Skip to main content

Create a Network

A ZeroTier network is essentially a secure Local Area Network (LAN) that you can use anywhere in the world. Let's make one and connect two devices over ZeroTier.

We'll use ping to test the connection. Any two devices that can run ZeroTier will do: laptop, phone, virtual machine, etc…

Both devices can be at the same location, on the same physical network. If you move one to a cafe or to your office, it should still just work.

The rough outline is:

  • Create a ZeroTier network
  • Join the network from two devices
  • ping one device from the other over the ZeroTier network

This should take about 5 minutes.

Results Preview
Here is a summary of the results of this tutorial, if you're a networking person.

If this doesn't mean anything to you, that's OK. We'll get there.

Each zerotier network you join creates a network interface on your device. It's like adding another Ethernet port to your computer.

node1# ip -o a
1: lo inet scope host lo\ valid_lft forever preferred_lft forever
2: eth0 inet brd scope global dynamic noprefixroute eth0\ valid_lft 3277sec preferred_lft 2827sec
9: zt3jn2z57r inet brd scope global zt3jn2z57r\ valid_lft forever preferred_lft forever
node2# ip -o a
1: lo inet scope host lo\ valid_lft forever preferred_lft forever
2: eth0 inet brd scope global dynamic noprefixroute eth0\ valid_lft 3277sec preferred_lft 2827sec
9: zt3jn2z57r inet brd scope global zt3jn2z57r\ valid_lft forever preferred_lft forever
node1# ping -c 3
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=5.66 ms
64 bytes from icmp_seq=2 ttl=64 time=6.62 ms
64 bytes from icmp_seq=3 ttl=64 time=8.50 ms

--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms

Create your first ZeroTier network

Create an account


It's free, no credit card is required.

Create a network

  • Make sure you're on the "Networks" tab of image
  • Click the Create A Network button.

This creates a virtual network with a random ID and a random name. We got "fervent_smathers" and d5e04297a16fa690 here. image

  • Click anywhere on the network to go to the details page for this network.

See the Network Settings panel: image

We don't need to change any settings, but we can change the name of the network to personalize it.

  • Change "fervent_smathers" to "my cool network" or whatever you like.

  • Collapse the Settings panel. Click on the word "Settings" at the top of the panel.

You don't need to change any other settings.

  • See the Network Members panel:


It should say "No devices have joined this network".

  • Leave this browser tab open. We'll look at it again later.

Setup the ZeroTier app

Download and install ZeroTier

For mobile devices, use the app store.

The ZeroTier client should now running on your device.

Join your first ZeroTier network

We need to tell the client to "join" the virtual network we just created.

  • Copy the Network ID of the network from This is the long number that looks like like: d5e04297a16fa690

  • Paste the Network ID into the "join" command on your device

On macOS and Windows, there is a menubar/tray app. Select "join" from the menu.

image image


Every running instance of ZeroTier has a unique address. It's the 10 digit "Address" in the app, or zerotier-cli info command.

ZeroTier addresses are a very secure method of unique identification.

Authorize your device on your network

At this point, your client should say "Access Denied." A device can't talk on your network unless you allow it, even if someone discovers the network's ID.

image image

Authorize your device

  • Go to the Members panel that we left open on
  • Your node that just "joined" should appear here.
  • The "Address" should match the address in your client.
  • Click the "Auth?" check box for it.
  • Give it a name. Type something like "laptop" or "bob" into the (short name) input.


Confirm authorization

Back on your computer, your client should now say "OK" instead of "ACCESS DENIED" and it should show your custom "my cool network" name.

image image

Now you have 1 member on your network. A network with 1 member can't do much.

Repeat with another device

We need to have 2 devices connected to the same ZeroTier network.

  • Repeat the join and authorize steps with your second device.

Test connectivity

Now you have two authorized nodes on your network. They should be able to talk over ZeroTier.

Your Network Members section should look something like this:


The "Managed IPs" will be different on your network.

We're going to test with ping. It's the only program that we can think of that exists by default on every operating system.

This is a command line program, but don't worry: You can do it.

Gotcha: Windows blocks ping

Windows by default doesn't respond to pings. If you try to ping a Windows computer from a different computer, it won't work. You can enable ping.

ZeroTier automatically enables ping on your ZeroTier network adapter now. You can probably skip this step!

How to enable ping on Windows
  • Search for Windows Firewall in the Start Menu, and click to open it.
  • Click Advanced Settings on the left.
  • From the left pane of the resulting window, click Inbound Rules.
  • In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In).
  • Right-click each rule and choose Enable Rule.

Here is a tutorial by Microsoft

Open the command line

  • Open the command line on your computer
  • Use Spotlight (cmd-space) to search for Terminal

Apple's Instructions

Find the ZeroTier IP Addresses of your devices


Try the ping command

Back in the Command Line / Terminal that you just opened:

  • type ping -c 5 $ZEROTIER_IP_ADDRESS <enter> into your command line.

A successful ping:

% ping -c 5
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=22.362 ms
64 bytes from icmp_seq=1 ttl=64 time=10.157 ms
64 bytes from icmp_seq=2 ttl=64 time=9.414 ms
64 bytes from icmp_seq=3 ttl=64 time=9.019 ms
64 bytes from icmp_seq=4 ttl=64 time=9.180 ms

--- ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.019/12.026/22.362/5.182 ms

Try it with both ZeroTier Managed addresses on your network.

One of them is the same device you're on, so you're pinging yourself. Pinging the other device might be a little more interesting.


If something goes wrong you might see something like:

% ping -c 5
PING ( 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3

--- ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss


ping -c 5
PING ( 56 data bytes
92 bytes from Destination Port Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 56e7 0 0000 3f 01 d4ad

There may just be a typo in the IP address. Double check that your device is authorized at

Contact us on the discussion forum and see the troubleshooting section if you get stuck.


ping doesn't accomplish anything, but it does tell us ZeroTier is working. It's useful to know about for troubleshooting networks, not just ZeroTier networks.

Visit the discussion forum to talk about your use-cases or if you get stuck.

Now, use ZeroTier to do something you want to do

  • Windows Remote Desktop
  • ssh (try mosh)
  • Private Gaming LAN
  • Access the web interfaces of your home lab
  • Build your own VPN
  • Route to a remote subnet
  • Route to a Docker network
  • Add dns to your network

Join multiple networks

A node can join many networks at once. Make sure they don't use the same subnet!

You can have a home network, a friends network, and a work network, for example.

They don't all need to be networks that you've created. You can join other people's networks.

Check out the Whitepaper

For more info on the cryptography and protocol, see the: Design Whitepaper