 Zero tier, every area networking, radically simplify your network with a virtual networking layer that works the same everywhere. Try zero tier for free, pre-order the zero tier edge. Okay, that sounds good and it does say down here, zero tier delivers the capabilities of EPN, SDN, SD-WAN and a single system, manage all your connected resources across both local and wide area networks as if the whole world is a single data center. And that's great marketing speak, but I've been playing with this and I'm really impressed with it because it actually does the things that the marketing words here say. And then not that off because I know you're saying, yeah, there's solutions out there to do those things and SD-WAN solutions and such, but I don't know of any of them that are open source. This one is. And that's part of what got my attention. I was looking for some open source SD-WAN solutions, but then when I dug deeper, I was really fascinated with what they came up with because this is a little different than some of the other solutions I've seen and it works really, really well. So what is zero tier and what would you use it for? So your typical VPN is to connect two points and then route the network between them. Zero tier works and solves the problem of being able to share resources across separate networks or separate locations in a different way. It adds essentially another network adapter to the device and then another network adapter to the other device. And what I mean by that is, let's say you have a application server, a file server, and you want to share that with other people who are not on the same network as you. There's a lot of different methodologies to do this, but zero tiers is rather clever because you can load and it's even has support for devices such as analogy, but Windows, Linux, Android, Mac, Apple, iOS, it has a wide, wide range of device support, even Raspberry Pi's. You load the second network address and then the other network address is in the same range on the other devices and then you use whatever tools you want to share the network. It's not routing, it's the same network. So that's really interesting. I'm gonna show you how this works here in just a second, but I just want to touch on and I won't be covering it for this particular video. The zero tier edge is a box that they have because you can do this, you can build your own box or they were shipping one, which they're sold out on right now because it was a pre-order and part of a Kickstarter for some funding. Zero tier can also do layer two networking and bridge devices via layer two. Like I said, it's gonna go out of the scope but it is within the capabilities of zero tier. Now you're probably wondering how much does it cost? What does zero tier cost being that it's open source? Well, they have an interesting business model. So you get your up to 100 devices for free. And yes, I know you could just get the source code and completely spend this yourself. This is all on GitHub. But what they have, and I'll explain here shortly, is a zero tier series of servers running on the cloud that they maintain for you. This makes it very, very easy to get started. You don't have to compile any code or anything like that. But yes, you can completely run this for free and never have to pay anything and run all your own servers and host this in your own cloud. It is completely possible to do so. But I gotta admit, they're pricing for getting set up up to 100 devices for free. If you're a home user and wanna share with a few friends or even people have set this up as a gaming server because it creates extra network adapters on Windows devices or Linux devices, up to 100 people playing on the same network for free is not bad. Basic plan, $29 a month. You get unlimited networks and support tickets. Then they have professional. And then they have, if you wanna contact them and talk about enterprise deals, as I understand they have some companies that have worked out deals with them to embed this in other products as part of other solutions. They're flexible on that. So you can contact them for special pricing. But of course, like I said, it's all open source. What you're getting is, even with the 100 devices, the zero tier cloud server for how all this works. So let's go in. I did some diagrams to kind of explain it and then we'll jump into the deeper details to show it in action. So I made this really, really basic to kind of give you an idea how this works. So you have your firewall location one, firewall location two, your zero tier client here and a zero tier client here. And we want both these clients to talk to each other. In a typical, as I stated, like VPN situation, you would have to have the firewalls configured or at least one of the devices configured and then to accept the connection over here and you'd have to know the IP addresses. What zero T is doing is what you're referred to as UDP hole punch and a hole punch to data stream. Now the entire zero tier system is completely encrypted. So they don't see any of the data and you have to do this hole punch in a very unique way. And if you're familiar with how UDP works, basically with the UDP stream, as long as you're continually sending a few packets about every 120 seconds, it will keep these two clients alive and keep this at your network adapter alive. Now how does that work? Well, when you fire up a zero tier client on either side and you join it to your virtual network, which we'll get to shortly here, it takes less than 60 seconds. I've seen them connected in about 30 seconds and the clients start communicating. So at first what happens is the data gets relayed and as I said, all the data is encrypted. So even though it's being relayed through your zero tier servers or through zero tier servers, it doesn't pass any data they can see. The only thing they will know is the IP addresses of each firewall location. They will have visibility to that because there's certain metadata they need in order to get this routed. So your data encrypted is passing through and of course you could always double encrypt and encrypt the protocol you're sending across the data, just throwing it out there because it's all works in standard TCP IP. It's just an extra network adapter, but it