Synology ZeroTier Setup
Create a persistent TUN
SSH into your NAS
ssh user@local-ip
The following setup steps must be run as root
sudo -i
Write script to /usr/local/etc/rc.d/tun.sh that will setup /dev/net/tun on startup
echo -e '#!/bin/sh -e \ninsmod /lib/modules/tun.ko' > /usr/local/etc/rc.d/tun.sh
Set executable permissions on script
chmod a+x /usr/local/etc/rc.d/tun.sh
Run script once to create a TUN
/usr/local/etc/rc.d/tun.sh
Check for the TUN
ls /dev/net/tun /dev/net/tun
If you experience trouble getting the TUN to work check out Rui Marinho’s guide
Install docker on your NAS
Package Center -> Search “Docker” -> Install
Set up container
Make directory to store ZeroTier’s identity and config
mkdir /var/lib/zerotier-one
CAUTION In the next step we bind mount to the host's /var/lib/zerotier-one created above in order to store ZeroTier's identity. This is not guaranteed to survive DSM updates. I would suggest placing this on an automatically-mounted volume where your other private user data resides. The location you choose to store your identities should be kept secure and never placed on a shared volume that others can access.
Make Docker container called zt (Repo: zerotier/zerotier-synology)
docker run -d \ --name zt \ --restart=always \ --device=/dev/net/tun \ --net=host \ --cap-add=NET_ADMIN \ --cap-add=SYS_ADMIN \ -v /var/lib/zerotier-one:/var/lib/zerotier-one zerotier/zerotier-synology:latest
Usage
Previous versions of our package contained a GUI, however this is no longer the case and it is for the better. The CLI can be used as follows:
View node status
docker exec -it zt zerotier-cli status
Join your network
docker exec -it zt zerotier-cli join <network id>
Authorize the NAS on your network. Then view the network status:
docker exec -it zt zerotier-cli listnetworks
Show running container (optional)
docker ps
Enter the container (optional)
docker exec -it zt bash
Upgrading ZeroTier
To upgrade ZeroTier you’ll need to stop and remove the container, then pull latest and start a new container:
docker ps
Example output:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 52c7cb58a1dd zerotier/zerotier-synology:latest "zerotier-one" 5 weeks ago Up 9 days zt
Stop the container
docker stop 52c7cb58a1dd
Remove the container
docker container rm 52c7cb58a1dd
Pull latest updates
docker pull zerotier/zerotier-synology:latest
Now, re-run the commands from the Set up container section.
Stolen word-for-word, command-for-command from Synology NAS
Hi Karl,
This is a really good write up on Synology ZeroTier Setup. I followed these steps verbatim and little disappointed I couldn’t get it working. I was able to successfully join my network on ZeroTier several times and remains connected but the issue is with communicating or being able to Ping another client on the same ZeroTier network. I tried updating DSM from 6.2.4 to 7.0, and enabling firewall on Synology to ‘allow all’ on interfaces but to no avail. Do you have any additional troubleshooting recommendations? The system information on my Synology is DS720+ with DSM 7.0, and Docker 20.10.3-1239. Thank you for your support!
Best,
~Michael
Michael,
Holy cow, man, I’m soo sorry I haven’t responded. My business phone was logged out and apparently comment notifications aren’t coming through. I’ll have to fix that.
My first question is about the IP address that you’re using. Make sure you’re not trying to ping using the ‘standard’ IP address of the device, but the ZeroTier one. If both clients are showing up as connected and with IP addresses in the ZeroTier web interface, they should be able to talk to each other.
Hopefully that’s helpful? Let me know.
Karl