).

In my case is it correct the following config in /etc/network/interfaces? 192.168.1.237 is the address of the pi3. Or I did something totally wrong?

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
        address 192.168.1.237
        netmask 255.255.255.0
        network 192.168.1.1
        broadcast 192.168.1.255
        gateway 192.168.1.253
        dns-nameservers 127.0.0.1
        dns-search pi.lan
        bridge_ports eth0 zthnhn7lko
        bridge_fd 0
        bridge_maxage 0

If your home lan is 192.168.1.x then your zerotier network needs to be set on the same subnet (192.168.1.0/24) BUT issue IPs out of the scope of your home routers DNS.

For example:
My home router issues IPs on my home network from 192.168.1.100 - 192.168.1.254

Zerotier issues IPs on the zerotier virtual network from 192.168.1.50 - 192.168.1.99

Therefore, there will never been an IP auto assigned in the zerotier network that already exists on my home network.

Hope that helps?
Also, I believe your interfaces file looks correct but as I’m running on 36 hours without sleep due to jetlag I may need a second person to confirm that.

Then rest, not urgent, thanks for answering anyhow.

I followed thIs guide

and I understood (maybe wrongly) that your/my usual internal LAN (for example 192.168.1.x) has to be different from the one created by Zerotier (for example 192.168.192.x),

and then if you want to access from outside your LAN the devices in your internal LAN (those 192.168.1.y that do not have a zerotier app), it is needed a (for example linux pi3) bridge to bridge 192.168.1.x with 192.168.192.x

but I get confused when you say that zerotier network is now on the same 192.168.1.x …??

My ZeroTier network is on a completely different subnet to my LAN at home… Perhaps your issue is with bridging… but I don’t think networks overlapping or using same subnet is correct.

isn’t (that’s my scenario)
192.168.1.x (my LAN)
192.168.192.x (the LAN created by my Zerotier)

a different subnet?

Sorry I am not very good in networking.
When Zerotier is active I can , outside of my LAN, connect to all devices that I put in my Zerotier LAN (those devices have now 2 addresses 192.168.1.x and 192.168.192.x) perfectly at 192.168.192.x.

But I can’t reach my other devices (those still in 192.168.1.x for which there is no zerotier code/app to put them also in 192.168.192.x) like hikvision cameras, qnap (the zerotier qpkg connects but does not work), a NVR that I use for cheap cameras, and other

Love this Zerotier, highly recommended, also together with pi-hole (no more ads also when browsing in 4G)

Compared to piVPN-openVPN I find Zerotier much better: with piVPN had lots of disconnections (when passing from WiFi to 3G/4G, from 3G/4G to WiFi, from waking up the phone, and so on). With this Zerotier is not missing a beat, connection is rocksolid so far, no discnnection at all.

Now just wish to fix the bridge, so that I can connect to all my devices at home, when abroad as when at home.

Fantastic tool.

I’m using proxmox too, can I Update HassOs via the system tab?
I’m receiving this error:

19-05-11 21:29:31 WARNING (MainThread) [hassio.hassos] Can’t fetch versions from https://github.com/home-assistant/hassos/releases/download/2.12/hassos_ova-2.12.raucb:

Hi guys. I have successfully setup ZeroTier and have a small network of three devices (laptop,phone, and Raspberry Pi). On an IPv4 wifi network I can reach all devices without issue, however, when I switch my android phone to LTE I can no longer get to any of the other devices using IPv4 addresses (I have Home Assistant running on the Pi and cannot access the web interface). If I switch back to a Wifi network (any wifi network) it works. My android phone is using a provider (Telus, here in Canada) which only supports IPv6 in the APN settings. Is there a way I can get this working? I tried to use the device’s IPv6 address directly in Chrome, but it is still not working. To be clear, the Pi is on a local network which only has IPv4 address assignments. Has anyone else had a similar experience? Thanks.

Does your home ISP support IPv6?

My Hass.io only has a public IPv6 address and one of my mobile providers does not support that. I use Caddy as a reverse proxy and IPv4 internally.

I’m only using IPv4 connection in ZeroTier One and it works fine on all my devices.

Just to report that uninstalling and reinstalling the add-on did the trick

I could not find a good description on how zerotier actually works.

The addon documentation does not say and also the official docs don’t say it straightforward.

However, there is a blog entry on the zerotier page that explains it in simple terms for anyone who is interested:

https://www.zerotier.com/blog/state-of-nat-traversal.shtml

Cheers

Thanks for that link. I thought the manual was pretty explanatory… but good read there. Thanks.

I’ve tried to set it up on my Hassio running on an Ubuntu server.

Both my phone and hassio are online according to the network overview, but I cannot access home assistant via https://<-zerotier-ip->:8123 from the phone.

Is this how it is supposed to work?

Another question: Is the entire host available via zerotier or just home assistant?

Some folks have asked questions about bridging to their LAN using ZeroTier. I have done this using a Pi, but not by using the add-on. It is necessary for the device acting as the bridge to do ip forwarding. I don’t know how the add-on can be configured to do that. I have left a request for that support to be added.

Here’s what I did to a Pi running Raspbian (and hass.io, but that is irrelevant):

  • Install ZeroTier (curl -s https://install.zerotier.com/ | sudo bash).
  • Connect the Pi to your ZT network (zerotier-cli join 1d71939404xxxxxx).
  • At https://my.zerotier.com/network/1d71939404xxxxxx authorize the Pi and note its ZT IP (mine was 192.168.195.xxx). Click the wrench and select “Allow Ethernet Bridging”. Only the Pi should be so designated.
  • Connect and authorize your workstation on ZT. Note its IP.
  • Make sure Pi and workstation can ping each other on ZT.
  • At https://my.zerotier.com/network/1d71939404xxxxxx add a Managed Route. Destination = LAN subnet (192.168.0.0/24 for me). VIA = Pi ZT IP (192.168.195.xxx).
  • On Pi, edit sysctl.conf (nano /etc/sysctl.conf), uncomment or add:
    net.ipv4.conf.all.forwarding=1
    net.ipv4.conf.default.forwarding=1
    net.ipv6.conf.all.forwarding=1
    net.ipv6.conf.default.forwarding=1
  • Reboot the Pi.
  • On the Pi’s network router, add a static route to the ZeroTier network using the Pi’s local IP as the gateway (Destination LAN=192.168.195.0 [ZT], Subnet Mask=255.255.255.0, Gateway=192.168.0.xxx [Pi], Interface=LAN & WLAN).
  • Switch your workstation to another network (xfinitywifi). Reconnect your workstation to ZT. You should be able to access (ping) your LAN devices at their LAN ips.
3 Likes

First, it’s not https it’s just http. The whole host is available so any other containers you have will be accessible. Make sure your clients are authorised on the ZeroTier site for your network

Hi, thanks a lot for your instructions, I am trying it right now (after a series of unsuccesfull attempts).

My router (flashed with ASUSWRT) in interface has not the option of LAN&WAN but only: LAN or MAN or WAN, do you know what shall I put?

I hope the rest I put is ok (192.168.1.xxx is my local LAN, 192.168.192.xxx is my ZT1 LAN), so I put as Network/Host IP the address of the PI as I saved it under ZeroTier