Create a Network
A ZeroTier network is essentially a secure Local Area Network (LAN) that you can use anywhere in the world. Let's make one and connect two devices over ZeroTier.
We'll use ping to test the connection. Any two devices that can run ZeroTier will do: laptop, phone, virtual machine, etc…
Both devices can be at the same location, on the same physical network. If you move one to a cafe or to your office, it should still just work.
The rough outline is:
Create a ZeroTier network
Join the network from two devices
ping one device from the other over the ZeroTier network
This should take about 5 minutes.
Results Preview
Here is a summary of the results of this tutorial, if you're a networking person.
If this doesn't mean anything to you, that's OK. We'll get there.
Each zerotier network you join creates a network interface on your device. It's like adding another Ethernet port to your computer.
Go to my.zerotier.com and create an account.
Make sure you're on the "Networks" tab of my.zerotier.com
Click the Create A Network button.
This creates a virtual network with a random ID and a random name. We got "fervent_smathers" and d5e04297a16fa690 here.
Click anywhere on the network to go to the details page for this network.
See the Network Settings panel:
We don't need to change any settings, but we can change the name of the network to personalize it.
Change "fervent_smathers" to "my cool network" or whatever you like.
Collapse the Settings panel. Click on the word "Settings" at the top of the panel.
You don't need to change any other settings.
See the Network Members panel:
It should say "No devices have joined this network".
Leave this browser tab open. We'll look at it again later.
For mobile devices, use the app store.
Go to zerotier.com/download in a different tab of your browser.
Run the installer
The ZeroTier client should now running on your device.
We need to tell the client to "join" the virtual network we just created.
Copy the Network ID of the network from my.zerotier.com This is the long number that looks like like: d5e04297a16fa690
Paste the Network ID into the "join" command on your device
On macOS and Windows, there is a menubar/tray app. Select "join" from the menu.
macOS
Windows
Command Line
Mobile
On linux, you need to be root, or use sudo in front of the commands On macOS, sudo is not required. On Windows, you need to use an Admin Prompt. Type "powershell" into the start menu, then right click and "Open as Admin"
note
Every running instance of ZeroTier has a unique address. It's the 10 digit "Address" in the app, or zerotier-cli info command.
ZeroTier addresses are a very secure method of unique identification.
At this point, your client should say "Access Denied." A device can't talk on your network unless you allow it, even if someone discovers the network's ID.
macOS
Windows
Linux
Mobile
Go to the Members panel that we left open on my.zerotier.com
Your node that just "joined" should appear here.
The "Address" should match the address in your client.
Click the "Auth?" check box for it.
Give it a name. Type something like "laptop" or "bob" into the (short name) input.
Back on your computer, your client should now say "OK" instead of "ACCESS DENIED" and it should show your custom "my cool network" name.
macOS
Windows
Linux
Mobile
``` % zerotier-cli listnetworks200 listnetworks 200 listnetworks d5e04297a16fa690 my cool network 92:2c:98:8f:4a:e5 OK PRIVATE feth3903 172.22.195.59/16``````
Now you have 1 member on your network. A network with 1 member can't do much.
We need to have 2 devices connected to the same ZeroTier network.
Repeat the join and authorize steps with your second device.
Now you have two authorized nodes on your network. They should be able to talk over ZeroTier.
Your Network Members section should look something like this:
The "Managed IPs" will be different on your network.
We're going to test with ping. It's the only program that we can think of that exists by default on every operating system.
This is a command line program, but don't worry: You can do it.
Windows by default doesn't respond to pings. If you try to ping a Windows computer from a different computer, it won't work. You can enable ping.
ZeroTier automatically enables ping on your ZeroTier network adapter now. You can probably skip this step!
How to enable ping on Windows
Search for Windows Firewall in the Start Menu, and click to open it.
Click Advanced Settings on the left.
From the left pane of the resulting window, click Inbound Rules.
In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In).
Right-click each rule and choose Enable Rule.
Here is a tutorial by Microsoft
Open the command line on your computer
macOS
Windows
Linux
Mobile
Use Spotlight (cmd-space) to search for Terminal
Apple's Instructions
Search for "powershell" and open it
Microsoft's Instructions
It's different on every flavor of Linux. You'll have to search duckduckgo for "open terminal ubuntu" or similar.
Mobile operating systems don't have a command line. You can download a "ping" app from your app store if you want.
Or ping your phone from your desktop computer.
Try switching your phone from wifi to cell and back. It may take about a minute, but ZeroTier should automatically keep the connection working.
Back in the Command Line / Terminal that you just opened:
type ping -c 5 $ZEROTIER_IP_ADDRESS `<enter>` into your command line.
A successful ping:
Try it with both ZeroTier Managed addresses on your network.
