CoreELEC and ZeroTier: A good couple

@PLAY911: Installing zerotier on devices other than CoreELEC is beyond the scope of this topic, but I’ve seen specific guides for Asus routers, look them up.

@loznic89: The use of entware repositories for the installation of zerotier and others, allows keeping the service updated with the opkg upgrade command, they are also trusted repositories.

1 Like

ok, deleting py sorry

First off, thanks for the excellent guide.

I am having a slight problem understanding the concept in this post of yours, however.

My home local network is 192.168.1.XXX and my office local network is also 192.168.1.XXX

I have created a ZeroTier network that is assigning IPs.

I have 1 CE box at home and that has been auto assigned lets say, and for the office one. The LAN IPs for both are and 1.3 respectively too, let us assume.

From my laptop, which is also on the same ZeroTier network, when I use from any network (even remote) i can access the box at home and 20.3 for the box at office but I cant use or 3 unless in the respective LAN to access them.

Is this correct behaviour? Your post seems to suggest otherwise. That the LAN IPs themselves suffice to access devices without remembering the ZT IPs. Please correct if my understanding is wrong. Thanks.

ZeroTier offers many alternatives, in your case where private networks have the same range of addresses, the best alternative is to address the devices using the IPs of the ZeroTier network The behavior you suggest is correct.

I recommend that you leave the ZeroTier network only with: -----> (LAN)
and don’t do any additional routing.

In this way, when you address a device with, it will only search the private network to which it is connected, and will not be able to look at the ZeroTier network.

It’s easy, just spend a little time thinking about the routing logic on each of the private networks and the ZeroTier network. A device connected to the ZeroTier network can see two networks, and if routing rules are not established the two networks are absolutely separate without a gateway between them.

I hope I have clarified some of your doubts.

1 Like

Strange but script does not work when run manually with ‘status’ and ‘start’ option:

/opt/etc/init.d/ stop

/opt/etc/init.d/ status
ZeroTier-One is already running.

although zerotier process killed:
ps ax | grep zero
6792 root 0:00 grep zero

And when I tried to start zerotier
/opt/etc/init.d/ start
ZeroTier-One is already running.

although actually zerotier process does not exists.

I don’t know what you’re saying, it works well for me

x96air:~/.opt/etc/init.d # ./S90zerotier-one
Usage: /etc/init.d/zerotier-one {start|stop|status}

x96air:~/.opt/etc/init.d # ./S90zerotier-one status
ZeroTier-One is NOT running

x96air:~/.opt/etc/init.d # ./S90zerotier-one start
Starting ZeroTier-One

x96air:~/.opt/etc/init.d # ./S90zerotier-one status
ZeroTier-One is running.

x96air:~/.opt/etc/init.d # ./S90zerotier-one stop
Stopping ZeroTier-One

x96air:~/.opt/etc/init.d # ./S90zerotier-one status
ZeroTier-One is NOT running

x96air:~/.opt/etc/init.d # ./S90zerotier-one start
Starting ZeroTier-One

x96air:~/.opt/etc/init.d # ./S90zerotier-one status
ZeroTier-One is running.

thank you for this info. Can you show output of command

ps ax | grep zero

when ./S90zerotier-one status and ./S90zerotier-one start?

thanks I found an error - I actually run not a script but symbolic link on it:

ls -l zerotier-one
lrwxrwxrwx 1 root root 34 Dec 24 17:53 zerotier-one -> /opt/etc/init.d/

Reflections about ZeroTier

In the last two years I have used the ZeroTier VPN network quite successfully but I have to admit that the smooth transmission of video stream is not guaranteed, even at 5 Mb/s, for this reason I continue to use ZeroTier as an alternative VPN network in case of WireGuard main VPN network failure that has no bandwidth limitations.

When managing unattended remote devices, there is always the possibility of failure of one of the VPN networks or devices, almost always in the software update processes. For this reason I am only using ZeroTier, much more robust than WG, to restore with SSH, SFTP or VNC the device that lost the WireGuard link.

People interested in VPN can take a look at tinc. Tinc creates a private net like ZeroTier but without a root server. It is a peer to peer network without the need of an external server which is not your own server.

ZeroTier has great advantages over other VPN networks: (1) it is very easy to configure, (2) it works behind a router, and (3) it is very robust with respect to updates, it never goes down. ZeroTier also has a major drawback: it requires connection to ZeroTier hosts as gateways to your virtual private network. When ZeroTier hosts have little work, everything is fine and there are no problems with the transmission of video streams, but when ZeroTier hosts are few or have a lot of workload, they are unable to maintain a minimum speed in a sustained way. The only thing the user can do is wait for ZeroTier to bring a sufficient number of hosts into service.

Regarding tinc, my opinion is worse than any other VPN network because I think that it needs the opening of ports in the router, in each and every one of the nodes, which is sometimes impossible.

Thanks to you I am using Zerotier in my box since quite some time but I have not faced any issue with network speed.

Where in zerotier do I have to allow CoreElec access?

I do not understand your question. The website allows you to create a virtual private VPN network in which you assign the permissions to each of the devices that want to enter this network. To enter this network from CoreELEC it is necessary to install the ‘zerotier-one’ service and execute the command ‘zerotier-cli join <your-vpn-network-id>’ once.

In the latest versions of zerotier I have seen that it is also necessary to execute the command

iptables -t nat -I POSTROUTING -o lo -j ACCEPT

before running the 'join’ command.

Hi there. I have created a network in zerotier and in zerotier central I have all the devices that I have added online. But when it comes to accessing them, I can’t do it. I cannot access the devices using the virtual IP created by zerotier. What do you have to do to access them?

If you see your devices online in your zerotier private network and you have defined the network domain correctly (for example then you do not have to do anything. Install a service on one of your devices (for example tvheadend server on port 9981 of device and and enjoy this service on another device (for example even if this device is very far away.

If you do not establish fordwarding rules each network interface is inaccessible from another remote address, for example does not know how to get to, but it does know how to get to

that’s exactly what I want to do. See the satellite channels of my deco, on the pc or on the mobile. I have tvheadend configured and running. zerotier has assigned a virtual ip number to my deco and another ip to my smartphone. I have tried to configure dreamdroid putting the virtual ip of the deco but it gives me a connection error.

Sorry, I don’t understand, what IP does dreamdroid have? Does it belong to the zerotier domain? Do you think that dreamdroid has all the information to establish a connection path to deco? .

I have installed dreamdroid on my mobile and it asks me for an IP address to connect and I supposed that I had to put the virtual IP address of the device to which I want to connect (I put the IP assigned by zerotier my deco). The truth is that I have no idea what I have to do!

dreamdroid will work as long as it is installed on a device (smartphone in your case) connected to the zerotier network

Note: I have verified that a server service installed on an Android SmartPhone DOES NOT WORK, it only works for client access to remote servers.