Skip to content

Instantly share code, notes, and snippets.

View laduke's full-sized avatar

Travis LaDuke laduke

  • zerotier
  • California
View GitHub Profile
@laduke
laduke / zerotier-rpi-bridge.md
Last active January 26, 2024 13:01
Various Network Configuration Output

Motivation

Use a Raspberry Pi as a bridge into my home LAN. The pi is plugged into a switch, which is plugged into an airport express, which is plugged into a cable modem; Nothing fancy.

This isn't a tutorial. Just some example output from a working setup.

steps

off the top of my head, here's the order I would do it in:

  • make sure plain old device to device zerotier is working with my LAN/Router/Firewall/ISP
@laduke
laduke / ztv6.md
Last active September 23, 2023 15:53
ZeroTier 6PLANE and RFC4193 address calculation

ZeroTier IPv6 Auto-Assign Addresses

https://www.zerotier.com/manual.shtml#2_2_3

  • A network ID is 16 hex digits (9bee8941b5de0691)
  • A node ID is 10 hex digits (1234512345)

ZeroTier RFC4193 (/128 for each device)

  • fd9b:ee89:41b5:de06:9199:9312:3451:2345

ZeroTier 6PLANE (/80 routable for each device)

@laduke
laduke / members-list-csv.sh
Last active July 6, 2023 18:26
zerotier central members list as csv
curl --silent --header "authorization: bearer ${TOKEN}" "https://my.zerotier.com/api/network/${NWID}/member" | jq ".[] | [ .nodeId, .name, .config.ipAssignments[0] ]" | jq -rs ".[] | @csv"
@laduke
laduke / zerotier - client isolation.md
Last active December 17, 2020 17:39
ZeroTier Rules Engine - Hub and Spoke - Client Isolation

Common ZeroTier Rules Engine question

  • Non-servers can talk to servers, but not each other
  • Kind of like Client Isolation on some WiFi controllers

Rules

# Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames. Typical default
drop
not ethertype ipv4
and not ethertype arp
@laduke
laduke / rules.md
Last active December 17, 2020 17:39
zerotier rules engine - examples

Whitelist by port

drop
  not ethertype ipv4
  and not ethertype arp
  and not ethertype ipv6
;

accept
 dport 6445
@laduke
laduke / zerotier-troubleshoot.md
Last active December 17, 2020 17:39
zerotier-troubleshoot.sh

Collect information helpful for troubleshooting zerotier-one

Run this on Mac or Linux

It will create a text file in the current directory. It won't modify anything.

Make sure you are root

   (set -x; \
 zerotier-cli info -j; \
@laduke
laduke / zerotier-cli-completion.bash
Created July 7, 2020 20:56
bash completion for zerotier-cli
#compdef zerotier-cli
#autoload
_get_network_ids ()
{
if [[ "$OSTYPE" == "darwin"* ]]; then
COMPREPLY=($(compgen -W "$(ls -1 /Library/Application\ Support/ZeroTier/One/networks.d | cut -c 1-16)" -- ${cur}))
else
COMPREPLY=($(compgen -W "$(ls -1 /var/lib/zerotier-one/networks.d | cut -c 1-16)" -- ${cur}))
@laduke
laduke / network-via-fs.md
Last active December 17, 2020 17:39
zerotier network join via fs

Typically, you use zerotier-cli to join and leave networks, but you can also write files to the filesystem to do this.

The networks.d subdirectory of the ZeroTier working directory keeps track of which networks are joined and their settings.

The ZeroTier working directory can be found...

  • On Windows: \ProgramData\ZeroTier\One
  • On Mac: /Library/Application Support/ZeroTier/One
  • On Linux: /var/lib/zerotier-one
@laduke
laduke / machine.js
Last active September 19, 2019 23:15
Generated by XState Viz: https://xstate.js.org/viz
const myMachine = Machine({
type: 'parallel',
context: {},
states: {
hi: {
initial: 'no',
states: {
yes: {},
no: { on: { CLICK_ME: 'yes' } }