One of them is the same device you're on, so you're pinging yourself. Pinging the other device might be a little more interesting.
info
If something goes wrong you might see something like:
or
There may just be a typo in the IP address. Double check that your device is authorized at my.zerotier.com
Contact us on the discussion forum and see the troubleshooting section if you get stuck.
ping doesn't accomplish anything, but it does tell us ZeroTier is working. It's useful to know about for troubleshooting networks, not just ZeroTier networks.
Visit the discussion forum to talk about your use-cases or if you get stuck.
Windows Remote Desktop
ssh (try mosh)
Private Gaming LAN
Access the web interfaces of your home lab
Build your own VPN
Route to a remote subnet
Route to a Docker network
Add dns to your network
A node can join many networks at once. Make sure they don't use the same subnet!
You can have a home network, a friends network, and a work network, for example.
They don't all need to be networks that you've created. You can join other people's networks.
For more info on the cryptography and protocol, see the: Design Whitepaper
We'll use ping to test the connection. Any two devices that can run ZeroTier will do: laptop, phone, virtual machine, etc…
Both devices can be at the same location, on the same physical network. If you move one to a cafe or to your office, it should still just work.
The rough outline is:
Create a ZeroTier network
Join the network from two devices
ping one device from the other over the ZeroTier network
This should take about 5 minutes.
Results Preview
Here is a summary of the results of this tutorial, if you're a networking person.
If this doesn't mean anything to you, that's OK. We'll get there.
Each zerotier network you join creates a network interface on your device. It's like adding another Ethernet port to your computer.
node1# ip -o a1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever2: eth0 inet 192.168.182.201/24 brd 192.168.182.255 scope global dynamic noprefixroute eth0\ valid_lft 3277sec preferred_lft 2827sec9: zt3jn2z57r inet 10.2.0.11/23 brd 10.2.1.255 scope global zt3jn2z57r\ valid_lft forever preferred_lft forevernode2# ip -o a1: lo inet 127.0.0.1/8 scope host lo\ valid_lft forever preferred_lft forever2: eth0 inet 192.168.182.202/24 brd 192.168.182.255 scope global dynamic noprefixroute eth0\ valid_lft 3277sec preferred_lft 2827sec9: zt3jn2z57r inet 10.2.0.12/23 brd 10.2.1.255 scope global zt3jn2z57r\ valid_lft forever preferred_lft forevernode1# ping -c 3 10.2.0.12PING 10.2.0.2 (10.2.0.12) 56(84) bytes of data.64 bytes from 10.2.0.12: icmp_seq=1 ttl=64 time=5.66 ms64 bytes from 10.2.0.12: icmp_seq=2 ttl=64 time=6.62 ms64 bytes from 10.2.0.12: icmp_seq=3 ttl=64 time=8.50 ms--- 10.2.0.12 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2004msCreate your first ZeroTier network
Create an account
Go to my.zerotier.com and create an account.
Create a network
Make sure you're on the "Networks" tab of my.zerotier.com
Click the Create A Network button.
This creates a virtual network with a random ID and a random name. We got "fervent_smathers" and d5e04297a16fa690 here.
Click anywhere on the network to go to the details page for this network.
See the Network Settings panel:
We don't need to change any settings, but we can change the name of the network to personalize it.
Change "fervent_smathers" to "my cool network" or whatever you like.
Collapse the Settings panel. Click on the word "Settings" at the top of the panel.
You don't need to change any other settings.
See the Network Members panel:
It should say "No devices have joined this network".
Leave this browser tab open. We'll look at it again later.
Setup the ZeroTier app[](#setup-the-zerotier-app "Direct link to Setup the ZeroTier app")
Download and install ZeroTier
For mobile devices, use the app store.
Go to zerotier.com/download in a different tab of your browser.
Run the installer
The ZeroTier client should now running on your device.
Join your first ZeroTier network
We need to tell the client to "join" the virtual network we just created.
Copy the Network ID of the network from my.zerotier.com This is the long number that looks like like: d5e04297a16fa690
Paste the Network ID into the "join" command on your device
On macOS and Windows, there is a menubar/tray app. Select "join" from the menu.
macOS
Windows
Command Line
Mobile
 On linux, you need to be root, or use sudo in front of the commands On macOS, sudo is not required. On Windows, you need to use an Admin Prompt. Type "powershell" into the start menu, then right click and "Open as Admin"
% zerotier-cli info200 info 8af72edda7 1.10.2 ONLINE% zerotier-cli join d5e04297a16fa690200 join OKnote
Every running instance of ZeroTier has a unique address. It's the 10 digit "Address" in the app, or zerotier-cli info command.
ZeroTier addresses are a very secure method of unique identification.
Authorize your device on your network
At this point, your client should say "Access Denied." A device can't talk on your network unless you allow it, even if someone discovers the network's ID.
macOS
Windows
Linux
Mobile
# zerotier-cli listnetworks200 listnetworks d5e04297a16fa690 92:61:0e:25:b1:8d ACCESS_DENIED PRIVATE ztijas2mjr -Authorize your device
Go to the Members panel that we left open on my.zerotier.com
Your node that just "joined" should appear here.
