More Suitable Remote Access Method for Domestic Use: Building a Root Server to Create a ZeroTier Virtual Intranet - Minority#
#Omnivore
More Suitable Remote Access Method for Domestic Use: Building a Root Server to Create a ZeroTier Virtual Intranet
With multiple public cloud products experiencing downtime issues, more and more people are starting to choose private clouds for data storage. Photos taken, downloaded TV shows, music, and movies are now stored on NAS devices or computers at home. This way, we can access and use this data anytime and anywhere without being restricted by the public network environment. Sometimes we need to access the data and materials on our home NAS from an external network environment, but many current solutions lack a certain degree of flexibility.
Moreover, with the holidays approaching, many friends are likely planning to go out or return home. Considering the scenarios where access to home/company devices is needed, or perhaps temporarily downloading files stored on the server, or connecting to the NAS at home to watch collected movies and photos with friends and family. At this time, a stable and reliable remote access capability becomes even more crucial.
Related Reading:
- "Remote Access Guide for Different Locations" Part 1 Part 2 Part 3
- How I Remotely Accessed My Home Devices After Returning Home for the New Year
Current Remote Access Solutions#
In general, there are three main solutions for accessing an internal network from an external network:
- Obtain a public IP + DDNS resolution
- Tunnel penetration
- Build a virtual local area network
Using DDNS is the simplest access method, but its feasibility is decreasing.
If your home broadband can obtain a public IP, directly using DDNS is a flexible solution. You only need to configure DDNS resolution and port forwarding to access the internal network-mapped services via a domain name and port. This configuration is simple, and the speed is only limited by the home upload bandwidth. However, the feasibility of this solution is gradually decreasing. This is mainly due to the exhaustion of IPv4 addresses, as domestic broadband operators no longer allocate public IPs to home users, resulting in many home broadband IP addresses being internal addresses, making dynamic address resolution impossible and external access increasingly difficult.
frp, as the most commonly used internal network penetration tool, has a complexity mainly in client configuration editing.
The tunnel penetration solution involves using a server with a public IP as a jump point to expose internal network services to the public network for access. The advantage of this solution is that network access is stable, and bandwidth speed depends on the bandwidth of the public IP server. The downside is that the configuration is relatively complex, requiring the installation of relevant services on the server and writing configuration items on the internal network service side. Additionally, tunnel penetration has poor support for some network protocols, especially the configuration of HTTPS protocols, which is extremely complex and cumbersome.
The last solution is to build a virtual local area network, which simply means connecting devices located on different networks into a virtual local area network, allowing inter-device access based on internal network IPs. The biggest advantage of this solution is that it is not limited by network protocols, and the deployment and installation of clients are relatively simple and support private deployment. The downside is that many vendors providing this service are from abroad, which corresponds to poor stability of the service in domestic network environments.
Currently, the mainstream services based on building virtual local area networks include ZeroTier, Tailscale, and the domestic Dandelion. In my horizontal comparison and testing, I ultimately chose the more flexible ZeroTier. Firstly, in a home setting, even the official ZeroTier incurs almost no costs, allowing direct joining of the self-built virtual local area network via ID (Tailscale requires single sign-on authorization to add new devices). More importantly, ZeroTier currently offers a more flexible self-deployment solution, which is much simpler in both operation and method compared to the other two services.
Although I chose ZeroTier to build a virtual local area network for external access to the internal network, I do not use its official services. The most important point is that the official root servers (planet servers) are deployed overseas, which leads to higher latency due to the peculiarities of the domestic internet, affecting the stability of the network. Although it is possible to alleviate access issues by building a Moon server (satellite server) in China, the virtual local area network resolution still depends on the root server. Therefore, the most direct solution is to completely build a planet server (root server) and network controller on the domestic internet, fundamentally achieving the most efficient and stable virtual local area network construction.
