TrueNas( or freenas) + Zerotier (how to install zerotier on truenas )
Unlock package management
# sed -i .orig 's/enabled: yes/enabled: no/' /usr/local/etc/pkg/repos/local.conf
# sed -i .orig 's/enabled: no/enabled: yes/' /usr/local/etc/pkg/repos/FreeBSD.conf
Update & install the package
#pkg update
#pkg install zerotier
Add on /usr/local/sbin this script with correct permission (in my example zt.sh)
after the join on the last row put your network ID
zt.sh :
#!/bin/bash
ln -s /usr/local/var/db/zerotier-one /var/db/zerotier-one
/usr/local/sbin/zerotier-one -d /usr/local/var/db/zerotier-one
sleep 1
/usr/local/bin/zerotier-cli join 0123456789012345
Start it after the boot process
TASKS -> init/shutdown scripts
ADD script in the postinit
OPNsense + Zerotier configuration of Allow client parameters persistent
You can find the files of network in /var/db/zerotier-one/networks.d/<NETWORK-ID>.local.conf edit it with the selected config parameters:
allowManaged=1
allowGlobal=0
allowDefault=0
allowDNS=0
save the file and restart the Zerotier service
Fix on macOS AnyConnect error: cannot confirm it is connected to your secure gateway. The local network may not be trustworthy. Please try another network
Open terminal and do the following (you will need administrator rights on your Mac)
cd /opt/cisco/AnyConnect
sudo nano AnyConnectLocalPolicy.xml
Then edit the field for ExcludeMacNativeCertStore to "true"
<ExcludeMacNativeCertStore>true</ExcludeMacNativeCertStore>
Quit AnyConnect and start it up again.
You will now receive a certificate warning with the option to continue and, if available, install the certificate.
Chrome tip & triks
1- Error Chrome NET::ERR_CERT_INVALID (self signed certificate)
There’s a secret passphrase built into the error page (advanced). Just make sure the page is selected (click anywhere on the background), and type `thisisunsafe` and [ENTER]
2- Self Signed Certificate from localhsot
go to url chrome://flags/#allow-insecure-localhost and enable the option
Zerotier Linux internal DNS
https://www.zerotier.com/
One of the biggest problem with zerotier was the internal dns resolution for the road warrior users.(for Android this problem was fixed by the zerotier team and i think in the near future the team will fix the problem for linux and windows too)
A little workaround for Linux systems
here 2 Simple scripts to connect the linux system to you “internal” DNS server.
Configure an zerotier edge (like an opnsense firewall or a linux system: es. https://support.zerotier.com/knowledgebase.php?entry=show&search-for=&article=ZWFhNWMyMTZjODY1ODcwNmFhZmJjYmRhN2I5MjRhOGQ_ ) as a possible default gateway of your network from the zero tier console on Managed Routes (add a route like 0.0.0.0/0 to <zerotier_edge_ip>
you can use this 2 scripts on your linux system (systemd compatible)
— For start your Session —
zerotier-start.sh:(remember to set the correct network and DNS IP in the script)
#!/bin/bash
sudo echo "DNS=<YOUR_PRIVATE_DNS_IP>" >> /etc/systemd/resolved.conf
sudo systemctl restart systemd-resolved
sudo /etc/init.d/zerotier-one restart
sudo zerotier-cli set <network> allowManaged=true
sudo zerotier-cli set <network> allowGlobal=true
sudo zerotier-cli set <network> allowDefault=true
make the script zerotier-start.sh executable
— For stop your Session —
zerotier-stop.sh:(remember to set the correct network and DNS IP in the script)
#!/bin/bash
sudo sed -i "/DNS=<YOUR_PRIVATE_DNS_IP>/d" /etc/systemd/resolved.conf
sudo systemctl restart systemd-resolved
sudo zerotier-cli set <network> allowManaged=false
sudo zerotier-cli set <network> allowGlobal=false
sudo zerotier-cli set <network> allowDefault=false
sudo /etc/init.d/zerotier-one stop
sudo /etc/init.d/networking restart
make the file executable
And Remeber!!!! run the Stop scrtpt every time you have finished your zerotier session.