The "Address" should match the address in your client.
Click the "Auth?" check box for it.
Give it a name. Type something like "laptop" or "bob" into the (short name) input.
Confirm authorization
Back on your computer, your client should now say "OK" instead of "ACCESS DENIED" and it should show your custom "my cool network" name.
macOS
Windows
Linux
Mobile
``` % zerotier-cli listnetworks200 listnetworks 200 listnetworks d5e04297a16fa690 my cool network 92:2c:98:8f:4a:e5 OK PRIVATE feth3903 172.22.195.59/16``````
Now you have 1 member on your network. A network with 1 member can't do much.
Repeat with another device
We need to have 2 devices connected to the same ZeroTier network.
Repeat the join and authorize steps with your second device.
Test connectivity
Now you have two authorized nodes on your network. They should be able to talk over ZeroTier.
Your Network Members section should look something like this:
The "Managed IPs" will be different on your network.
We're going to test with ping. It's the only program that we can think of that exists by default on every operating system.
This is a command line program, but don't worry: You can do it.
Gotcha: Windows blocks ping
Windows by default doesn't respond to pings. If you try to ping a Windows computer from a different computer, it won't work. You can enable ping.
ZeroTier automatically enables ping on your ZeroTier network adapter now. You can probably skip this step!
How to enable ping on Windows
Search for Windows Firewall in the Start Menu, and click to open it.
Click Advanced Settings on the left.
From the left pane of the resulting window, click Inbound Rules.
In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In).
Right-click each rule and choose Enable Rule.
Here is a tutorial by Microsoft
Open the command line
Open the command line on your computer
macOS
Windows
Linux
Mobile
Use Spotlight (cmd-space) to search for Terminal
Apple's Instructions
Search for "powershell" and open it
Microsoft's Instructions
It's different on every flavor of Linux. You'll have to search duckduckgo for "open terminal ubuntu" or similar.
Mobile operating systems don't have a command line. You can download a "ping" app from your app store if you want.
Or ping your phone from your desktop computer.
Try switching your phone from wifi to cell and back. It may take about a minute, but ZeroTier should automatically keep the connection working.
Find the ZeroTier IP Addresses of your devices
Try the ping command
Back in the Command Line / Terminal that you just opened:
type ping -c 5 $ZEROTIER_IP_ADDRESS `<enter>` into your command line.
A successful ping:
% ping -c 5 172.22.217.93PING 172.22.217.93 (172.22.217.93): 56 data bytes64 bytes from 172.22.217.93: icmp_seq=0 ttl=64 time=22.362 ms64 bytes from 172.22.217.93: icmp_seq=1 ttl=64 time=10.157 ms64 bytes from 172.22.217.93: icmp_seq=2 ttl=64 time=9.414 ms64 bytes from 172.22.217.93: icmp_seq=3 ttl=64 time=9.019 ms64 bytes from 172.22.217.93: icmp_seq=4 ttl=64 time=9.180 ms--- 172.22.217.93 ping statistics ---5 packets transmitted, 5 packets received, 0.0% packet lossround-trip min/avg/max/stddev = 9.019/12.026/22.362/5.182 msTry it with both ZeroTier Managed addresses on your network.
One of them is the same device you're on, so you're pinging yourself. Pinging the other device might be a little more interesting.
info
If something goes wrong you might see something like:
% ping -c 5 172.22.217.92PING 172.22.217.92 (172.22.217.92): 56 data bytesRequest timeout for icmp_seq 0Request timeout for icmp_seq 1Request timeout for icmp_seq 2Request timeout for icmp_seq 3--- 172.22.217.92 ping statistics ---5 packets transmitted, 0 packets received, 100.0% packet lossor
ping -c 5 192.168.123.234PING 192.168.123.234 (192.168.123.234): 56 data bytes92 bytes from 192.168.82.1: Destination Port UnreachableVr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 56e7 0 0000 3f 01 d4ad 192.168.82.217 192.168.123.234There may just be a typo in the IP address. Double check that your device is authorized at my.zerotier.com
Contact us on the discussion forum and see the troubleshooting section if you get stuck.
Conclusion
ping doesn't accomplish anything, but it does tell us ZeroTier is working. It's useful to know about for troubleshooting networks, not just ZeroTier networks.
Visit the discussion forum to talk about your use-cases or if you get stuck.
Now, use ZeroTier to do something you want to do
Some popular uses
Windows Remote Desktop
ssh (try mosh)
Private Gaming LAN
Access the web interfaces of your home lab
Build your own VPN
Route to a remote subnet
Route to a Docker network
Add dns to your network
Join multiple networks
A node can join many networks at once. Make sure they don't use the same subnet!
You can have a home network, a friends network, and a work network, for example.
They don't all need to be networks that you've created. You can join other people's networks.
Check out the Whitepaper
For more info on the cryptography and protocol, see the: Design Whitepaper
Updated on: 21/04/2025
Thank you!