Zerotier on QTS 5.0.1 not working

Introduce yourself to us and other members here, or share your own product reviews, suggestions, and tips and tricks of using QNAP products.
Post Reply
Bob Zelin
Experience counts
Posts: 1374
Joined: Mon Nov 21, 2016 12:55 am
Location: Orlando, FL.
Contact:

Zerotier on QTS 5.0.1 not working

Post by Bob Zelin »

Hi -
I have been raving about Zerotier for remote VPN on The QNAP recently, which works great with QTS 5.0.0 and QuTS 5.0.0

well now I have updated a system to QTS 5.0.1, and Zerotier no longer works. In doing searches on why this is not working (since it is not a supported product) -
I found this - apparently from a Zerotier developer that knows a lot more than I do !

"hi this is simpler and better and works (only x64 cant test others)
use docker first install QVPN for the tun driver

docker run -d --name zerotier-one --device=/dev/net/tun --net=host --cap-add=NET_ADMIN --cap-add=SYS_ADMIN -v $HOME/docker/zerotier-one:/var/lib/zerotier-one --restart=always zyclonite/zerotier

docker exec zerotier-one zerotier-cli join 8056c2e21c000001

or create an empty file with the network as name
/var/lib/zerotier-one/networks.d/8056c2e21c000001.conf

https://discuss.zerotier.com/t/zerotier ... 0-1/7701/3"

and I am sure I am doing something stupid (like not understanding on how to get Zerotier into a docker hub properly) - but I can't get this to run either way.

Bob
Bob Zelin / Rescue 1, Inc.
http://www.bobzelin.com
Bob Zelin
Experience counts
Posts: 1374
Joined: Mon Nov 21, 2016 12:55 am
Location: Orlando, FL.
Contact:

Re: Zerotier on QTS 5.0.1 not working

Post by Bob Zelin »

Hello -
I am going to repost what I just put on the Reddit QNAP forum about how to get QTS 5.0.1 with Zerotier 1.10.1
I am not the one that figured it out - I just participated in a lot of testing, with a lot of smart guys on the Zerotier community forums (like this forum for QNAP) -

Hi -

the interest in Zerotier and Tailscale exists because it allows for remote access of The QNAP (like QVPN or Wireguard) without having to open up ports on the internet router, allowing for the possibility of Ransomware attacks to The QNAP. This worked well with QTS 5.0.0, but has now stopped working with QTS 5.0.1.

I have been participating on the Zerotier forums for the last week, and thanks mainly to two users on the Zerotier Community forum - martinwm and mvonweis, this is how to get Zerotier to work with QNAP QTS 5.0.1.

This explanation is not for the "faint of heart". You should be familiar with ssh-ing into your QNAP, and for the second part, you should be familiar with the linux file editor vi, vim, pico, or nano. These are not hard to learn, and certainly are no harder to learn, than actually installing Zerotier or Tailscale onto a QNAP, which require these skills. I am not a linux expert - I am barely an amateur, and you don't have to know all the commands of the linux file editor - just enough to make minor changes of a file, and save them.

The official release of Zerotier for QNAP is 1.8.4, and this is not the correct release for QTS 5.0.1. Zerotier 1.8.4 will work, if you have QTS 5.0.0 and Zerotier installed, and then do an update, and then enter a bunch of terminal commands, but it will not survive a reboot of The QNAP. These terminal commands would have to be entered again, to get Zerotier to work again. If you have a clean install of QTS 5.0.1, you simply cannot install Zerotier 1.8.4 (believe me, I tried) - you must install the new version of Zerotier 1.10.1, which is currently available from Qnapclub.eu

https://www.qnapclub.eu/en/qpkg/1320

for my test system, I am using a QNAP TS-251+, running QTS 5.0.1. I was very disappointed to see that when you do a manual install of Zerotier 1.10.1 into The QNAP App Center, it will not work. This is because this application is not written correctly. This is when I started to participate on the Zerotier community forums, and received incredible help from martinwm and mvonweis, in order to get this to work.

