Zerotier
Zerotier
Get Started with Apps!
Get Started with Apps!
App Version: 1.14.2
(Changelog)
Keywords: vpn, zerotier
Train: Community
Home Page: https://www.zerotier.com
Keywords: vpn, zerotier
Train: Community
Home Page: https://www.zerotier.com
Zerotier Details
Added: 2024-08-09
Last Updated: 2025-06-07
Added: 2024-08-09
Last Updated: 2025-06-07
Securely connect any device, anywhere.
Run as Context- Zerotier runs as a root user.
Group: 0 / root
User: 0 / root
×
![Full Screenshot]()
Host Mounts
- /dev/net/tun : Network device
Security Capabilities
- Zerotier is able to write records to audit log
- Zerotier is able to change file ownership arbitrarily
- Zerotier is able to bypass file permission checks
- Zerotier is able to bypass permission checks for file operations
- Zerotier is able to perform network administration tasks
- Zerotier is able to bind to privileged ports (< 1024)
- Zerotier is able to use raw and packet sockets
- Zerotier is able to change group ID of processes
- Zerotier is able to transfer capabilities between processes
- Zerotier is able to change user ID of processes
- Zerotier is able to perform system administration operations
App Metadata (Raw File)
{
"1.2.2": {
"healthy": true,
"supported": true,
"healthy_error": null,
"location": "/__w/apps/apps/trains/community/zerotier/1.2.2",
"last_update": "2025-06-07 23:02:15",
"required_features": [],
"human_version": "1.14.2_1.2.2",
"version": "1.2.2",
"app_metadata": {
"app_version": "1.14.2",
"capabilities": [
{
"description": "Zerotier is able to write records to audit log",
"name": "AUDIT_WRITE"
},
{
"description": "Zerotier is able to change file ownership arbitrarily",
"name": "CHOWN"
},
{
"description": "Zerotier is able to bypass file permission checks",
"name": "DAC_OVERRIDE"
},
{
"description": "Zerotier is able to bypass permission checks for file operations",
"name": "FOWNER"
},
{
"description": "Zerotier is able to perform network administration tasks",
"name": "NET_ADMIN"
},
{
"description": "Zerotier is able to bind to privileged ports (< 1024)",
"name": "NET_BIND_SERVICE"
},
{
"description": "Zerotier is able to use raw and packet sockets",
"name": "NET_RAW"
},
{
"description": "Zerotier is able to change group ID of processes",
"name": "SETGID"
},
{
"description": "Zerotier is able to transfer capabilities between processes",
"name": "SETPCAP"
},
{
"description": "Zerotier is able to change user ID of processes",
"name": "SETUID"
},
{
"description": "Zerotier is able to perform system administration operations",
"name": "SYS_ADMIN"
}
],
"categories": [
"networking"
],
"changelog_url": "https://github.com/zerotier/ZeroTierOne/blob/dev/RELEASE-NOTES.md",
"date_added": "2024-08-09",
"description": "Securely connect any device, anywhere.",
"home": "https://www.zerotier.com",
"host_mounts": [
{
"description": "Network device",
"host_path": "/dev/net/tun"
}
],
"icon": "https://media.sys.truenas.net/apps/zerotier/icons/icon.png",
"keywords": [
"vpn",
"zerotier"
],
"lib_version": "2.1.35",
"lib_version_hash": "1bd4e0058fbd4d7c207df2cae606580065e8e6dba3e232f41bc1b006848b05d2",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "zerotier",
"run_as_context": [
{
"description": "Zerotier runs as a root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [],
"sources": [
"https://www.zerotier.com",
"https://hub.docker.com/r/zerotier/zerotier"
],
"title": "Zerotier",
"train": "community",
"version": "1.2.2"
},
"schema": {
"groups": [
{
"name": "Zerotier Configuration",
"description": "Configure Zerotier"
},
{
"name": "Network Configuration",
"description": "Configure Network for Zerotier"
},
{
"name": "Storage Configuration",
"description": "Configure Storage for Zerotier"
},
{
"name": "Labels Configuration",
"description": "Configure Labels for Zerotier"
},
{
"name": "Resources Configuration",
"description": "Configure Resources for Zerotier"
}
],
"questions": [
{
"variable": "zerotier",
"label": "",
"group": "Zerotier Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "auth_token",
"label": "Auth Token",
"description": "(Optional) The auth token for Zerotier.</br>\nSame as authtoken.secret.\n",
"schema": {
"type": "string",
"default": "",
"private": true
}
},
{
"variable": "identity_public",
"label": "Identity Public",
"description": "(Optional) The identity public for Zerotier.</br>\nSame as identity.public.\n",
"schema": {
"type": "string",
"default": "",
"private": true
}
},
{
"variable": "identity_secret",
"label": "Identity Secret",
"description": "(Optional) The identity secret for Zerotier.</br>\nSame as identity.secret.\n",
