ZeroTier is an incredibly useful tool to enable true access from anywhere to any networked resource. I’ve been using it for a few months to access my Home Assistant instances, VNC to my home Mac, and log in to my servers even as I’m traveling and using odd networks like airplane and hotel Wi-Fi and LTE on my iPhone. Although TrueNAS has removed ZeroTier support, the FreeBSD package is easy to install and seems to work fine! The only issue is that it doesn’t persist across reboots without some major risky work.
You would probably like my other article, How to Connect Everything from Everywhere with ZeroTier
FreeNAS, TrueNAS, and ZeroTier
TrueNAS is one of the best options for building a home or small office fileserver. Formerly known as FreeNAS, it uses ZFS and FreeBSD to provide reliable and flexible storage. I’ve previously written about my home TrueNAS build, which I use for general file storage as well as Time Machine backups, and it’s still going strong.
ZeroTier was offered as an installable package for FreeNAS but was removed in version 11.3. According to Kris Moore, SVP of Engineering at iXsystems, maker of TrueNAS, it was removed for licensing reasons. Apparently, ZeroTier no longer allows governmental or SaaS use, and iXsystems felt this was incompatible with TrueNAS. Although it is possible to access a TrueNAS system using OpenVPN, WireGuard, or even through a router on a ZeroTier network, I strongly prefer a native ZeroTier client.
Install FreeBSD Packages on TrueNAS 12
Since TrueNAS is built on FreeBSD 12, it can easily run the native FreeBSD build of ZeroTier. Although TrueNAS is configured by default not to allow installation of FreeBSD packages, it is fairly easy to enable this and install ZeroTier.
The first step is to allow FreeBSD packages to be installed. As documented by Justin Silver, this requires modifying two files to enable access to the FreeBSD repository. SSH to your TrueNAS box and do the following.
Disable local packages:
sudo vi /usr/local/etc/pkg/repos/local.conf # Change "enabled: yes" to "enabled: no" to turn off access to the local packages repo
Enable FreeBSD packages:
sudo vi /usr/local/etc/pkg/repos/FreeBSD.conf # Change "enabled: no" to "enabled: yes" to allow access to the FreeBSD packages repo
Now you will be able to install any FreeBSD package using the native pkg utility. This will not persist following a reboot, so updating ZeroTier won’t be possible without going through these steps again!
Install ZeroTier on TrueNAS 12
Assuming you have already set up ZeroTier and have a network ID, type the following in your TrueNAS terminal to install and configure the FreeBSD ZeroTier package:
sudo pkg install zerotier sudo /usr/local/sbin/zerotier-one -d sudo /usr/local/bin/zerotier-cli join <your network ID>
If all goes as expected, your TrueNAS box will now show up in your ZeroTier Central interface. Accept it and (optionally) manually assign an IP address.
Use ifconfig to validate that the interfaces are up, and type sudo /usr/local/bin/zerotier-cli listnetworks to ensure that any networks show “OK”. Next, test connectivity by pinging your TrueNAS machine from another ZeroTier client and vice-versa. If everything went OK you should have no trouble accessing your file server from anywhere!
Make ZeroTier Persistent on TrueNAS 12
But there’s still one big issue with TrueNAS: It wipes all this configuration after every reboot! So you’ll have to re-start the ZeroTier daemon and re-join all your networks each time you reboot. That’s a bummer.
If you want to make ZeroTier (or any other service on TrueNAS) persistent across reboots you have to do some black magic to override this behavior.
The TrueNAS developers really don’t want people mucking about with FreeBSD, and for good reason. Making changes to the OS is a great way to ruin a perfectly good system install! But it is possible to modify the configuration in a way that persists, and that’s what we’re going to do. Proceed with caution!
ZeroTier uses a few components in different places, some of which won’t be touched by a TrueNAS reboot. The binaries in /usr/local/sbin and /usr/local/bin are safe, but the configuration files in /var/db/zerotier-one and the daemon setup won’t survive a reboot.