To be clear, you need to choose the correct version of Zerotier to download - most "better QNAP" or professional systems (and the TS-251 is a cheap 2 bay) - uses the x86_64 version.

Before I go any further, I will assume that you have created an account with Zerotier (which is free), and created a network for at least your PC or Mac, so you can test this.

once Zerotier 1.10.1 is installed in the App Center of QTS 5.0.1, you ssh into your QNAP, and run the following lines -

cd /share/CACHEDEV1_DATA/.qpkg

ln -s 0Tier1 ZeroTier

ln -s 0Tier1 zerotier

cd ZeroTier

ln -s usr/sbin/zerotier-one

cd /usr/sbin

ln -s /share/CACHEDEV1_DATA/.qpkg/ZeroTier/zerotier-one

cd /var/lib

ln -s /share/CACHEDEV1_DATA/.qpkg/ZeroTier zerotier-one

once this is done, you enter this line -

/share/CACHEDEV1_DATA/.qpkg/ZeroTier/0Tier1.sh start

and Zerotier will start. I received an error saying there is a port 9993 error, but this did not prevent

me from using Zerotier, or continuing with this process.

you can now enter in terminal, where you are ssh'ed into -

zerotier-cli info

or

zerotier-cli status

to confirm that Zerotier is running on your QNAP. To now join the Zerotier network with your QNAP, you type in

zerotier-cli join YourNetworkID

where "YourNetworkID" is the 16 digit number you get from the Zerotier account that you created.

You will now see (at the bottom of your Zerotier account) that your QNAP appears, and can be activated. It will soon say that it is "online".

OK - now that it's working, here comes the painful part.

when you reboot The QNAP, Zerotier will no longer be running, so you have to modify some files with a linux text editor (like vi) to get this to always stay on, after a reboot.

here we go -

ssh into the QNAP

cd /share/CACHEDEV1_DATA/.qpkg/zerotier

if you ls -l, you will see the the file 0tier1.sh
*

vi 0tier1.sh
*

scroll down all this crap (I was intimidated, I am not a programmer, so this looks like a bunch of gibberish to me) - and fine the paragraph that starts with modprobe tun

I am going to show you the end result, but you are going to be adding in the last line here

of

/bin/ln -s $QPKG_ROOT /var/lib/zerotier-one

so when you are done, it should look like this -

modprobe tun

/bin/ln -s $QPKG_ROOT/zerotier-one /usr/sbin/zerotier-cli

/bin/ln -s $QPKG_ROOT/zerotier-one /usr/bin/zerotier-cli

/bin/ln -s $QPKG_ROOT /var/lib/zerotier-one

but we ain't done yet -

now you have to scroll down to the killall zerotier-one section, and add the last line of

rm -rf /var/lib/zerotier-one

so it ultimately looks just like this -

killall zerotier-one



rm -rf /usr/sbin/zerotier-cli

rm -rf /usr/bin/zerotier-cli

rm -rf /var/lib/zerotier-one

save all of this with

:wq!

and now you can reboot your QNAP, and ZeroTier will still be running, without having to do this all over again. As I observe the Zerotier community website, I see that these same 2 guys are finding errors in the Zerotier 1.10.1 package, that they are posting. I have not made these changes in my system, as mine is working.

you can now ssh back in, type in

zerotier-cli listnetworks

and you will see your Zerotier network.

I find it troubling that Zerotier is not working on this, and that the person who posted Zerotier 1.10.1on the QNAPClub.eu
website expects "regular people" to be able to figure all of this stuff out, and apparantly he has some minor errors in his .qpkg.

Believe me, as I worked thru this last week, I was getting very frustrated with all the changes, and I said "I am just going to use Tailscale, and forget Zerotier" - but according to the Tailscale website as of yesterday, the current release of Tailscale is ALSO NOT WORKING with QTS 5.0.1

I hope this helps someone, and as I said at the beginning, I know that this process is "not for the faint of heart". But at least you don't have to open up port 1194 to get QVPN to work (along with possibly getting Deadbolt or QLocker !).

