Zerotier
Zerotier
Get Started with Apps!
Get Started with Apps!
App Version: 1.14.2
(Changelog)
Keywords: vpn, zerotier
Train: Community
Home Page: https://www.zerotier.com
Keywords: vpn, zerotier
Train: Community
Home Page: https://www.zerotier.com
Zerotier Details
Added: 2024-08-09
Last Updated: 2025-04-23
Added: 2024-08-09
Last Updated: 2025-04-23
Securely connect any device, anywhere.
Run as Context- Zerotier runs as a root user.
Group: 0 / root
User: 0 / root
×
![Full Screenshot]()
Host Mounts
- /dev/net/tun : Network device
Security Capabilities
- Zerotier requires NET_ADMIN to configure the VPN interface, modify routes, etc.
- Zerotier requires NET_RAW to use raw sockets and proxying
- Zerotier is able to write to audit log.
- Zerotier is able to chown files.
- Zerotier is able to bypass permission checks.
- Zerotier is able bypass permission checks for it's sub-processes.
- Zerotier is able to bind to privileged ports.
- Zerotier is able to set group ID for it's sub-processes.
- Zerotier is able to set user ID for it's sub-processes.
- Zerotier is able to set process capabilities.
- Zerotier is able to perform various system administration operations.
App Metadata (Raw File)
{
"1.1.12": {
"healthy": true,
"supported": true,
"healthy_error": null,
"location": "/__w/apps/apps/trains/community/zerotier/1.1.12",
"last_update": "2025-04-23 17:40:39",
"required_features": [],
"human_version": "1.14.2_1.1.12",
"version": "1.1.12",
"app_metadata": {
"app_version": "1.14.2",
"capabilities": [
{
"description": "Zerotier requires NET_ADMIN to configure the VPN interface, modify routes, etc.",
"name": "NET_ADMIN"
},
{
"description": "Zerotier requires NET_RAW to use raw sockets and proxying",
"name": "NET_RAW"
},
{
"description": "Zerotier is able to write to audit log.",
"name": "AUDIT_WRITE"
},
{
"description": "Zerotier is able to chown files.",
"name": "CHOWN"
},
{
"description": "Zerotier is able to bypass permission checks.",
"name": "DAC_OVERRIDE"
},
{
"description": "Zerotier is able bypass permission checks for it's sub-processes.",
"name": "FOWNER"
},
{
"description": "Zerotier is able to bind to privileged ports.",
"name": "NET_BIND_SERVICE"
},
{
"description": "Zerotier is able to set group ID for it's sub-processes.",
"name": "SETGID"
},
{
"description": "Zerotier is able to set user ID for it's sub-processes.",
"name": "SETUID"
},
{
"description": "Zerotier is able to set process capabilities.",
"name": "SETPCAP"
},
{
"description": "Zerotier is able to perform various system administration operations.",
"name": "SYS_ADMIN"
}
],
"categories": [
"networking"
],
"changelog_url": "https://github.com/zerotier/ZeroTierOne/blob/dev/RELEASE-NOTES.md",
"date_added": "2024-08-09",
"description": "Securely connect any device, anywhere.",
"home": "https://www.zerotier.com",
"host_mounts": [
{
"description": "Network device",
"host_path": "/dev/net/tun"
}
],
"icon": "https://media.sys.truenas.net/apps/zerotier/icons/icon.png",
"keywords": [
"vpn",
"zerotier"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "zerotier",
"run_as_context": [
{
"description": "Zerotier runs as a root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [],
"sources": [
"https://www.zerotier.com",
"https://hub.docker.com/r/zerotier/zerotier"
],
"title": "Zerotier",
"train": "community",
"version": "1.1.12"
},
"schema": {
"groups": [
{
"name": "Zerotier Configuration",
"description": "Configure Zerotier"
},
{
"name": "Network Configuration",
"description": "Configure Network for Zerotier"
},
{
"name": "Storage Configuration",
"description": "Configure Storage for Zerotier"
},
{
"name": "Labels Configuration",
"description": "Configure Labels for Zerotier"
},
{
"name": "Resources Configuration",
"description": "Configure Resources for Zerotier"
}
],
"questions": [
{
"variable": "zerotier",
"label": "",
"group": "Zerotier Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "auth_token",
"label": "Auth Token",
"description": "(Optional) The auth token for Zerotier.</br>\nSame as authtoken.secret.\n",
"schema": {
"type": "string",
"default": "",
"private": true
}
},
{
"variable": "identity_public",
"label": "Identity Public",
"description": "(Optional) The identity public for Zerotier.</br>\nSame as identity.public.\n",
"schema": {
"type": "string",
"default": "",
"private": true
}
},
{
"variable": "identity_secret",
"label": "Identity Secret",
"description": "(Optional) The identity secret for Zerotier.</br>\nSame as identity.secret.\n",
"schema": {
"type": "string",
"default": "",
"private": true
}
},
{
"variable": "networks",
"label": "Networks",
"description": "The networks for Zerotier.",
"schema": {
"type": "list",
"required": true,
"min": 1,
"default": [],
"items": [
{
"variable": "net_id",
"label": "Network ID",
"schema": {
"type": "string",
"required": true
}
}
]
}
},
{
"variable": "additional_envs",
"label": "Additional Environment Variables",
"description": "Configure additional environment variables for Zerotier.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "env",
"label": "Environment Variable",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "name",
"label": "Name",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "network",
"label": "",
"group": "Network Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "host_network",
"label": "Host Network",
"description": "Bind to the host network. It's recommended to keep this disabled.\n",
"schema": {
"type": "boolean",
"default": true
}
}
]
}
},
{
"variable": "storage",
"label": "",
"group": "Storage Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "config",
"label": "Zerotier Config Storage",
"description": "The path to store Zerotier Config.",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.\ntmpfs: Is a temporary directory that will be created on the RAM.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "tmpfs",
"description": "tmpfs (Temporary directory created on the RAM)"
}
]
}
},
{
"variable": "tmpfs_config",