We need to add a ZeroTier script to /etc/local/rc.d and add an enable to /etc/rc.local so the daemon will start on boot. Thankfully, ChanceM has put in the work for pfSense (which is also FreeBSD based) and we can use his zerotier rc script!
# Go to https://github.com/ChanceM/pfSense-pkg-zerotier/blob/master/zerotier and copy the text of that file sudo vi /etc/local/rc.d/zerotier # Paste in the text and save with :wq # Make it executable sudo chmod 555 /etc/local/rc.d/zerotier # Test your new ZeroTier service sudo service zerotier stop sudo service zerotier start
Now we’ll set FreeBSD to start the ZeroTier daemon automatically on reboot.
sudo vi /etc/rc.conf # add the following line right before nginx_enable: zerotier_enable="Yes"
Before you proceed, check that your ZeroTier configuration is 100% working!
TrueNAS stores the persistent configuration in /conf/base and uses this to wipe the /etc, /mnt, and /var directories on boot. You can modify /conf/base and make changes to the config using the following commands.
# Before proceeding, get ZeroTier installed and join any and all networks you want to persist! # back up the ZeroTier components that need to persist cd / ; sudo tar -cvf ~/zerotier.tar etc/rc.conf etc/local/rc.d/zerotier var/db/zerotier-one # make the root filesystem writable sudo mount -uw / # restore our configuration to the persistent area cd /conf/base sudo tar -xvpf ~/zerotier.tar
That’s it! ZeroTier should persist across a reboot!
It’s also likely that upgrading to a new version of TrueNAS will wipe out some or all of this configuration, but the zerotier.tar file we created above should be a good backup. But be careful because restoring it will blow away the contents of rc.conf and that could be bad!
Time Machine from Anywhere with ZeroTier and TrueNAS
My next step is to enable Time Machine backups from my various Mac machines to my TrueNAS box. I created a second ZeroTier network for this so I can have better control over the process: Time Machine starts automatically when you are “on network” with the target server but this isn’t always desirable when you’re connected via LTE or other expensive or slow networks. Since it’s simple to have multiple ZeroTier networks configured and running at once, I can connect to or disconnect from my Time Machine network to allow backups to happen.
Once the Time Machine network is set up, I connect to the fileserver using the ZeroTier Time Machine network IP address and configure Time Machine on my Mac to use this as a target. After this, all I have to do is connect to the Time Machine network in ZeroTier and my Mac will see the file server and begin backing up on a regular basis!
I actually haven’t gotten this working yet because I’m having issues backing up to TrueNAS shares. But I was able to get it working from one Mac to another, so it ought to work fine. The issue is TrueNAS not ZeroTier.
Don’t do this. Seriously, if you’re wondering if you should enable ZeroTier natively on TrueNAS but aren’t sure about all this, just stop now. I’ve been a UNIX sysadmin for over 25 years, and I’m extremely comfortable mucking about with systems, but most people probably aren’t. Also I don’t really have time to debug your particular configuration, so please don’t expect this of me.
If you’re a UNIX nerd like me, though, this is an effective way to install ZeroTier natively on TrueNAS. It’s not perfect (the ZeroTier interfaces don’t show up in TrueNAS Network Summary, for example) but it’s definitely usable! And maybe all this will help others wondering how to install software and persist across reboots on TrueNAS.
Gianpaolo Racca says
thanks for your post, since I can’t get zerotier to work inside a Jail (unlike openvpn).
I just would want to ask ou why not to use the rc script that comes with the package and is located in
Appreciate the post, would add that I don’t think you need to do the step of ‘disable local packages and enable freebsd packages’ and instead can run a script that does a direct wget/install of zerotier from freebsd ports – here’s a fork I’ve been working on: https://gist.github.com/seltzered/ec9c115ba056234326e6f4ab281531a4/