Bob Zelin
Bob Zelin / Rescue 1, Inc.
http://www.bobzelin.com
User avatar
OneCD
Guru
Posts: 12037
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Zerotier on QTS 5.0.1 not working

Post by OneCD »

Hi Bob, what is the actual issue when running this QPKG in QTS 5.0.1? Are you seeing an error about an incompatibility with the QTS version?

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
Bob Zelin
Experience counts
Posts: 1374
Joined: Mon Nov 21, 2016 12:55 am
Location: Orlando, FL.
Contact:

Re: Zerotier on QTS 5.0.1 not working

Post by Bob Zelin »

Hello OneCD -
unfortunately, it's a long story - but since you asked, and since I spent all last week, working on this, I will bore you with all of this.

The quick bottom line here - is that QNAP really doesn't care about Zerotier at this moment, and it is now obvious that Zerotier really doesn't care about QNAP (or Synology). If there are firmware updates (like QTS 5.0.1) - this is the least of their worries for their business model. And with that said - if QNAP releases new firmware, and there are "third party apps" that are not official QNAP apps - well, that is the least of QNAP's concerns at the time.

I only became aware and interested in both Zerotier and Tailscale, because both of these VPN solutions for QNAP do NOT require any port forwarding on your router (like QVPN or Wireguard do) - to get remote access to The QNAP. This worked flawlessly with QTS 5.0.0 and Zerotier 1.8.4 - and then QTS 5.0.1 came out, and it stopped working.

A lot of what I am about to say, is based on the community forum of Zerotier - no different than if "we" come up with a fix here for a QNAP issue, and QNAP does not implement what "we say" on this QNAP user forum. I don't think that Zerotier is really paying attention to the Zerotier user forum (community forum).

If you had an installation of QTS 5.0.0 and Zerotier 1.8.4 in the App Center, everything worked perfectly. If you simply updated to QTS 5.0.1, everything stopped working for Zerotier.
Based on a 44 response thread on the zerotier.com community forum (that I was involved with, but I have no knowledge of programming) - one of the users said -
"if you ssh into The QNAP, and enter these commands, then ZeroTier will start to work - but it will NOT survive a reboot of The QNAP. You will have to reinstall these commands every time"

CONF=/etc/config/qpkg.conf
QPKG_NAME="zerotier"
QPKG_ROOT=`/sbin/getcfg $QPKG_NAME Install_Path -f ${CONF}`
/sbin/setcfg $QPKG_NAME Enable TRUE -f $CONF
/share/CACHEDEV1_DATA/.qpkg/zerotier/zerotier.sh start

and in fact this was accurate. After you ran this, and typed in
zerotier-cli status

you would see that ZeroTier was running, and you could VPN into The QNAP. You now reboot The QNAP, and it would no longer be running, until you typed in all these commands.

This of course, was unacceptable.
So "someone" at Qnapclub.com wrote Zerotier 1.10.1 for The QNAP.
It was written by some guy called "Qoolbox" - who shows a package for Zerotier 1.10.1, with no documentation.

https://www.qnapclub.eu/en/qpkg/1320

I anxiously downloaded this, and of course, it did not work. He offered no documentation, and so I re posted this on the Zerotier Community forum.
Another user observed this, and showed how to get this working with QTS 5.0.1, and later showed how to change some of the code, so that when you rebooted The QNAP,
Zerotier 1.10.1 would still be functional, and you would not have to re-run any of these CLI commands.

This was all done by interested users - not by Zerotier, and not by QNAP. Users that are very knowledgable, and were willing to assist with this.

Since yesterday, there is additional information today, showing that there are syntax errors in Qoolbox's Zerotier 1.10.1 download on Qnapclub.eu.
It is unfortunate that ignorant users like myself, are subjected to this, instead of having Zerotier or QNAP's cooperation in making this work.
The same applies to Tailscale, which, when you look at the Tailscale community user forum, shows that Tailscale is not working properly with QNAP QTS 5.0.1

Anyway - that is the long story. If you follow my instructions above, once you download Zerotier 1.10.1 from Qnapclub.eu (not the zerotier.com website) - everything works with
QTS 5.0.1.