"label": "tmpfs Configuration",
"description": "The configuration for the tmpfs dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"tmpfs"
]
],
"attrs": [
{
"variable": "size",
"label": "Tmpfs Size Limit (in Mi)",
"description": "The maximum size (in Mi) of the temporary directory.</br>\nFor example: 500\n",
"schema": {
"type": "int",
"default": 500,
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"hidden": true,
"default": "config"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
}
]
}
},
{
"variable": "additional_storage",
"label": "Additional Storage",
"description": "Additional storage for Zerotier.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "storageEntry",
"label": "Storage Entry",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.</br>\nSMB Share: Is a SMB share that is mounted to as a volume.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"immutable": true,
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "cifs",
"description": "SMB/CIFS Share (Mounts a volume to a SMB share)"
}
]
}
},
{
"variable": "read_only",
"label": "Read Only",
"description": "Mount the volume as read only.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "mount_path",
"label": "Mount Path",
"description": "The path inside the container to mount the storage.",
"schema": {
"type": "path",
"required": true
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "storage_entry"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "cifs_config",
"label": "SMB Configuration",
"description": "The configuration for the SMB dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"cifs"
]
],
"attrs": [
{
"variable": "server",
"label": "Server",
"description": "The server to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "path",
"label": "Path",
"description": "The path to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "username",
"label": "Username",
"description": "The username to use for the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "password",
"label": "Password",
"description": "The password to use for the SMB share.",
"schema": {
"type": "string",
"required": true,
"private": true
}
},
{
"variable": "domain",
"label": "Domain",
"description": "The domain to use for the SMB share.",
"schema": {
"type": "string"
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "labels",
"label": "",
"group": "Labels Configuration",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "label",
"label": "Label",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "key",
"label": "Key",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "containers",
"label": "Containers",
"description": "Containers where the label should be applied",
"schema": {
"type": "list",
"items": [
{
"variable": "container",
"label": "Container",
"schema": {
"type": "string",
"required": true,
"enum": [
{
"value": "zerotier",
"description": "zerotier"
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "resources",
"label": "",
"group": "Resources Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "limits",
"label": "Limits",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "cpus",
"label": "CPUs",
"description": "CPUs limit for Zerotier.",
"schema": {
"type": "int",
"default": 2,
"required": true
}
},
{
"variable": "memory",
"label": "Memory (in MB)",
"description": "Memory limit for Zerotier.",
"schema": {
"type": "int",
"default": 4096,
"required": true
}
}
]
}
}
]
}
}
]
},
"readme": "<h1>Zerotier</h1> <p><a href=\"https://www.zerotier.com\">Zerotier</a> Securely connect any device, anywhere.</p>",
"changelog": null,
"chart_metadata": {
"app_version": "1.14.2",
"capabilities": [
{
"description": "Zerotier requires NET_ADMIN to configure the VPN interface, modify routes, etc.",
"name": "NET_ADMIN"
},
{
"description": "Zerotier requires NET_RAW to use raw sockets and proxying",
"name": "NET_RAW"
},
{
"description": "Zerotier is able to write to audit log.",
"name": "AUDIT_WRITE"
},
{
"description": "Zerotier is able to chown files.",
"name": "CHOWN"
},
{
"description": "Zerotier is able to bypass permission checks.",
"name": "DAC_OVERRIDE"
},
{
"description": "Zerotier is able bypass permission checks for it's sub-processes.",
"name": "FOWNER"
},
{
"description": "Zerotier is able to bind to privileged ports.",
"name": "NET_BIND_SERVICE"
},
{
"description": "Zerotier is able to set group ID for it's sub-processes.",
"name": "SETGID"
},
{
"description": "Zerotier is able to set user ID for it's sub-processes.",
"name": "SETUID"
},
{
"description": "Zerotier is able to set process capabilities.",
"name": "SETPCAP"
},
{
"description": "Zerotier is able to perform various system administration operations.",
"name": "SYS_ADMIN"
}
],
"categories": [
"networking"
],
"changelog_url": "https://github.com/zerotier/ZeroTierOne/blob/dev/RELEASE-NOTES.md",
"date_added": "2024-08-09",
"description": "Securely connect any device, anywhere.",
"home": "https://www.zerotier.com",
"host_mounts": [
{
"description": "Network device",
"host_path": "/dev/net/tun"
}
],
"icon": "https://media.sys.truenas.net/apps/zerotier/icons/icon.png",
"keywords": [
"vpn",
"zerotier"
],
"lib_version": "2.1.16",
"lib_version_hash": "dac15686f882b9ce65b8549a3d5c0ed7bafe2df7a9028880d1a99b0ff4af1eff",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "zerotier",
"run_as_context": [
{
"description": "Zerotier runs as a root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [],
"sources": [
"https://www.zerotier.com",
"https://hub.docker.com/r/zerotier/zerotier"
],
"title": "Zerotier",
"train": "community",
"version": "1.1.12"
}
}
}Support, maintenance, and documentation for applications within the Community catalog is handled by the TrueNAS community. The TrueNAS Applications Portal hosts but does not validate or maintain any linked resources associated with this app.
There currently aren’t any resources available for this application!
Please help the TrueNAS community create content or discuss this application in the TrueNAS Community forum.