TrueNas( or freenas) + Zerotier (how to install zerotier on truenas )

Unlock package management

# sed -i .orig 's/enabled: yes/enabled: no/' /usr/local/etc/pkg/repos/local.conf
# sed -i .orig 's/enabled: no/enabled: yes/' /usr/local/etc/pkg/repos/FreeBSD.conf

Update & install the package

#pkg update
#pkg install zerotier

Add on /usr/local/sbin this script with correct permission (in my example

after the join on the last row put your network ID :

ln -s /usr/local/var/db/zerotier-one /var/db/zerotier-one
/usr/local/sbin/zerotier-one -d /usr/local/var/db/zerotier-one
sleep 1
/usr/local/bin/zerotier-cli join 0123456789012345

Start it after the boot process

TASKS -> init/shutdown scripts

ADD script in the postinit

Fix on macOS AnyConnect error: cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network

Open terminal and do the following (you will need administrator rights on your Mac)

cd /opt/cisco/AnyConnect

sudo nano AnyConnectLocalPolicy.xml

Then edit the field for ExcludeMacNativeCertStore to "true"


Quit AnyConnect and start it up again. 

You will now receive a certificate warning with the option to continue and, if available, install the certificate.

Chrome tip & triks

1- Error Chrome NET::ERR_CERT_INVALID (self signed certificate)

There’s a secret passphrase built into the error page (advanced). Just make sure the page is selected (click anywhere on the background), and type `thisisunsafe` and [ENTER]

2- Self Signed Certificate from localhsot

go to url chrome://flags/#allow-insecure-localhost and enable the option

Zerotier Linux internal DNS

One of the biggest problem with zerotier was the internal dns resolution for the road warrior users.(for Android this problem was fixed by the zerotier team and i think in the near future the team will fix the problem for linux and windows too)
A little workaround for Linux systems

here 2 Simple scripts to connect the linux system to you “internal” DNS server.

Configure an zerotier edge (like an opnsense firewall or a linux system: es. ) as a possible  default gateway of your network from  the zero tier console on Managed Routes (add a route like to <zerotier_edge_ip>


you can use this 2 scripts on your linux system (systemd compatible)

— For start your Session — to set the correct network and DNS IP in the script)

sudo echo "DNS=<YOUR_PRIVATE_DNS_IP>" >> /etc/systemd/resolved.conf
sudo systemctl restart systemd-resolved
sudo /etc/init.d/zerotier-one restart
sudo zerotier-cli set <network> allowManaged=true
sudo zerotier-cli set <network> allowGlobal=true
sudo zerotier-cli set <network> allowDefault=true
make the script executable

— For stop your Session — to set the correct network and DNS IP in the script)

sudo sed -i "/DNS=<YOUR_PRIVATE_DNS_IP>/d" /etc/systemd/resolved.conf
sudo systemctl restart  systemd-resolved
sudo zerotier-cli set <network> allowManaged=false
sudo zerotier-cli set <network> allowGlobal=false
sudo zerotier-cli set <network> allowDefault=false
sudo /etc/init.d/zerotier-one stop
sudo /etc/init.d/networking restart
make the file executable

And Remeber!!!! run the Stop scrtpt every time you have finished your zerotier session.