The advantages of doing so are: not being restricted by the speed of foreign network access, complete autonomy and control over the entire process, and in fact, the cost is also the lowest—you only need to purchase a low-configuration cloud server from major domestic cloud service providers, with an annual cost of less than a hundred yuan.
Similar to Tailscale, ZeroTier can also achieve self-deployment of the network controller and root server. However, in the past, we could only build satellite servers (Moon servers) and network controllers, while now we can achieve self-deployment of root servers (planet servers), allowing you to completely avoid registering any official ZeroTier accounts to build the entire virtual local area network.
Installing ZeroTier Planet Server on Cloud Server#
The first thing to do is to purchase a cloud server provided by a domestic cloud service provider, with overall specifications of "1 core 2G" or "2 core 2G" being sufficient. The most important requirement is to have a public IP for device management. Before starting, we need to open the cloud server's firewall and additionally allow ports 3443 (TCP) and 9993 (TCP and UDP).
Next, we use an SSH client to log in to the cloud server with root privileges, then update the system components and install Git and Docker according to the different distributions of the server:
# debian system update
apt update
# debian system install git without confirmation
apt install -y git
# install docker from the official source
curl -fsSL https://get.docker.com |bash
# start docker service via systemd
systemctl start docker
# red hat system update
yum update
# red hat system install git without confirmation
yum install git -y
# install docker from the official source
curl -fsSL https://get.docker.com |bash
# start docker service via systemd
systemctl start docker
Next, we need to copy a self-built planet server installation script created by xubiaolin:
# copy a self-built planet server installation script created by xubiaolin
git clone https://ghproxy.markxu.online/https://github.com/xubiaolin/docker-zerotier-planet.git
# enter the specific directory
cd docker-zerotier-planet
# run the script
./deploy.sh
The script will provide relevant prompts for selection; here, simply enter 1 and press Enter to install. During the installation process, you will be asked to enter the corresponding ports; you can choose all defaults. After that, the container creation process will begin. If you are using a low-performance cloud server like me, the entire installation wait time will be relatively long (about ten minutes).
When you see a terminal message like Successfully copied 2.048kB to /tmp/planet, it indicates that the entire installation process has been completed. Of course, if you are unsure, you can use the following command to check whether the container has started:
docker ps
If it shows "Up" under "STATUS," it means the container has started. Next, directly enter http://cloud server ip:3443 in the browser's address bar to open the network management backend. If you can see the login page below, it means the server-side installation was successful.
After everything is completed, this self-built virtual local area network service will generate a file named planet, which is also needed when configuring the client later. Here, use the SSH client to enter the docker-zerotier-planet directory, then continue to run the ./deploy.sh script, enter the number 3 and press Enter to copy the planet file to the current directory, and then use an SFTP client to copy the file back to your local machine for later use.
Setting Up the Self-Built ZeroTier Network#
Open the browser locally and visit http://cloud server ip:3443 to enter the network controller login page:
Use the default account: admin, password: password to log in, then click on the Add Network tab to create a network.
After creation, it will automatically redirect to the details page of the newly created network. Then click on IPv4 Assign Mode at the top, and check Auto-assign from IP Assignment Pool to allow devices joining the network to automatically obtain an IP from the address pool.
Additionally, you need to save the corresponding network ID separately, for example, the string of characters corresponding to the network named ceshi that I created. Save this separately for later use, as you will need this ID to allow clients to join the network you created.
Client Joining#
Since my main purpose is to allow my portable laptop to access my home Synology at any time, I need to add my home Synology, Mac computer, and Windows laptop to the same virtual local area network.
Windows System Device Setup#
First, download the official ZeroTier Windows client installation package and install it.
Step Two: After installation, use File Explorer to access the following path: C:\ProgramData\ZeroTier\One, and replace the file with the same name in the directory with the planet file copied from the cloud server.
Step Three: Open Services and select ZeroTier One from the service list, then click Restart Service at the top left.
