Universal CLI tool for all

[lflare]

Hello,

I was wondering, is there any development under way for a CLI tool that interfaces with the entire JSON API including the network controller? I was thinking of developing one myself for Python...

EDIT: I've tried making my own tool, though I doubt it's 100% good...

[soakes]

Hi There,

I am also looking for the same which was ideally pre-made already and the only ones I can find are in dead links from a post from https://mangolassi.it/topic/5851/zerotier-review/21 by a guy called "dafyre" on "1 Sep 2015, 13:34"

Does anyone have a copy of these files? or some python, bash, php CLI management tools? that I would take a peek at?

TIA.

[lflare]

@soakes, the network JSON API itself is fairly simple and I've replicated most of it in my Python script but I was wondering if there were any official implementation...

EDIT: I've tried making my own tool, does it suit your needs?

[soakes]

@LFlare thank you so much for providing the python script, it likely will do my needs, so a big thank you again. Just about to download it and take a peak.

p.s. sorry for the delay, some reason I didn't receive the notification.

Update

Just taken a look at the script and yes I do believe this has everything in here I need i.e. create networks, authorized users and so forth. Over next few days, I will create a dev network just to test this all out and will get back to you if I find any issues or questions. Will likely be at the weekend or sometime next week depending on schedule.

[dafyre]

Nice script @LFlare!

[lflare]

@soakes Apart from network rules, I do believe I covered everything. Please let me know if you need help using it, as the guide hasn't been written.

@dafyre What writeup?

[dafyre]

Sorry, comment fixed.

[soakes]

@LFlare will do, but should be simple enough as the python modules are listed at the top of the file, but will yell if I get absolutely stuck, thank you.

[lflare]

@soakes It's mostly the argument and command implementation that I'm worried about.

[soakes]

@LFlare yeah there is no help parameters but I do understand a little python so I should be able to muddle though.

All I really need to do is:

• create new network
• assign manual IP range to be used
• add one managed route for that CIDR range as the rest are fead via OSPF.
• auth new networks

I don't know how the relay part works so I need to read up on that so theres likely some bits ive missed. This is just basically going by the my.zerotier.com site.

[lflare]

@soakes There is a default -h option that will display some help information. In any case, for your case,

• ./zerotier-nc.py --net-add -n {optional 6-char suffix}
• ./zerotier-nc.py --net-ipadd {cidr} -n {network id}
• "add one managed route for that CIDR range as the rest are fead via OSPF." < what?
• ./zerotier-nc.py --member-list -n {network id}
• ./zerotier-nc.py --member-auth -n {network id} -z {member id}

There are also useful functions I added like aliasing networks and members into the form of networkalias:memberalias.

• ./zerotier-nc.py --alias lan -n {network id}
• ./zerotier-nc.py --alias macbook -z {member id} lan
• ./zerotier-nc.py --member-info lan:macbook

Just a little something I made because having to remember IDs is a pain.

[soakes]

Thats perfect, thank you.

I must of missed it in the code, but do admit I only briefly flicked though it as I am not quite ready to test it all yet as the controller hasn't been built yet plus i'm semi busy with other work stuff right now. I was planning to go though it fully when the controller was/is built.

Right now I am just finishing of the rest of my Moons and then will start work on developing the new network (controller etc) which is when I need your awesome script.

Oh ref OSPF, what i've done is, theres a /24 assigned to the ZT network itself which is randomly assigned to the clients as they connect (these are only servers/networks and not desktops). That creates the zt interface, I then tie bird (OSPF) to that interface as well as the other interfaces where I have traffic coming from (have many different connections to multiple data centres). Bird then routes the traffic where it needs to go i.e. either via ZT or via some other network/interface.

Their are also quite a few routes in total so I didn't really want to manually add them all into managed routes which should do its job. I already use OSPF to fead the rest of the network. This also means I can easily drop certain routes from certain networks easier then with ZT right now using OSPF filter list as I am still confused with ZT networking rules which should be able to get the same result.

I may in the end ditch OSPF but right now it seems to be the better option but having my own controller, it would mean a lot of it can be scripted so less manual work. Right now OSPF via BIRD is the best solution i've come up with so far.

