What protocol does ZeroTier use?
ZeroTier doesn't use any specific protocol, but we recommend that applications using ZeroTier follow the Internet Protocol (IP) standard, as it provides the most secure communications. In order for the ZeroTier service to be able to route traffic across an IP network, a ZeroTier gateway must be set up in a firewall (at the ZeroTier or end user).
## ZeroTier Architecture Overview. When using ZeroTier on physical networks (or in environments with no routing capabilities), the ZeroTier service is installed on a router in conjunction with standard firewall and firewall/routing software./images/zero-tier-client.png)
In each of the pictured networks, each client device (in green) communicates via a ZeroTier proxy device (with transparent bridge and IP forwarding enabled). The ZeroTier proxy in turn communicates with the ZeroTier service over TCP port 8443. The ZeroTier service provides proxy/forwarding support to any application running behind the firewall to ensure that all traffic to and from the client is encrypted./images/zero-tier-network.png)
On the network, ZeroTier service is installed as a standalone machine, or is located as a peer machine in the same subnet as the ZeroTier service running on a client. ZeroTier peers communicate using encrypted TCP traffic to TCP port 8443 on the ZeroTier service. Each peer can run any protocol supported by ZT. This means that a peer running ZeroTier on a router can relay to and receive traffic from a ZeroTier instance that is running on a client device, and vice versa. To communicate through ZeroTier, users may need to set up an HTTP proxy through the ZeroTier service running on their router.
In the scenario below, a ZeroTier installation running on the ZeroTier service one router forwards traffic to the client, then this traffic is relayed to a second ZeroTier service on another router on the other side of the network: !/images/zero-tier-service-routing.
Is it safe to use ZeroTier?
ZeroTier is a network overlay software that provides data storage, data replication, and data mobility for virtualized environments.
It's easy to use, simple to set up, and offers a ton of functionality. But what about security?
ZeroTier offers a lot of features, including full data encryption at rest and in transit, a virtual private network (VPN), and the ability to automatically share network data across on-premises and cloud networks. One of the first things you may want to know about ZeroTier is whether it is safe. Does it encrypt data? If so, what level of encryption does it offer? Can the data be accessed if someone obtains a copy of the ZeroTier software? How Does ZeroTier Work? ZeroTier is a network overlay software that uses a virtual private network (VPN) to connect remote sites to your on-premises network. The VPN is an encrypted tunnel between your on-premises network and the remote site network. The software then creates a secure bridge between the two networks, creating an encrypted connection across your corporate network and the remote site network.
To access data stored in the remote site, an authorized user at the remote site connects to the ZeroTier software on the on-premises network. The software encrypts the data on the remote site and provides it to the remote site user. The user then stores the data as they see fit.
The data is stored in an encrypted file in the ZeroTier repository. When the user needs to access the data, they send a request to the ZeroTier software on the on-premises network. The software decrypts the file and returns the data to the user. The data remains encrypted at all times.
How Is ZeroTier Encrypted? ZeroTier encrypts data at rest and in transit. It also allows you to choose whether to encrypt all data or just selected data.
ZeroTier uses AES 256-bit encryption for data at rest. This is the highest level of encryption available on the market today.
For data in transit, ZeroTier uses a combination of IPsec, TLS, and HTTPS to encrypt traffic. ZeroTier supports both TLS 1.1 and 1. For more information, see How ZeroTier Works.
What is ZeroTier and how does it work?
In this guest blog post, ZeroTier developer Dan O'Neill tells us how it works and what it can do for your network.
We all use the Internet. For many of us, that first experience was through an ISP connection to a home or a university server. That was a good experience, certainly, but we've moved on from there. Nowadays, we have a network - a home network, a business network, or even a mobile network - that's largely based around the Internet, and we expect applications and data to move seamlessly between them and with it.
There are some things about our current network architectures that stop that happening, though. In this post, I'll discuss one of those things: the fact that devices on a network need to know where else to go for a network session to happen, and to do that, they need addresses on the local network. They might want to be able to connect to a remote host on the Internet using the address x.x, but how do they know whether x.x is a server on your network, or a friend's server, or something totally different like a cloud service provider's?
The Problem. How do you know what number to give your local network's router if you can't ask it directly, because it has no Internet access of its own? The easiest way to get addresses would be to use the IPv6 addressing format, as this allows us to assign a single address to a network segment (like a subnet) that spans several interfaces. We call these subnets a /64 or a /56, depending on how large we want to make them. While this could do what we want, many ISPs don't offer IPv6 yet, or if they do, they only support a limited number of clients and so your address space might be split into several smaller sub-nets, each with the same prefix.
To keep things simple, let's suppose that you want to offer a small address range on your network to a specific host. You could do this by using three addresses in a /56 address block, but that wouldn't be very flexible. Suppose you wanted to use the address 169.254.7.255 for that purpose. Your router would then allocate you a single IP address, from the 168.0/14 range, which would allow you to reach 169.
What are the risks of ZeroTier?
ZeroTier is free software, so it comes with some risks.
We have had to limit the number of connections we allow per-user per-IP address on our servers.
You may find that your bandwidth is limited when using ZeroTier. This may be due to the fact that there are only 10 IPv4 addresses per IPv6 subnet, which is the only limit we currently impose.
We also do not yet have a mechanism for NAT traversal, so you will not be able to connect to clients behind NATs. ZeroTier can also be unresponsive when there are many simultaneous connections. This usually occurs when there is a client behind a NAT that causes clients behind it to be unreachable. In these cases, we have to disconnect the client from the NAT, and then reconnect them after we have detected they have moved. The client may have to reconnect to their router, or they may have to manually reconnect to the ZeroTier server, but this can cause problems with applications like Skype or Outlook, as they do not detect disconnections.
ZeroTier has been running in production for over a year now, and we have seen no issues that we could not solve by simply adding more servers. We would love to see you use ZeroTier and report any issues you have to us! Is ZeroTier open source? Yes! Is ZeroTier under an open source license? Yes, and yes! The ZeroTier code is released under the Apache 2.0 license, and we intend to keep it that way.
Can I download and use ZeroTier on my own servers? Yes, but you must contact us about a commercial license. What are the advantages of ZeroTier over VPNs and NAT traversal? ZeroTier is very easy to use and install, and the only client that you need to download is the ZeroTier client. ZeroTier is free, but you must pay a one-time license fee to use it commercially. ZeroTier does not require installation on every computer that you want to connect to. ZeroTier is fast. ZeroTier is easy to setup and maintain, and you don't need to have technical expertise to setup and maintain it. ZeroTier is easy to use. ZeroTier is easy to learn, and you can connect to it in less than 5 minutes.
Related Answers
What is ZeroTier used for?
Not really? Well, sort of? ZeroTier is a product that is used to set up secure pr...
How does ZeroTier work?
Here's how to get you and your friends to play. As you've likely...
How do you make a ZeroTier server on Minecraft?
The installation of the ZeroTier One software is fairly easy. The process was...