Posted inNetwork

Setting up a Virtual LAN with ZeroTier: Connect Servers and PCs Remotely Without Port Forwarding

Network tutorial - IT technology blog
Network tutorial - IT technology blog

Solving NAT and Static IP Hassles with ZeroTier

If you’ve ever tinkered with building a Home Lab or managing remote servers, you’ve likely encountered the “nightmare”: How do I access my home machine while sitting at a coffee shop? The traditional method involves Port Forwarding on your Router or paying extra for a static IP from your ISP. However, if you’re using a 4G network or stuck behind a CGNAT IP range, opening ports is almost an impossible mission.

ZeroTier was created to eliminate those barriers. Instead of using traditional Client-Server VPNs like OpenVPN (which are complex to configure), ZeroTier turns every device into a member of a global virtual Switch. It uses SD-WAN technology to bring your computers into the same local network, regardless of geographical distance.

Its mechanism is to create an Overlay network (Layer 2) running on top of the Internet. As long as there is an internet connection, you can SSH, access files via Samba, or use Remote Desktop using internal IPs with extremely low latency—feeling as smooth as if they were plugged into the same physical LAN cable.

Creating a Network ID on ZeroTier Central

First, we need a coordination hub to manage the members in the network. Visit ZeroTier Central and register an account (free for up to 25 devices).

  1. Click Create A Network immediately after logging in successfully.
  2. The system will provide you with a 16-character string (e.g., 80562fdbc1234567). This is your Network ID, the key for machines to find each other.
  3. Ensure the Access Control is set to Private. This mode gives you full control: any machine wanting to join the network must be manually approved by you.
  4. In the IPv4 Auto-Assign section, I usually choose the 10.147.17.* range to avoid conflicts with common router default ranges (usually 192.168.1.x).

Quick Setup on Linux and Windows

Installing ZeroTier is very fast. On Linux, it takes less than 30 seconds to complete all steps using the command line.

Deploying on Linux Servers (Ubuntu/Debian)

Use the official installation script to save time:

curl -s 'https://install.zerotier.com' | sudo bash

Once installed, request the machine to join the network using the ID you created:

sudo zerotier-cli join 80562fdbc1234567

Now, go back to the ZeroTier Central management page. Scroll down to the Members section, and you will see a new device appear. Check the Auth box. Immediately, the machine will be assigned an internal IP, for example: 10.147.17.100.

Installing on Windows/macOS

For personal computers, simply download the installer from the homepage and run it like any other software. After installation, right-click the ZeroTier icon in the system tray, select Join New Network, and enter your ID. Don’t forget to return to the web dashboard to click Authorize.

Testing Connectivity and Troubleshooting Tips (Monitoring)

To see if the virtual network is working, try to ping from your laptop to the server using the IP address ZeroTier just assigned.

ping 10.147.17.100

If you see a response (Reply), you’ve succeeded. From now on, you can SSH into the server using this IP from anywhere, even if the server is using a 4G connection from a phone hotspot.

Checking P2P Connection Quality

This is a trick to see if your connection is reaching its maximum speed. Type the command:

sudo zerotier-cli listpeers

Pay attention to the PATH and LINK columns:

  • DIRECT: The ideal state. Both machines are connected directly (P2P); ping is usually only 10-40ms if they are in the same country.
  • RELAY: Both machines are forced to route through an intermediate server. This usually happens due to a restrictive Firewall or Symmetric NAT. In this case, ping can jump to 200-300ms, causing lag when typing commands.

Hard-earned lesson: I once encountered intermittent packet loss on an IDC server cluster. Using listpeers, I saw the connection constantly jumping between DIRECT and RELAY because the router was blocking UDP. If you notice a slow network, check the peer status immediately to know how to handle it.

Optimizing Security and Performance

Don’t let convenience make you forget about safety. Here are 3 rules I always apply:

  • Identify your nodes: Always set recognizable names like Server-Web-Prod or Laptop-Dev on the web dashboard so you don’t get lost in a sea of IPs.
  • Tighten the Firewall: Use ufw on Linux to only allow the 10.147.17.0/24 IP range to access sensitive ports like 22 (SSH) or 3306 (Database).
  • Set up a Moon: If you want even more stable pings, you can set up an intermediate node (called a Moon) located closer to you. This helps reduce pings from 200ms (routing through international servers) to under 20ms for local connections.

Using ZeroTier is like always carrying an invisible LAN cable in your backpack. As long as there is Internet, all your digital resources are always within reach without the headache of complex VPN configurations. Try it now—you’ll regret not knowing about it sooner.

Share:
Tags: