ZeroTierOne icon indicating copy to clipboard operation
ZeroTierOne copied to clipboard
verified publisher icon zerotier

Feasibility of running ZeroTier in a fully offline LAN?

Open sgpublic opened this issue 2 months ago • 2 comments

Hi! I’m trying to use ZeroTier in a completely offline LAN, but I’ve run into some issues.

I tried:

  • Using a moon (generating a moon file pointing to node A)
  • Using a planet (generated from node/World.hpp, pointing to node A)

On node A, I run the controller, create a network, and join it. The controller shows node A and I can authorize it successfully. However, when I run zerotier-cli info on node A, the status is always:

200 info xxx 1.14.1 OFFLINE

When I configure node B to join the same network, it also fails to connect to the planet (node A), and I don’t see its join request in the controller.

I’ve read #610, and it seems ZeroTier should already support this kind of setup, but I haven’t been able to get it working. Does ZeroTier require Internet connectivity to establish links, or am I missing something? Any experience or hints would be greatly appreciated!

sgpublic avatar Oct 03 '25 13:10 sgpublic

Did you place the planet file in the ZT home directory? Is your root at a static endpoint that isn't behind a firewall/NAT?

joseph-henry avatar Oct 06 '25 22:10 joseph-henry

Did you place the planet file in the ZT home directory?

Yes. When I run zerotier-cli listpeers on all nodes, I get the same output with only one pointer to node A as the planet.

Is your root at a static endpoint that isn't behind a firewall/NAT?

All my nodes are in the 10.16.0.0/17 network segment, and the IP addresses they receive can directly access each other. All my nodes are OpenWrt, and I have added firewall communication rules on the WebUI:

uci set firewall.@rule[-1].src='*'
uci set firewall.@rule[-1].name='zerotier'
uci add_list firewall.@rule[-1].proto='udp'
uci set firewall.@rule[-1].dest_port='9993'
uci set firewall.@rule[-1].target='ACCEPT'

Please let me add some details:

I’m a university student, and my devices are distributed across classrooms, labs, and dorms. To connect them, I use three OpenWrt devices running ZeroTier with the luci-app-zerotier web interface.

My network bandwidth is limited to 100 Mbps, and only node A is allowed Internet access, capped at 50 Mbps. To make better use of this, I plan to use ZeroTier’s multipath and exit node features.

On nodes A/B/C, I created multiple macvlan interfaces, giving them 5/3/3 IP addresses respectively. Node A uses mwan3 to route Internet traffic through two IPs, and I want ZeroTier to use the remaining three IPs to connect with the other two nodes.

If everything works as expected, inter-device communication could reach up to 300 Mbps, and Internet access could reach up to 100 Mbps.

Unfortunately, nodes B and C fail to join the network created on node A.

sgpublic avatar Oct 07 '25 00:10 sgpublic