first starts relaying the data. Then it tries to determine the zero tier servers and the zero tier clients work together to see if normal natural works. And in the majority of the time, it does. Any standard, and I'm gonna use PF Sense as an example because I have some PF Sense boxes that this is running through, you'd have to change nothing. No port forwards, no anything. Just the out of the box configuration of most home routers or even a lot of business routers. Now, if they are blocking UDP and they're locking down so you can only use very specific TCP ports, yes, it'll force itself into relay mode, which is obviously the slowest mode because if you relay everything through the servers, there are some limitations. It has to get up to the cloud, it has to pop through however many hops this is. But when you do it this way and it realizes that both devices can talk to each other through a UDP hole punch, you get full speed between this firewall and this firewall and it doesn't need the zero tier servers anymore other than to maintain. Now, as these servers move once a connection is established, if perhaps this is a laptop and it wanders to a new location, it constantly is updating and contacting the zero tier server. Now, you notice I called this a zero tier planet server. They have an interesting nomenclature for how they name things. So you use the planet servers and as this is kind of playing into that, the whole world is your data center, there's only one planet, so there's only one zero tier servers and these are your zero tier clients are hard coded to contact them. But if you had another server, your own server, they refer to those as moons and you can then add these moons to your zero tier client lists and push that data down to them and then they will in turn contact them constantly because you have to have them at fixed positions so they know where they're at and then they can be some of the coordinating and once again, if you spun this yourself with didn't want to use a zero tier servers at all, you'd have to establish your own static IP in the cloud where the moon would live and that would be able to contact these. So they've kind of thought this out for people who don't want to use their servers but like I said, for $29 a month you get unlimited networks. It's really, really reasonable way to do this. And back to the data speeds. One more interesting note is the clients are also aware if they're in the same area. So if we ended up with a client and it's on this network over here, they'll start talking to each other and bypass the firewall so they can speak to each other at an even faster speed than perhaps the internet connection between them. So I want to throw that out there that it's also something that they have in there. Is there some local communication that still talks through the firewall but I've noticed you get better speed that way because it's reaching to the firewall and it can UDP hole punch essentially internally. So kind of a neat feature on there. Now all this is very well documented. The encryption they use, everything is all open source. It's auditable. It's very easy to read through. Well, if you want to understand cryptography but it's all documented, they do have great help documents. Now we're going to jump into how all the zero tier networks looks like that I set up. There's a whole lot of zero tier servers on the internet. They have them spread across all the different continents. Now the nice thing about the way zero tier works by having European locations and US locations is no matter where you are or where your devices are, they're always a reasonably fast connection to get to a local zero tier server to get the connection established so your devices join. So they're distributed around the internet. Now, because they're not relaying all the data, this is one of the secrets to them. A lot of your SD-WAN solutions want to relay all the data through their data center which means a lot of bandwidth which means a lot of expense. By zero tier, just coordinating and creating hole punches between all the different devices, it doesn't have to relay as much data. Hence these servers remain fast and there's quite a few of them online and there's ways you can look and see what zero servers are online. It's got an entire system, a very similar model the way root servers work on the DNS. So there's a distributed model so if any one server goes down, you don't lose connection. Now, I have a zero tier client at home. I have one behind our lab firewall. I have a couple behind our main firewall but on separate networks from each other. And what zero tier is doing here, let's zoom in a little bit, this represents your standard internet going up here. But these red is the zero tier private network and the private network we create is 10.147.18.0.24 slash 24. And even my Android phone I have on here. So there's an IP assigned to each one of these devices. Now, even though this one's at home, this one's here behind two firewalls just because for lab purposes and these ones are on separate network and they don't have direct communication with each other but they all have the secondary IP addresses assigned to them. Let's log in and show you how that looks. So here's a server I refer to as the dot three server because it is on one of our networks sending in a dot three. So what I do, I have config, here's the address 192.1683.183 but here's it zero tier address 10.147.18.14. Now, how does that look? Let me pull the map back over here. That's this particular server right here. So there's its address. So here's another one, 192.168.50.171. It has a zero tier address of 10.147.18.135. So I'll split the screen. This is just Tmux.sh root at 192.168.50.171 and we see its address here that's on eighth one and we hear the zero tier adapter with the 10.35. Now, on this server, I cannot ping 3.183. Server above is unreachable but if we take the zero tier address here of this one, copy it, ping, completely reachable. Matter of fact, because it's just like any other address on that server, root at, we can just say trade into it, yes. And you can see we're in the .3 realtor. Matter of fact, you'll watch the screen above it break because shut down dash R now, I'm just gonna reboot it real quick and