Synology ZeroTier Setup

Create a persistent TUN

SSH into your NAS

ssh user@local-ip

The following setup steps must be run as root

sudo -i

Write script to /usr/local/etc/rc.d/ that will setup /dev/net/tun on startup

echo -e '#!/bin/sh -e \ninsmod /lib/modules/tun.ko' > /usr/local/etc/rc.d/

Set executable permissions on script

chmod a+x /usr/local/etc/rc.d/

Run script once to create a TUN


Check for the TUN

ls /dev/net/tun

If you experience trouble getting the TUN to work check out Rui Marinho’s guide

Install docker on your NAS

Package Center -> Search “Docker” -> Install

Set up container

Make directory to store ZeroTier’s identity and config

mkdir /var/lib/zerotier-one
In the next step we bind mount to the host's /var/lib/zerotier-one created above in order to store ZeroTier's identity. This is not guaranteed to survive DSM updates. I would suggest placing this on an automatically-mounted volume where your other private user data resides. The location you choose to store your identities should be kept secure and never placed on a shared volume that others can access. 

Make Docker container called zt (Repo: zerotier/zerotier-synology)

docker run -d          \
 --name zt             \
 --restart=always      \
 --device=/dev/net/tun \
 --net=host            \
 --cap-add=NET_ADMIN   \
 --cap-add=SYS_ADMIN   \
 -v /var/lib/zerotier-one:/var/lib/zerotier-one zerotier/zerotier-synology:latest


Previous versions of our package contained a GUI, however this is no longer the case and it is for the better. The CLI can be used as follows:

View node status

docker exec -it zt zerotier-cli status

Join your network

docker exec -it zt zerotier-cli join <network id>

Authorize the NAS on your network. Then view the network status:

docker exec -it zt zerotier-cli listnetworks

Show running container (optional)

docker ps

Enter the container (optional)

docker exec -it zt bash

Upgrading ZeroTier

To upgrade ZeroTier you’ll need to stop and remove the container, then pull latest and start a new container:

docker ps

Example output:

CONTAINER ID   IMAGE                               COMMAND          CREATED          STATUS   PORTS NAMES
52c7cb58a1dd   zerotier/zerotier-synology:latest   "zerotier-one"   5 weeks ago Up   9 days   zt

Stop the container

docker stop 52c7cb58a1dd

Remove the container

docker container rm 52c7cb58a1dd

Pull latest updates

docker pull zerotier/zerotier-synology:latest

Now, re-run the commands from the Set up container section.

Stolen word-for-word, command-for-command from Synology NAS


  1. Michael on 2022-08-06 at 7:33 am

    Hi Karl,

    This is a really good write up on Synology ZeroTier Setup. I followed these steps verbatim and little disappointed I couldn’t get it working. I was able to successfully join my network on ZeroTier several times and remains connected but the issue is with communicating or being able to Ping another client on the same ZeroTier network. I tried updating DSM from 6.2.4 to 7.0, and enabling firewall on Synology to ‘allow all’ on interfaces but to no avail. Do you have any additional troubleshooting recommendations? The system information on my Synology is DS720+ with DSM 7.0, and Docker 20.10.3-1239. Thank you for your support!



    • Karl on 2022-08-18 at 11:39 am

      Holy cow, man, I’m soo sorry I haven’t responded. My business phone was logged out and apparently comment notifications aren’t coming through. I’ll have to fix that.

      My first question is about the IP address that you’re using. Make sure you’re not trying to ping using the ‘standard’ IP address of the device, but the ZeroTier one. If both clients are showing up as connected and with IP addresses in the ZeroTier web interface, they should be able to talk to each other.

      Hopefully that’s helpful? Let me know.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.