ZeroTier
Overview
I have been looking at moving towards a zero trust network but I have never been able to get other how home devices especially Internet of Things (IOT) generally use discovery protocols to ease setup which is contradictory to isolating everything to not trust anything.
ZeroTier attempts to over come this with a near configurationless setup.
Setup
For ease, create an account on https://my.zerotier.com which is a hosted controller. The free tier allows 50 devices to be connected.
Depending on your platform, joining a network is different.
Every device you add, you will need to authorise if it’s a private network.
Install
One of the strengths of ZeroTier are the platforms it supports. Head over to the Download page and you can easily follow the instructions to install it on your platform.
For a Linux based installation, run the following command:
sudo zerotier-cli join [network]
Replace network with the network ID which can be found in https://my.zerotier.com
You can check the zerotier connection by using the following command:
sudo zerotier-cli status
Install – Home Assistant
Home Assistant has a ZeroTier add-on which allows you to add it to your network.
Head to the add-on > Configuration tab and add a network to the networks section.
Connecting To Devices
Once all the above is installed, you can set up connections to each device using the internal address. This is by default a 10.x.x.x address that is listed under the Managed IPs column in network members section on https://my.zerotier.com. If you have any issues connecting, make sure the connection is turned on and registered as online.
Summary
The setup is super simple and makes connecting to devices easy and secure. Whilst connections are secured through a VPN tunnel, it does not protect against compromised devices. For example, if one of your devices were compromised then the attacker could gain access to the rest of your devices registered on your network so it is still important to have access control on your software.
