Use case: quick overlay between sites/devices. Keep membership tight, pin routes, and don’t bridge recklessly.
1) Install & join
curl -s https://install.zerotier.com | sudo bash
sudo zerotier-cli join <network-id>Authorise the member in the controller, assign a static managed IP.
2) Secure defaults
- Disable auto-bridge; don’t expose whole LANs by accident.
- Use managed routes to specific subnets only.
- Host firewall: allow only what you mean on the
zt*interface.
3) Can’t ping? Checklist
- Member authorised? Correct managed IP assigned?
- Routes pushed for both sides? Kernel forwarding enabled where needed?
- Firewall on each host allows ICMP/SSH on the
zt*interface?
4) Prefer WireGuard/SSM when
- You only need admin access to a few servers.
- Compliance forbids third-party controllers.
Security gaps in Linux and cloud systems risk downtime, data compromise, lost business — and compliance failures.
With 20+ years’ experience and active UK Security Check (SC) clearance, I harden Linux and cloud platforms for government, corporate, and academic sectors — ensuring secure, compliant, and resilient infrastructure.