"schema": {
"type": "string",
"default": "",
"private": true
}
},
{
"variable": "networks",
"label": "Networks",
"description": "The networks for Zerotier.",
"schema": {
"type": "list",
"required": true,
"min": 1,
"default": [],
"items": [
{
"variable": "net_id",
"label": "Network ID",
"schema": {
"type": "string",
"required": true
}
}
]
}
},
{
"variable": "additional_envs",
"label": "Additional Environment Variables",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "env",
"label": "Environment Variable",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "name",
"label": "Name",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string"
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "network",
"label": "",
"group": "Network Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "host_network",
"label": "Host Network",
"description": "Bind to the host network. It's recommended to keep this disabled.\n",
"schema": {
"type": "boolean",
"default": true
}
}
]
}
},
{
"variable": "storage",
"label": "",
"group": "Storage Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "config",
"label": "Zerotier Config Storage",
"description": "The path to store Zerotier Config.",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.\ntmpfs: Is a temporary directory that will be created on the RAM.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "tmpfs",
"description": "tmpfs (Temporary directory created on the RAM)"
}
]
}
},
{
"variable": "tmpfs_config",
"label": "tmpfs Configuration",
"description": "The configuration for the tmpfs dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"tmpfs"
]
],
"attrs": [
{
"variable": "size",
"label": "Tmpfs Size Limit (in Mi)",
"description": "The maximum size (in Mi) of the temporary directory.</br>\nFor example: 500\n",
"schema": {
"type": "int",
"default": 500,
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"hidden": true,
"default": "config"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
}
]
}
},
{
"variable": "additional_storage",
"label": "Additional Storage",
"description": "Additional storage for Zerotier.",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "storageEntry",
"label": "Storage Entry",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "type",
"label": "Type",
"description": "ixVolume: Is dataset created automatically by the system.</br>\nHost Path: Is a path that already exists on the system.</br>\nSMB Share: Is a SMB share that is mounted to as a volume.\n",
"schema": {
"type": "string",
"required": true,
"default": "ix_volume",
"immutable": true,
"enum": [
{
"value": "host_path",
"description": "Host Path (Path that already exists on the system)"
},
{
"value": "ix_volume",
"description": "ixVolume (Dataset created automatically by the system)"
},
{
"value": "cifs",
"description": "SMB/CIFS Share (Mounts a volume to a SMB share)"
}
]
}
},
{
"variable": "read_only",
"label": "Read Only",
"description": "Mount the volume as read only.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "mount_path",
"label": "Mount Path",
"description": "The path inside the container to mount the storage.",
"schema": {
"type": "path",
"required": true
}
},
{
"variable": "host_path_config",
"label": "Host Path Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"host_path"
]
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "acl",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": [],
"$ref": [
"normalize/acl"
]
}
},
{
"variable": "path",
"label": "Host Path",
"description": "The host path to use for storage.",
"schema": {
"type": "hostpath",
"show_if": [
[
"acl_enable",
"=",
false
]
],
"required": true
}
}
]
}
},
{
"variable": "ix_volume_config",
"label": "ixVolume Configuration",
"description": "The configuration for the ixVolume dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"ix_volume"
]
],
"$ref": [
"normalize/ix_volume"
],
"attrs": [
{
"variable": "acl_enable",
"label": "Enable ACL",
"description": "Enable ACL for the storage.",
"schema": {
"type": "boolean",
"default": false
}
},
{
"variable": "dataset_name",
"label": "Dataset Name",
"description": "The name of the dataset to use for storage.",
"schema": {
"type": "string",
"required": true,
"immutable": true,
"default": "storage_entry"
}
},
{
"variable": "acl_entries",
"label": "ACL Configuration",
"schema": {
"type": "dict",
"show_if": [
[
"acl_enable",
"=",
true
]
],
"attrs": []
}
}
]
}
},
{
"variable": "cifs_config",
"label": "SMB Configuration",
"description": "The configuration for the SMB dataset.",
"schema": {
"type": "dict",
"show_if": [
[
"type",
"=",
"cifs"
]
],
"attrs": [
{