Once the new DEV network is built, I can try doing it all though ZT but right now I need to keep things working while I do testing etc.

[lflare]

@soakes The controller is inbuilt is it not? Are you making a new controller or something?

[soakes]

@LFlare I think your right, recently its been moved so its installed by default now. I know the docs I was reading was telling you to recompile it with a certain flag, this I believe is no longer needed.

In either case, I need to create a dev network which isn't on the production one for testing to make sure own controller works as it should (thats more to do with configuring it though).

[lflare]

@soakes Yeah, ZeroTier is seriously cool but it also appears that there's only 1-2 guys behind the actual project so documentations and manuals are all slightly outdated. A slight tip though, never attempt to kill -9 or SIGKILL the binary when it's running as a controller as well, seems like there's a bug that causes the entire installation to die. Do a termination by default kill or SIGTERM.

[soakes]

@LFlare Thanks very much for that TIP.

REF seriously cool, it sure is. Ive tried many VPN products and I tend to use IPSEC+GRE everywhere as it offers the best performance with the exception that some machines that its not possible due to IPSEC requires the kernel module.

Ive done a fair few speed tests between different data centres and was shocked at the speed of ZT. I was getting an easy 800Mbits+ and only two cores out of four on this VM I was testing with. Very shocking for non-kernel module implementation and if they did kernel option as well, it would easily beat IPSEC hands down.

This has now got to the point that i'm in the middle of replacing the GRE+IPSEC solutions and replacing with ZT. Even for peoples homes, I found an RPI3 will easily max most peoples home connections out. Test I done here, I could max my home line which is 76Mbits down and 18Mbits up easily and only about 150% or so (1.5-2 cores approx) was being used when downloading. Thats just shocking!

Highly recommend anyone who needs to connect ZT to their network and don't have a router that can run it natively to grab a RPI3, set it up like you would and make sure you give it a static address. After thats done, pop onto your real internet router and create a static route for the block(s) you need pointing to the ZT/RPI machine and then your whole network will be able to use ZT without any changes due to your router would be your default gateway.

[soakes]

@LFlare Just a quick question while I think about it as i'm in the middle of planning the new network. I have about 50-60 networks (theres more devices behind these, so that number is far from the actual total devices) but this is all thats directly connected if you will.

Now I am trying to plan what would be the best way to go ahead with creating controllers, roots etc. So my question to you is, how many controllers and moons do you suggest? I understand that the roots (moons) need to be on separate boxes, but should they be on the same ISP as the controllers or fairly near on another ISP?

I have mostly three major DC locations, UK, DE, SK and misc VPS dotted around the world via different ISPs but they are mostly in/around Europe. So with this in mind, how many controllers, moons and whatever else you think else that I need? what would you suggest?

Or is it just one controller + many moons? bit lost :)

[lflare]

@soakes If you read the manual, it recommends that the moons have fairly good network connections, which might also mean that the closer the better, as they function as secondary root servers and initial latency in looking up network members might play a role.

Conversely, controllers by themselves don't take part in the whole network themselves, they are just middlemans responsible for keeping records of members, so you won't have to worry about the number of controllers online or geographical location.

So, to sum it up, you will need a minimum of 2 moons (or 1 if you are feeling frisky) and a minimum of 1 controller. Honestly, there's no need to make multiple moons or controllers as the implementation of the protocol itself is performance-streamlined.

Fun Fact: ZeroTier Central by itself uses 7 network controllers but that's a given if you take into account the number of networks they have to handle.

Extra Fun Fact: ZeroTier root servers number 12 in total as of 2015, may be more now but I doubt it.

TLDR: Unless you plan to make OneTier or another mock-up, you shouldn't need more than 1/2 moons and 1 controller. The great thing about a P2P VPN is that the servers don't really take part.

[soakes]

@LFlare Thats brilliant thank you for explaining that. I did read the bit about latency/location which is why I was asking but nothing really said about ratios etc.

This makes it much easier to implement, thank you.

Moons are covered and already made, now just the controller configuration/machine.

[lflare]

@soakes Also, join the #zerotier channel on Freenode for live support and chat =3

[soakes]

Awesome will do. Busy day at work so no chance today/