you can see it's closed. So what it did was create these virtual IPs that are assigned to them and these two networks, these are two separate virtual machines on two separate networks and they don't have the ability to talk to each other because of the firewall rules on the separate networks but through the zero tier system it adds this extra IP address on each one and they have no problem communicating. There's a really slick system for doing that but how does it work in Windows? So let me show you real quick. So this is a virtual Windows session I have right here. I spun up for this and you can see it has an address of 172.1669188, 172.16691. So it's once again on a separate network again but here's a zero tier address that's in the same range, 10.1471864, which means, so right here we see the connection to 10.1471814. So, oh, and we can ping it and it works perfectly fine but if we wanted to ping that other address it's back up and running right now. That space in here, 3.183. I don't have access to that network but I can see it and I can ping it because once again it's added on there. Now the nice thing is you do have a UI on both Android and on, so you're doing it on phone or if you're doing it on a Windows machine you can show networks, you can view the networks, you can see how they're on there. So a little bit easier to control on Windows in terms of you don't have to deal with the command line but the command lines are really simple and we're gonna show you how to add another one to the network and how you build these networks in general. So let me go ahead and close this window session and I'm gonna bring up the zero tier configuration. So if you wanna create a network you simply start with Create Network and it adds a weird name to it. So this one's apparently a romantic Oikinkarin, I don't know. Gonna start at the top though. So we can name this network Test Network. Oops. It turns orange when you type something and then lets it close later. Let's wanna change its color, that's when it's done saving. It's weird at first, there's no save button, it's just using the fact that it realizes it's change to change something. Next thing, access control, private or public. We're gonna do this as a private network but a public network means anyone with this network ID number can just join the network and automatically be adopted. Private means if you were to copy and paste this ID number and use it to join a network, well you would end up having to approve it later and we're gonna show you how to do an approval. Then you choose the network range you want, you can choose Easy and you can just click one of these ranges and it will build the network out and essentially automatically DHCP these out to the clients as they go on there. It also has IPv6. Then down here, if you want really specific flow rules, it does have an entire rule and flow and routing system you can do. Not to mention you can also add and push route and destinations on there so you can create gateways and things like that. Like I said, it goes out of scope of this talk and this demonstration but it has a lot of advanced features. Matter of fact, they list all kinds of different things you could do when you're trying to flow stream and modify the stream or modify things by MAC address. It's really kind of neat how that works on there. So we're gonna go ahead and scroll this up. There's also by the way an API so this can be automated even further if you wanted to. So let's go back to our zero tier LTS test site network and don't worry, I know this is exposed so if someone may ask, I will be deleting this network so if anyone tries to join it, it'll be broken and it shows you right now that there's five on here already joined. So it's LTS test site, test for YouTube, set it to private, here's that range we assigned to it, 10147180 slash 24, auto assign for easy. Now that's where I'm gonna move it over just a little bit. And the reason I did that was to hide all the public IP addresses of all the machines here. So here's all the different machines. Matter of fact, I'm going to delete this one because I've already removed it from the network because we're gonna rejoin it. So currently, here's all the ones that are on network and off-screen so I don't have to spend time editing and blurring is all the public IPs, here's all the private IPs and here's all the different things I called them. So my phone, I currently have it off and I'm gonna turn my phone on and show you how fast it connects. Phone is in my hand, open up the zero tier app and it's like a little touch button just to turn it on and we'll show you actually how fast zero tier will join even a phone to the network. It seems to join the phone only slightly slower but still within 30 seconds, this is gonna update and be online and be pingable. I just got the online notice on my phone so it's actually online and this will refresh in just a second. But we can probably ping it already so let's go ahead and ping and see if my phone is actually available. So we'll go back into one of the zero tier systems. Yep, even though it hasn't refreshed over here just yet, my phone is available. This will catch up in a second but that's how quick. I mean it is in real time, no skips, no anything. That's how quick zero tier will connect right to a network. Now at first you're gonna see a little bit of the higher response times on the ping and they're gonna get faster because at first it's relaying the data and it goes from relaying the data to then doing the hole punch in there. And I don't know if that's when it says online once it decides the hole punch is on there but the phones in my office and this 50.network is mine, a public IP range that's just off screen. So it's online and as a matter of fact now that it changed online let's see if the ping times go down any. They did. So it went from 420, 130, 56 to, you know, 170 sequays are still in the 100s and 200s but you can get the idea for running an Android phone that the zero tier works perfectly fine here. Let's talk about how do we add something to the zero tier so let me close all these out. Now I have a digital ocean box right here. It's called digital ocean zero tier. It's got a public IP address of 14293, 127, 159. So we're gonna log into