Skip to main content

Synology NAS

DSM 7 Update

Synology's DSM 7 doesn't allow third-party applications to run as root. Therefore, we now recommend using Docker to run ZeroTier. While this is somewhat inconvenient at first it is undeniably a safer way to run third-party applications on your NAS. Once set up this configuration will be persistent across reboots and DSM upgrades.

The GUI for the Synology Docker package is unreliable at best so it is suggested that all operations performed on your container be done through the Docker CLI. If you choose to use the GUI you do so at your own peril.

If your NAS does not support Docker you can still use the older packages for DSM 6 or follow our bridging tutorial.

There are four steps that need to be performed only once:

Create a persistent TUN#

SSH into your NAS

ssh user@local-ip

The following setup steps must be run as root

sudo -i

Write script to /usr/local/etc/rc.d/tun.sh that will setup /dev/net/tun on startup

echo -e '#!/bin/sh -e \ninsmod /lib/modules/tun.ko' > /usr/local/etc/rc.d/tun.sh

Set executable permissions on script

chmod a+x /usr/local/etc/rc.d/tun.sh

Run script once to create a TUN

/usr/local/etc/rc.d/tun.sh

Check for the TUN

ls /dev/net/tun
/dev/net/tun

If you experience trouble getting the TUN to work check out Rui Marinho's guide

Install docker on your NAS#

Package Center -> Search "Docker" -> Install

Set up container#

Make directory to store ZeroTier's identity and config

mkdir /var/lib/zerotier-one
caution

In the next step we bind mount to the host's /var/lib/zerotier-one created above in order to store ZeroTier's identity. This is not guaranteed to survive DSM updates. I would suggest placing this on an automatically-mounted volume where your other private user data resides. The location you choose to store your identities should be kept secure and never placed on a shared volume that others can access.

Make Docker container called zt (Repo: zerotier/zerotier-synology)

docker run -d \
--name zt \
--restart=always \
--device=/dev/net/tun \
--net=host \
--cap-add=NET_ADMIN \
--cap-add=SYS_ADMIN \
-v /var/lib/zerotier-one:/var/lib/zerotier-one zerotier/zerotier-synology:latest

Usage#

Previous versions of our package contained a GUI, however this is no longer the case and it is for the better. The CLI can be used as follows:

View node status

docker exec -it zt zerotier-cli status

Join your network

docker exec -it zt zerotier-cli join e5cd7a9e1cae134f

Authorize the NAS on your network. Then view the network status:

docker exec -it zt zerotier-cli listnetworks

Show running container (optional)

docker ps

Enter the container (optional)

docker exec -it zt bash