Step Four: Right-click the Windows logo button on the taskbar, select Terminal (Admin), and then enter the following command:
cd C:\Windows\system32
zerotier-cli.bat join network ID
After entering, if you see 200 Join OK, it means the current device has joined the virtual local area network we created. At this point, open http://cloud server ip:3443 in the browser, click Network, select the network you created, and you will see a new device appear in the network details list. You can give it a note under Nember name, then check Authorized to allow it to join the network. Soon, you will see the internal IP address assigned to this device under IP assignment.
macOS System Device Setup#
First, download the official ZeroTier macOS client and install it.
Step Two: After installation, use Finder to navigate to the directory /Library/Application Support/ZeroTier/One, and replace the file with the same name in the directory with the planet file downloaded from the cloud server.
Step Three: Open Terminal and enter the following command to restart the ZeroTier One client:
cat
/Library/Application Support/ZeroTier/One/zerotier-one.pid |
sudo
xargs
kill
Next, enter the following command in the terminal to join the virtual local area network you created:
zerotier-cli join network id
If it shows 200 join OK, it means you have successfully joined.
Finally, use the browser to enter http://cloud server ip:3443 to access the network management backend, click Network, select the network you created, and you will see a new device appear in the network details list. You can give it a note under Nember name, then check Authorized to allow it to join the network.
Synchronously, entering the command zerotier-cli peers in the terminal will show the roles of the joined devices and their corresponding networks. If the role of the cloud server is Planet and the role of the device that just joined the network is LEAF, it indicates that the virtual local area network based on the domestic network has been successfully created.
Synology Device Setup#
My main goal is to have the Synology and my portable laptop in the same local area network. The most important part is the Synology. Here, I first copy the planet file downloaded from the cloud server to the Synology's file directory, placing it in the soft backup folder.
Next, we open the Synology Package Center, and in Settings - Package Sources, add the "Miner Source" - https://spk7.imnks.com/. Then, in the sidebar of the Package Center, select "Community," find ZeroTier, and choose to install it.
After the package installation is complete, do not start it yet. Instead, connect to the Synology via SSH and enter the following command to fix the package:
sudo sed -i 's/package/root/g' /var/packages/zerotier/conf/privilege
Then enter the following command to copy the planet file we uploaded earlier to the package directory:
mv /volume1/@appdata/zerotier/planet /volume1/@appdata/zerotier/planet.bak
cp /volume1/soft backup/planet /volume1/@appdata/zerotier/
Now return to the Synology Package Center to start ZeroTier. At this point, enter the following command in the SSH client to allow the Synology to join your self-built virtual local area network:
cd /var/packages/zerotier/target/bin
./zerotier-one -q join network ID
If it shows 200 join OK, it means the connection is successful. Use the browser to access http://cloud server ip:3443 management backend, find the newly added Synology in the network details page, and check Authorized to allow it to join the network.
Conclusion#
Building a self-hosted ZeroTier planet server allows all devices to connect directly within the domestic network environment, significantly reducing latency compared to the official root servers located overseas. Since this self-built virtual local area network has fewer restrictions on network protocols, file services created via Samba can be accessed directly via internal IPs without needing to configure domain names for webdav protocol access, simplifying operations.
Considering that Synology's official QuickConnect connection will only support relay access, self-built ZeroTier virtual local area networks effectively enhance inter-visit performance. For example, for users relying on Synology Drive like me, the issues with client connections to Synology have greatly reduced.
If you also wish to enhance the inter-visit performance between desktop devices under different networks and your home internal network server, you can try fully self-deployed ZeroTier, which may bring a different new experience.
> Download Minority Client, follow Minority on Xiaohongshu, and experience an exciting digital life 🍃
> Practical and useful genuine software, Minority presents it for you🚀
© This article is copyrighted by the author and exclusively authorized for use by Minority. Unauthorized reproduction or use without permission from Minority is prohibited.