Date: Fri, 29 Mar 2024 09:35:22 +0000 (UTC) Message-ID: <1123762591.1111.1711704922205@c61d36e768bb> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1110_2115761393.1711704922204" ------=_Part_1110_2115761393.1711704922204 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The ZeroTier Edge was sold as a pre-configured s= elf-contained device, that allowed you to plug physical devices into virtua= l networks and bridge physical networks at multiple sites with ease. As of = 2020, it is End-of-Life. A source code repository of the code running on it= can be found here: https://github.com/zerotier/ed= ge; it ran on ESPRESSObin v5 hardware.
The information below applies to any devices still in the field.
Each ZeroTier Edge is initialized with a factory default ZeroTier identi= ty. This identity (which doubles as a serial number) is printed above the p= ower connector. Coupled with ZeroTier=E2=80=99s ad-hoc networking capabilit= y this provides an easy way to reach the device for initial configuration.<= /p>
Each Edge device joins the IPv6-unicast-only =E2=80=9Cad-hoc=E2=80=9D Ze=
roTier network ff001601bb000000
and can be reached throug=
h this network by joining it from any PC or mobile device and then navigati=
ng to your device=E2=80=99s unique IPv6 virtual address.
ZeroTier Address |
########## (10-digit hex address printed on box) |
HTTP |
http://[fc44:16:1##:####:####::1]/ |
SSH |
loginid@fc44:16:1##:####:####::1 |
These addresses will not work if the device cannot reach the Internet. I=
n this case, it can still be accessed by directly connecting a PC or other =
device to the third (phy2
) Ethernet port and configuring your =
system to use the static IP address 100.64.99.94
with net=
mask 255.255.255.252 (/30)
. The Edge can now be reached via ssh
at 100.64.99.93
. This IP =
is always available on the phy2
port for emergency recovery if=
you become locked out of the device or it=E2=80=99s configured in a way th=
at breaks Internet connectivity.
Plug the Edge=E2=80=99s first Ethernet port (phy0) into an Ethernet netw= ork with IPv4 (DHCP) or IPv6 connectivity.
Connect the device to power and wait 20-30 seconds.
Join the ad-hoc ZeroTier network ff001601bb000000 from a PC, mobile, or = other devices (see www.zerotier.com to download clients).
Once your PC or other device is online, navigate to the http address sho= wn in the green box above.
Create an account on the Edge and begin configuring it for bridge operat= ion.
IMPORTANT!
The Edge device itself must be designated as an Ethernet bridge on all Z= eroTier virtual networks you wish to bridge to physical ports. This must be= done via ZeroTier Central, or if you are running your own netwo= rk controller by setting the =E2=80=9CactiveBridge=E2=80=9D field to =E2=80= =9Ctrue=E2=80=9D in the Edge=E2=80=99s network member record. If the Edge i= s not authorized to act as a bridge it will not be permitted to forward Eth= ernet packets to and from devices other than itself.
It=E2=80=99s also important to understand bridging. A virtual bridge is = exactly like a physical Ethernet cable stretching from point A to point B. = Devices on either side will only be able to see one another at the TCP/IP l= evel if they occupy the same IP range(s) or are given routing table entries= indicating that they should access bridged IP ranges via the local LAN. Th= is can typically be done by configuring local DHCP servers at each site to = hand out appropriate routing information.
Connect the Edge=E2=80=99s phy0 port directly to the Internet (leave its= configuration set to defaults) and enter a ZeroTier virtual network for po= rt phy1. Ensure that the checkboxes instructing the Edge to block DHCP, etc= ., remain unchecked so that DHCP and other auto-configuration packets will = be carried across the bridge. Also, ensure that the port is not configured = to itself obtain DHCP addresses and act as an uplink port.
Configure the wireless port for AP mode and enter the same ZeroTier virt= ual network ID there to allow direct wireless access to the virtual network= . This configuration is typically used in cases when you want to rout= e all traffic through the bridge to a gateway in the cloud. It=E2=80=99s co= mmon to set up a cloud node to act as an Internet router and provide DHCP, = DHCP6, IPv6-RA, DNS, and other services in this case. Multiple locations, r= emote users, etc. could all share the same cloud gateway to simultaneously = provide enhanced security, privacy, SDWAN, and VPN functionality.
Connect the Edge=E2=80=99s phy0
port to your internal LAN. =
Configure the Edge to obtain IPv4 and IPv6 addresses via this port, and als=
o enter a ZeroTier address. Be sure to check the three boxes to instruct th=
e Edge to block bridging of DHCP, DHCP6, and IPv6-RA packets to ensure that=
local DHCP servers do not interfere with servers at other locations.
Ensure that devices on the virtual network are configured to see the IP = address block(s) of your physical LAN as =E2=80=9Clocal.=E2=80=9D The Edge = will now bridge your local LAN to a virtual ZeroTier network, making remote= resources such as cloud servers and remote workers=E2=80=99 laptops appear= as if they=E2=80=99re connected to the local LAN. These remote resources s= hould also be able to use local LAN devices like printers, smart TVs, etc.<= /p>
This configuration is common when users want to provide remote access (r= eplacing conventional VPNs) or join two office LANs together to form a sing= le network while retaining separate Internet connections on either side. In= this configuration, normal Internet traffic will use your local internet c= onnection as usual but internal Ethernet traffic will be bridged as if a ve= ry long LAN cable were strung from one location to the other.
Multiple Internet connections can be used by simply connecting secondary= connections to the Edge=E2=80=99s other Ethernet ports and configuring the= se ports to obtain addresses via DHCP, DHCP6, etc. Multiple connections can= be used with either configuration scenario above. For the second "ma= gic bridge=E2=80=9D scenario, configure the first port as instructed and th= en connect secondary or =E2=80=9Cback-up=E2=80=9D Internet connections to t= he remaining ports. These would only be used for ZeroTier bridge traffic in= this case.
The Edge has only three physical ports but it can be connected to more t= han three Internet connections. This can be accomplished by connecting an E= thernet switch to one port and connecting multiple Internet routers to this= switch. As long as each router occupies a different IP address, the Edge w= ill be able to see each separate connection. Inside the Edge, a virtual por= t is created for each detected uplink and these operate independently. Ther= e is no practical limit to the number of physical uplinks that can be conne= cted.
Advanced users can log into the Edge via ssh using the user name and pas= sword created with the web UI. The =E2=80=9Cmotd=E2=80=9D file printed at l= ogin lists a variety of network diagnostic tools that are pre-installed and= can be used to probe and debug networks. The =E2=80=9Csudo=E2=80=9D comman= d is configured to allow these commands to be run as root, but we discourag= e users from attempting to escape =E2=80=9Csudo=E2=80=9D or do other things= as root since changes to the device=E2=80=99s configuration could be lost = on update or could cause problems with the software update procedure.
The Edge can be reset to factory default settings by powering the unit o=
ff, connecting the second and third Ethernet ports (phy1
and <=
code>phy2) directly to one another using any standard Ethernet cable=
, and then powering the device back on. After powering on with these ports =
looped wait until the internal red LED flashes rapidly and repeatedly. Then=
power the device off, disconnect the cable linking the two ports, and powe=
r back on.
Only a direct electrical loopback connection between the second two Ethe= rnet ports during device startup will reset the device. Connecting both por= ts to the same switch or network card will not cause a factory reset, nor w= ill directly connecting the two ports after it has already completed its st= artup sequence.