Hi

Go into your container “lxc exec mycontainer bash”

install zerotier-one with usual means :

curl -s 'https://pgp.mit.edu/pks/lookup?op=get&search=0x1657198823E52A61' | gpg --import && \ if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi

Get your network id from my.zerotier.com assuming you signed up, then the id is in the top left of the control panel, it’s like a big long code similar to a mac address with no colons.

then back in your container run: zerotier-cli join myZerotierNetworkId

On the my.zerotier.com control panel for your network, click the “authorize” checkbox next to the new node that has appeared which is your container trying to join

If you do this same procedure with all your containers/nodes/vm’s/hosts that need connectivity, they will all be able to talk to each other on the zerotier network as if on the same flat / bridged LAN. Communication will go via the virtual adaptor ZTX

You can also advertise routes for remote networks so that the next hop is behind zt node X, thus creating a sort of dmvpn.

The other thing you can do is bridge the ZT nodes’ virtual adapter with the physical adapter and you extend the L2 from the ZT network into your physical network. I’ve not done this as I don’t like stretching L2 all over the place its sloppy.

If routing traffic through your container remember to enable ipv4 forwarding in sysctl.conf

I can’t remember exactly but you may need to make the container privileged as the virtual adapter is similar to TUN interface and I don’t think containers can run them by default. I did have to tweak a few things to get OpenVPN to work but ZT from what I recall is much easier.

You can also run your own zerotier controller using ztn-cui in docker in LXD which is what I’m doing. Easiest is to just use the provided free web GUI.

*edit to say create a subnet in the my.zerotier control panel, I think by default it will do this for you and give out addresses to the nodes automatically, they get pushed down on the fly from the controllers. You can if you want, create your own subnet and then give each node specific IP addresses if you want more control, all done via the gui. I just created a /24 which is plenty for me. You can always extend it to whatever size you want.

You can also do IPv6 and 6plane over ZT network. Various other bits of ipv6 schemes I’ve not looked into as of yet.

Cheers!

Jon