It's all very frustrating. Had it not been for Ransomware, and the huge demand for remote access to The QNAP, without opening ports on the internet router - I would never have even
researched any of this stuff.

Bob Zelin

ps - perhaps I did not make this clear above - if you simply update to QTS 5.0.1, and have never installed Zerotier 1.8.4 with QTS 5.0.0 before you update to 5.0.1 - then you cannot install Zerotier 1.8.4, and you are forced to use the Qnapclub.eu download of 1.10.1, and of course, that does not even work, unless you follow the instructions that I have shown above. Basically, it's a mess. This is not an "elegant" solution.
Bob Zelin / Rescue 1, Inc.
http://www.bobzelin.com
User avatar
OneCD
Guru
Posts: 12037
Joined: Sun Aug 21, 2016 10:48 am
Location: "... there, behind that sofa!"

Re: Zerotier on QTS 5.0.1 not working

Post by OneCD »

Bob Zelin wrote: Wed Sep 28, 2022 5:59 am I only became aware and interested in both Zerotier and Tailscale, because both of these VPN solutions for QNAP do NOT require any port forwarding on your router (like QVPN or Wireguard do) - to get remote access to The QNAP. This worked flawlessly with QTS 5.0.0 and Zerotier 1.8.4 - and then QTS 5.0.1 came out, and it stopped working.
Sounds like the max QTS version needs to be updated for this QPKG. This is a common problem right now, as the max QTS version was set to 5.0.0 (by-default) for a very long time, and is included as a limitation on most QPKGs. These must all be updated by the original package maintainers, and released as new package versions.

If you've already installed the QPKG, then updated QTS and the package stopped working, you can just edit your /etc/config/qpkg.conf to entirely remove the 'FW_Ver_Max' key/value pair for this QPKG, as it’s usually not needed. Then start the package via your App Center UI. This is a persistent change that will survive a reboot. No-need to re-enable the QPKG after bootup.

At present, I haven't found a way to force-install QPKGs where this value is set too-low on QTS 5.0.1, so the QPKG would have to have been installed before upgrading QTS.

An easy workaround for already-installed packages is to remove the max QTS versions for all packages at the same time:

Code: Select all

sed -i '/^FW_Ver_Max/d' /etc/config/qpkg.conf
Bob Zelin wrote: Wed Sep 28, 2022 5:59 am It was written by some guy called "Qoolbox" - who shows a package for Zerotier 1.10.1, with no documentation.
Qoolbox is known as @QNAP_Stephane on this forum. He maintains around 95% of all QPKGs in existence, and has taken-on an enormous voluntary workload by doing-so. ;)
Bob Zelin wrote: Wed Sep 28, 2022 5:59 am Since yesterday, there is additional information today, showing that there are syntax errors in Qoolbox's Zerotier 1.10.1 download on Qnapclub.eu.
Then @QNAP_Stephane will need to release a fixed QPKG for ZeroTier, and post it on the QnapClub Store.

ImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImageImage
occamsrazor
Know my way around
Posts: 244
Joined: Tue Mar 30, 2010 8:30 pm

Re: Zerotier on QTS 5.0.1 not working

Post by occamsrazor »

zerotier_1.10.1_x86_64.qpkg
TS-451
QTS 5.0.1.2194

Fresh install worked fine for me using the updated 1.10.1 packages here: http://download.zerotier.com/dist/qnap/
See this: https://discuss.zerotier.com/t/qnap-fai ... on/9346/57
TS-451 [4 x 10TB WD Reds in Raid-5]
TS-239 Pro II [2 x 3TB in Raid-0]
pfSense router and Ubiquiti Unifi switches
Mac Minis, MacBook Pro, iPhones
Post Reply

Return to “Users' Corner”