that. So we do an IF config and you can see here's that public IP address, 14293, 127, 159. This is a VLAN that is set up from digital ocean so imagine this for some backend access right here so you can ignore that one where it says E0 but we have not installed zero tier on the system and that's what we're gonna do now is go ahead download zero tier and run the installer. Now for those of us that are being lazy like myself you can do the lazy admin post and just copy and paste it right off their website to install. Windows and everything just has an MSI installer. It's listed in the iOS and Android app store to install this which is really easy to set up on any of the devices you want and they also have QNAP and Synology in here as well so if you wanna connect those for sharing that's just a download. So curl-s install zero tier, pipe it through bash I took out sudo cause we're running his root. All right, success, zero tier done, we're installed. So now what? Scroll up here to the top and copy this here and we're gonna do zero tier CLI join the paste in the network, enter, it joined, that was it. Windows you just paste that same network in through the Windows UI simple enough and we're gonna wait a second here. We're gonna watch for this to show up and while we're waiting we will do this, we will do zero tier CLI, well it's online so we're just waiting on it to show up in the list over here, hey there it is. Now, do you see how there's little red dots and there's no check mark? Alls we have to do to join this in a network so if you, you the user watching this on YouTube right now if you were to take that in there you wouldn't join my network automatically unless it was set to public. If you set these to public anyone with that address can just join automatically. So now I have two, just check the box and now it's joined and whoops, DIGITAL, DIGITAL OCEAN, done. So now that's the digital ocean server. It's online, it's joined, we can go status here. If you go status I believe it's dash J and you can see like more details so it outputs a JSON file so if you wanna script this and go further with it you could or we're gonna go now to IF config and show you how it looks. So here's that public IP address on ETH1, this is still the same, here's that extra adapter. 10147198 just like we see here. It's online and that means I should be able to perfectly ping or matter of fact let's just log into it, H root at and I'm gonna log right in, it's that simple. So it's pretty ingenious how they put this together the fact that it works as a standard network adapter on both Windows and on Linux and other devices makes it really easy because you don't have to play with any routing or anything these are all from a basic setup standpoint on the same network so they can talk to each other just as if they're on the same network even though this digital ocean server is in the public IP space it now has local access to that IP address that are all shared across there. So give zero tier a try, like I said nothing to sign up 100 networks for free without paying so you can really put this to the test. I've done speed testing on it as it because it uses UDP it seems to go quite fast I have no problem fully saturating my 150 meg circuit on here and when I was doing some local testing I seen it hit as much as 500 and 600 looping through it doesn't seem to have much overhead or anything like that and you do have really low latency and really low ping times on it because right now I'm looped out through the digital ocean server back down here but I can run commands and everything in real time even though I'm looped out over the zero tier back into my own network I was probably fine like I said it's not like a standard VPN it's a little bit different concept because it's actually adding these extra IP addresses on there but if you have a server you wanna share you just load it, add it one of my videos I'll probably do following up on this is gonna be I wanna do some testing to how well it works with Synology and some other devices but like I said I'm really impressed with it and I'm really looking at it from a management standpoint because of the fact that I can if I have something I want my phone to have access to being able just to slide the button it's easier than a VPN and then your phone is on whatever local network and by the way if you want you can do this let's go back we're gonna make this one a 192 network here and we're gonna go and it's around the digital ocean zero tier so we'll do zero CLI and we can join it to more than one network let's put DO for digital ocean IF config now we have two zero tier adapters so yes in case anyone's wondering you can keep adding I don't know what the limit is but you can have one system that is tied into multiple zero tier networks on different ranges so this one has a 192 range this one has a 10 range and you just choose that through the network settings up here so like I said give zero tier a try I'm really impressed with it it's a really slick system and it's open source so you can actually see all the code and we understand that it's not some magic sauce and it's very auditable very secure the security and everything was really tight they put a lot of thought into it and they didn't just start this project yesterday this has been around for a couple years and gaining some popularity I just can't believe I didn't know about it sooner alright thanks thanks for watching if you liked this video give it a thumbs up if you want to subscribe to this channel to see more content hit that subscribe button and the bell icon and maybe YouTube will send you a notice when we post if you want to hire us for a project that you've seen or discussed in this video head over to laurancesystems.com where we offer both business IT services and consulting services and are excited to help you with whatever project you want to throw at us also if you want to carry on the discussion further head over to forums.laurancesystems.com where we can keep the conversation going and if you want to help the channel out in other ways we offer affiliate links below which offer discounts for you and a small cut for us that does help fund this channel and once again thanks again for watching this video and see you next time