"variable": "server",
"label": "Server",
"description": "The server to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "path",
"label": "Path",
"description": "The path to mount the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "username",
"label": "Username",
"description": "The username to use for the SMB share.",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "password",
"label": "Password",
"description": "The password to use for the SMB share.",
"schema": {
"type": "string",
"required": true,
"private": true
}
},
{
"variable": "domain",
"label": "Domain",
"description": "The domain to use for the SMB share.",
"schema": {
"type": "string"
}
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "labels",
"label": "",
"group": "Labels Configuration",
"schema": {
"type": "list",
"default": [],
"items": [
{
"variable": "label",
"label": "Label",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "key",
"label": "Key",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "value",
"label": "Value",
"schema": {
"type": "string",
"required": true
}
},
{
"variable": "containers",
"label": "Containers",
"description": "Containers where the label should be applied",
"schema": {
"type": "list",
"items": [
{
"variable": "container",
"label": "Container",
"schema": {
"type": "string",
"required": true,
"enum": [
{
"value": "zerotier",
"description": "zerotier"
}
]
}
}
]
}
}
]
}
}
]
}
},
{
"variable": "resources",
"label": "",
"group": "Resources Configuration",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "limits",
"label": "Limits",
"schema": {
"type": "dict",
"attrs": [
{
"variable": "cpus",
"label": "CPUs",
"description": "CPUs limit for Zerotier.",
"schema": {
"type": "int",
"default": 2,
"required": true
}
},
{
"variable": "memory",
"label": "Memory (in MB)",
"description": "Memory limit for Zerotier.",
"schema": {
"type": "int",
"default": 4096,
"required": true
}
}
]
}
}
]
}
}
]
},
"readme": "<h1>Zerotier</h1> <p><a href=\"https://www.zerotier.com\">Zerotier</a> Securely connect any device, anywhere.</p>",
"changelog": null,
"chart_metadata": {
"app_version": "1.14.2",
"capabilities": [
{
"description": "Zerotier is able to write records to audit log",
"name": "AUDIT_WRITE"
},
{
"description": "Zerotier is able to change file ownership arbitrarily",
"name": "CHOWN"
},
{
"description": "Zerotier is able to bypass file permission checks",
"name": "DAC_OVERRIDE"
},
{
"description": "Zerotier is able to bypass permission checks for file operations",
"name": "FOWNER"
},
{
"description": "Zerotier is able to perform network administration tasks",
"name": "NET_ADMIN"
},
{
"description": "Zerotier is able to bind to privileged ports (< 1024)",
"name": "NET_BIND_SERVICE"
},
{
"description": "Zerotier is able to use raw and packet sockets",
"name": "NET_RAW"
},
{
"description": "Zerotier is able to change group ID of processes",
"name": "SETGID"
},
{
"description": "Zerotier is able to transfer capabilities between processes",
"name": "SETPCAP"
},
{
"description": "Zerotier is able to change user ID of processes",
"name": "SETUID"
},
{
"description": "Zerotier is able to perform system administration operations",
"name": "SYS_ADMIN"
}
],
"categories": [
"networking"
],
"changelog_url": "https://github.com/zerotier/ZeroTierOne/blob/dev/RELEASE-NOTES.md",
"date_added": "2024-08-09",
"description": "Securely connect any device, anywhere.",
"home": "https://www.zerotier.com",
"host_mounts": [
{
"description": "Network device",
"host_path": "/dev/net/tun"
}
],
"icon": "https://media.sys.truenas.net/apps/zerotier/icons/icon.png",
"keywords": [
"vpn",
"zerotier"
],
"lib_version": "2.1.35",
"lib_version_hash": "1bd4e0058fbd4d7c207df2cae606580065e8e6dba3e232f41bc1b006848b05d2",
"maintainers": [
{
"email": "dev@ixsystems.com",
"name": "truenas",
"url": "https://www.truenas.com/"
}
],
"name": "zerotier",
"run_as_context": [
{
"description": "Zerotier runs as a root user.",
"gid": 0,
"group_name": "root",
"uid": 0,
"user_name": "root"
}
],
"screenshots": [],
"sources": [
"https://www.zerotier.com",
"https://hub.docker.com/r/zerotier/zerotier"
],
"title": "Zerotier",
"train": "community",
"version": "1.2.2"
}
}
}Support, maintenance, and documentation for applications within the Community catalog is handled by the TrueNAS community. The TrueNAS Applications Portal hosts but does not validate or maintain any linked resources associated with this app.
There currently aren’t any resources available for this application!
Please help the TrueNAS community add resources here or discuss this application in the TrueNAS Community forum.