ZeroTier Network Controller with UI using MikroTik Container

ZeroTier Network Controller’s top features include virtual network creation, device management, security, scalability, and cost-effectiveness. ZeroTier offers a web interface for Hosted Controller that allows you to manage your virtual networks, devices, and other settings. I prefer using a Self Hosted Controller with User Interface.

The article covers the usage of ZTNCUI, an open-source software that offers a web-based dashboard for managing ZeroTier networks. It explains how to use ZTNCUI with MikroTik Cloud Hosted Router, providing detailed instructions on how to set up and manage virtual networks, add or remove devices, and monitor network traffic and performance using the web interface.

Prepare your MikroTik CHR

You can skip some of the steps (and/or adopt them) if you are already there (e.g. Container mode; Network; Bridge and VEHT, NAT)

Container mode

Enable Container mode:

/system/device-mode/update container=yes

You will need to confirm the device mode with a press of the reset button, or a cold reboot if using the container on X86.


Create network

add name=veth1 address= gateway=

Bridge and VEHT

Create a bridge for the container and add the Virtual Ethernet Interface (VEHT) as a port to it:

add name=dockers
add address= interface=dockers
add bridge=Dockers interface=veth1


Ensure that the mascarade (Source NAT) for outgoing traffic is available:

add chain=srcnat action=masquerade src-address=

Container Mounts

Add mounts for the container:

add dst=/opt/key-networks/ztncui/etc name=zerotier_config src=/disk1/zt/etc
add dst=/var/lib/zerotier-one name=ztncui_config src=/disk1/zt/zerotier-one

Configure and add environment variables for the container

add key=HTTPS_PORT name=ztncui value=3443
add key=HTTP_PORT name=ztncui value=3000
add key=MYDOMAIN name=ztncui value=<YOUR_DOMAIN_NAME>
add key=NODE_ENV name=ztncui value=production
add key=HTTP_ALL_INTERFACES name=ztncui value=YES
* Password requirement (INITIAL_ADMIN_USER_PASSWORD): minimum password length is 10 characters

If you do not set the INITIAL_ADMIN_USER_PASSWORD environment variable, you have to get your randomly generated password from the container logs:

/container/shell number=0
cat /var/log/docker-ztncui.log

* If you have more containers already running, please have in mind the number value. Also, run cat inside the container.

Forward TCP port 3443

add action=dst-nat chain=dstnat dst-address=<ROUTERS_PUBLIC_OR_PRIVATE_IP_ADDRESS> dst-port=3443 protocol=tcp to-addresses= to-ports=3443

Docker image

Set registry-url and pull get an image from an external library

set registry-url= tmpdir=disk1/pull
add remote-image=keynetworks/ztncui interface=veth1 root-dir=disk1/ztncui mounts=zerotier_config,ztncui_config envlist=ztncui



, , ,