Posted 5 days ago by Vanessa

Setting up a VPN on your own VPS gives you complete control over your network privacy and security. ZeroTier offers a unique approach to VPN technology by creating software-defined networks that are both secure and easy to manage. In this guide, we’ll walk through setting up ZeroTier on a Ramnode VPS running Ubuntu 24 or higher.

What is ZeroTier?

ZeroTier is a software-defined networking platform that creates secure peer-to-peer networks. Unlike traditional VPNs that route all traffic through a central server, ZeroTier creates direct encrypted connections between devices while maintaining centralized network management and authentication.

Prerequisites

Before we begin, ensure you have:

  • A Ramnode VPS with Ubuntu 24.04 LTS or higher
  • Root or sudo access to your VPS
  • Basic familiarity with Linux command line
  • A ZeroTier account (free at zerotier.com)

Initial VPS Setup and Security

First, let’s make sure your VPS is properly configured and secured.

Update Your System

sudo apt update && sudo apt upgrade -y

Configure Basic Firewall

# Install UFW if not already installed
sudo apt install ufw -y

# Set default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow SSH (adjust port if you've changed it)
sudo ufw allow 22/tcp

# Allow ZeroTier traffic
sudo ufw allow 9993/udp

# Enable firewall
sudo ufw enable

Install ZeroTier

ZeroTier provides an official installation script that works seamlessly with Ubuntu 24+.

Download and Install ZeroTier

# Download and run the official installation script
curl -s https://install.zerotier.com | sudo bash

This script will:

  • Add the ZeroTier repository to your system
  • Install the ZeroTier service
  • Start the ZeroTier daemon automatically

Verify Installation

# Check if ZeroTier service is running
sudo systemctl status zerotier-one

# Check ZeroTier version
zerotier-cli info

You should see output showing the service is active and your ZeroTier node ID.

Create and Configure Your ZeroTier Network

Create a Network

  1. Log into your ZeroTier Central account at my.zerotier.com
  2. Click “Create A Network”
  3. Note your new Network ID (16-character string)
  4. Give your network a descriptive name

Configure Network Settings

In ZeroTier Central:

  1. Access Control: Set to “Private” for security
  2. IPv4 Auto-Assign: Enable and configure a subnet (e.g., 10.147.20.0/24)
  3. IPv6 Auto-Assign: Enable if needed
  4. Broadcast: Enable if you need broadcast traffic

Join Your VPS to the Network

Join the Network

# Replace NETWORK_ID with your actual 16-character network ID
sudo zerotier-cli join NETWORK_ID

Authorize the VPS

  1. Return to ZeroTier Central
  2. Go to your network’s Members section
  3. Find your VPS (identified by its Node ID)
  4. Check the “Authorized” checkbox
  5. Optionally assign a static IP or use the auto-assigned one

Verify Connection

# Check network status
zerotier-cli listnetworks

# Check assigned IP
ip addr show zt+

Configure Routing (Optional)

If you want to route internet traffic through your VPS or access other networks:

Enable IP Forwarding

# Enable IP forwarding temporarily
sudo sysctl net.ipv4.ip_forward=1

# Make it permanent
echo 'net.ipv4.ip_forward=1' | sudo tee -a /etc/sysctl.conf

Configure NAT (for internet routing)

# Replace eth0 with your actual interface name
# Replace 10.147.20.0/24 with your ZeroTier subnet

sudo iptables -t nat -A POSTROUTING -s 10.147.20.0/24 -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i zt+ -o eth0 -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o zt+ -m state --state RELATED,ESTABLISHED -j ACCEPT

Make iptables Rules Persistent

# Install iptables-persistent
sudo apt install iptables-persistent -y

# Save current rules
sudo netfilter-persistent save

Connect Client Devices

Install ZeroTier on Client Devices

Windows/macOS: Download from zerotier.com Linux: Use the same installation script Mobile: Install from app stores

Join the Same Network

On each client device:

# Use the same Network ID
zerotier-cli join NETWORK_ID

Then authorize each device in ZeroTier Central.

Advanced Configuration

Custom Routes

In ZeroTier Central, you can add custom routes to direct specific traffic through your VPS:

  1. Go to your network’s “Settings” tab
  2. Under “Managed Routes”, add routes like:
    • 0.0.0.0/0 via [VPS_ZEROTIER_IP] (routes all internet traffic)
    • 192.168.1.0/24 via [VPS_ZEROTIER_IP] (routes specific subnet)

Flow Rules

ZeroTier supports network micro-segmentation through flow rules. Basic rules are configured automatically, but you can create custom rules for advanced traffic control.

Testing and Troubleshooting

Test Connectivity

# From a client device, ping your VPS ZeroTier IP
ping [VPS_ZEROTIER_IP]

# Test internet routing (if configured)
curl -4 icanhazip.com

Common Issues and Solutions

Connection fails:

  • Check firewall rules (UDP 9993)
  • Verify network authorization in ZeroTier Central
  • Ensure devices are on the same network ID

Slow performance:

  • ZeroTier attempts direct connections; firewalls may force relay mode
  • Check zerotier-cli peers for connection types

Routing issues:

  • Verify IP forwarding is enabled
  • Check iptables rules
  • Confirm routes in ZeroTier Central

Monitoring

# Check ZeroTier status
zerotier-cli status

# List network peers
zerotier-cli peers

# Monitor logs
sudo journalctl -u zerotier-one -f

Security Considerations

  1. Keep ZeroTier Updated: Regularly update the ZeroTier client
  2. Network Access Control: Use private networks and carefully manage authorizations
  3. Monitor Connected Devices: Regularly review connected devices in ZeroTier Central
  4. Firewall Configuration: Maintain proper firewall rules on your VPS
  5. Regular Backups: Backup your VPS configuration regularly

Conclusion

You now have a fully functional ZeroTier VPN running on your Ramnode VPS. This setup provides you with:

  • Secure, encrypted connections between all your devices
  • Direct peer-to-peer communication when possible
  • Centralized network management through ZeroTier Central
  • The ability to route traffic through your VPS for privacy
  • A scalable network that can grow with your needs

ZeroTier’s software-defined networking approach offers more flexibility than traditional VPNs while maintaining ease of use. Your Ramnode VPS serves as both a network member and potentially a routing gateway, giving you complete control over your private network infrastructure.

Remember to keep both your VPS and ZeroTier client updated, monitor your network regularly, and follow security best practices to maintain a secure and reliable VPN setup.