ZeroTier Configuration File
ZeroTier One is a service that can run on laptops, desktops, servers, virtual machines, and containers to provide virtual network connectivity through a virtual network port much like a VPN client. It can also act as a network controller and as a federated root server.
Binary packages are available on the ZeroTier site and source code is found on GitHub.
After the service is installed and started, networks can be joined using their 16-digit network IDs. Each network appears as a virtual “tap” network port on your system that behaves just like an ordinary Ethernet port.
The ZeroTier One service keeps its configuration and state information in its working directory. It’s found by default at the following locations:
- Windows:
C:\ProgramData\ZeroTier\One
- Macintosh:
/Library/Application Support/ZeroTier/One
- Linux:
/var/lib/zerotier-one
- FreeBSD/OpenBSD:
/var/db/zerotier-one
#
Local Configuration OptionsA file called local.conf
in the ZeroTier home folder contains
configuration options that apply to the local node. It can be used to
set up trusted paths, blacklist physical paths, set up physical path
hints for certain nodes, and define trusted upstream devices (federated
roots). In a large deployment it can be deployed using a tool like
Puppet, Chef, SaltStack, etc. to set a uniform configuration across
systems. It’s a JSON format file that can also be edited and rewritten
by ZeroTier One itself, so ensure that proper JSON formatting is used.
Settings available in local.conf
(this is not valid JSON, and JSON
does not allow comments):
- trustedPathId: A trusted path is a physical network over which encryption and authentication are not required. This provides a performance boost but sacrifices all ZeroTier’s security features when communicating over this path. Only use this feature if you know what you are doing and really need the performance! To set up a trusted path, all devices on the same trusted physical network must have the same trusted path ID. Trusted path IDs are arbitrary unsigned 64-bit integers. These are not secrets. The security of a trusted path depends on its physical configuration. Take special care that any firewalls at its boundaries do not allow traffic in our out with IPs overlapping the trusted network range.
An example local.conf
: