ZeroTier Network Controller’s top features include virtual network creation, device management, security, scalability, and cost-effectiveness. ZeroTier offers a web interface for Hosted Controller that allows you to manage your virtual networks, devices, and other settings. I prefer using a Self Hosted Controller with User Interface.
The article covers the usage of ZTNCUI, an open-source software that offers a web-based dashboard for managing ZeroTier networks. It explains how to use ZTNCUI with MikroTik Cloud Hosted Router, providing detailed instructions on how to set up and manage virtual networks, add or remove devices, and monitor network traffic and performance using the web interface.
Prepare your MikroTik CHR
You can skip some of the steps (and/or adopt them) if you are already there (e.g. Container mode; Network; Bridge and VEHT, NAT)
Container mode
Enable Container mode:
/system/device-mode/update container=yesYou will need to confirm the device mode with a press of the reset button, or a cold reboot if using the container on X86.
Network
Create network
/interface/veth/
add name=veth1 address=172.16.0.2/24 gateway=172.16.0.1Bridge and VEHT
Create a bridge for the container and add the Virtual Ethernet Interface (VEHT) as a port to it:
/interface/bridge/
add name=dockers
/ip/address/
add address=172.16.0.1/24 interface=dockers
/interface/bridge/port/
add bridge=Dockers interface=veth1NAT
Ensure that the mascarade (Source NAT) for outgoing traffic is available:
/ip/firewall/nat/
add chain=srcnat action=masquerade src-address=172.16.0.0/24Container Mounts
Add mounts for the container:
/container/mounts/
add dst=/opt/key-networks/ztncui/etc name=zerotier_config src=/disk1/zt/etc
/container/mounts/
add dst=/var/lib/zerotier-one name=ztncui_config src=/disk1/zt/zerotier-oneConfigure and add environment variables for the container
/container/envs/
add key=ZTNCUI_PASSWD name=ztncui value=<INITIAL_ADMIN_USER_PASSWORD>
add key=HTTPS_PORT name=ztncui value=3443
add key=HTTP_PORT name=ztncui value=3000
add key=MYADDR name=ztncui value=<ROUTERS_PUBLIC_OR_PRIVATE_IP_ADDRESS>
add key=MYDOMAIN name=ztncui value=<YOUR_DOMAIN_NAME>
add key=NODE_ENV name=ztncui value=production
add key=HTTP_ALL_INTERFACES name=ztncui value=YES* Password requirement (INITIAL_ADMIN_USER_PASSWORD): minimum password length is 10 characters
If you do not set the INITIAL_ADMIN_USER_PASSWORD environment variable, you have to get your randomly generated password from the container logs:
/container/shell number=0
cat /var/log/docker-ztncui.log* If you have more containers already running, please have in mind the number value. Also, run cat inside the container.
Forward TCP port 3443
/ip/firewall/nat/
add action=dst-nat chain=dstnat dst-address=<ROUTERS_PUBLIC_OR_PRIVATE_IP_ADDRESS> dst-port=3443 protocol=tcp to-addresses=172.16.0.2 to-ports=3443Docker image
Set registry-url and pull get an image from an external library
/container/config/
set registry-url=https://ghcr.io tmpdir=disk1/pull
/container/
add remote-image=keynetworks/ztncui interface=veth1 root-dir=disk1/ztncui mounts=zerotier_config,ztncui_config envlist=ztncui