extern/zrok
1
1
Fork 0
mirror of https://github.com/openziti/zrok.git synced 2025-08-15 02:22:32 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
gh-pages
zrok/docs/0.4/guides/vpn/index.html
michaelquigley 82611a152d deploy: cb7a594bb4
2025-08-14 20:47:03 +00:00

59 lines
32 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-0.4 docs-doc-page docs-doc-id-guides/vpn/vpn" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v3.8.1">
<title data-rh="true">zrok VPN Guide | zrok</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.zrok.io/docs/0.4/guides/vpn/"><meta data-rh="true" property="og:locale" content="en"><meta data-rh="true" name="docusaurus_locale" content="en"><meta data-rh="true" name="docsearch:language" content="en"><meta data-rh="true" name="docusaurus_version" content="0.4"><meta data-rh="true" name="docusaurus_tag" content="docs-default-0.4"><meta data-rh="true" name="docsearch:version" content="0.4"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-0.4"><meta data-rh="true" property="og:title" content="zrok VPN Guide | zrok"><meta data-rh="true" name="description" content="zrok VPN backend allows for simple host-to-host VPN setup."><meta data-rh="true" property="og:description" content="zrok VPN backend allows for simple host-to-host VPN setup."><link data-rh="true" rel="icon" href="/img/zrok-favicon.png"><link data-rh="true" rel="canonical" href="https://docs.zrok.io/docs/0.4/guides/vpn/"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/0.4/guides/vpn/" hreflang="en"><link data-rh="true" rel="alternate" href="https://docs.zrok.io/docs/0.4/guides/vpn/" hreflang="x-default"><link data-rh="true" rel="preconnect" href="https://CO73R59OLO-dsn.algolia.net" crossorigin="anonymous"><script data-rh="true" type="application/ld+json">{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Guides","item":"https://docs.zrok.io/docs/0.4/category/guides"},{"@type":"ListItem","position":2,"name":"VPN","item":"https://docs.zrok.io/docs/0.4/guides/vpn/"}]}</script><link rel="preconnect" href="https://www.googletagmanager.com">
<script>window.dataLayer=window.dataLayer||[]</script>
<script>!function(e,t,a,n){e[n]=e[n]||[],e[n].push({"gtm.start":(new Date).getTime(),event:"gtm.js"});var g=t.getElementsByTagName(a)[0],m=t.createElement(a);m.async=!0,m.src="https://www.googletagmanager.com/gtm.js?id=GTM-MDFLZPK8",g.parentNode.insertBefore(m,g)}(window,document,"script","dataLayer")</script>
<link rel="search" type="application/opensearchdescription+xml" title="zrok" href="/opensearch.xml"><link rel="stylesheet" href="/assets/css/styles.f094a017.css">
<script src="/assets/js/runtime~main.5186f849.js" defer="defer"></script>
<script src="/assets/js/main.e070a266.js" defer="defer"></script>
</head>
<body class="navigation-with-keyboard">
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-MDFLZPK8" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs>
<symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"/></symbol>
</defs></svg>
<script>!function(){var t="dark";var e=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return window.localStorage.getItem("theme")}catch(t){}}();document.documentElement.setAttribute("data-theme",e||t),document.documentElement.setAttribute("data-theme-choice",e||t)}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><div role="region" aria-label="Skip to main content"><a class="skipToContent_fXgn" href="#__docusaurus_skipToContent_fallback">Skip to main content</a></div><nav aria-label="Main" class="theme-layout-navbar navbar navbar--fixed-top"><div class="navbar__inner"><div class="theme-layout-navbar-left navbar__items"><button aria-label="Toggle navigation bar" aria-expanded="false" class="navbar__toggle clean-btn" type="button"><svg width="30" height="30" viewBox="0 0 30 30" aria-hidden="true"><path stroke="currentColor" stroke-linecap="round" stroke-miterlimit="10" stroke-width="2" d="M4 7h22M4 15h22M4 23h22"></path></svg></button><a href="https://zrok.io" target="_self" rel="noopener noreferrer" class="navbar__brand"><div class="navbar__logo"><img src="/img/zrok-1.0.0-rocket-green.svg" alt="zrok Logo" class="themedComponent_mlkZ themedComponent--light_NVdE"><img src="/img/zrok-1.0.0-rocket-green.svg" alt="zrok Logo" class="themedComponent_mlkZ themedComponent--dark_xIcU"></div><b class="navbar__title text--truncate">zrok</b></a><div class="navbar__item dropdown dropdown--hoverable"><a aria-current="page" class="navbar__link active" aria-haspopup="true" aria-expanded="false" role="button" href="/docs/0.4/guides/vpn/">0.4</a><ul class="dropdown__menu"><li><a class="dropdown__link" href="/docs/guides/vpn/">1.1</a></li><li><a class="dropdown__link" href="/docs/1.0/guides/vpn/">1.0</a></li><li><a aria-current="page" class="dropdown__link dropdown__link--active" href="/docs/0.4/guides/vpn/">0.4</a></li></ul></div></div><div class="theme-layout-navbar-right navbar__items navbar__items--right"><a href="https://zrok.io/pricing/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">pricing<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><a href="https://myzrok.io/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">account<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><a href="https://github.com/orgs/openziti/projects/16" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link">roadmap<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a><a href="https://github.com/openziti/zrok" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-github-link" title="GitHub"></a><a href="https://openziti.discourse.group/" target="_blank" rel="noopener noreferrer" class="navbar__item navbar__link header-discourse-link" title="Discourse"></a><div class="toggle_vylO colorModeToggle_DEke"><button class="clean-btn toggleButton_gllP toggleButtonDisabled_aARS" type="button" disabled="" title="system mode" aria-label="Switch between dark and light mode (currently system mode)"><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP lightToggleIcon_pyhR"><path fill="currentColor" d="M12,9c1.65,0,3,1.35,3,3s-1.35,3-3,3s-3-1.35-3-3S10.35,9,12,9 M12,7c-2.76,0-5,2.24-5,5s2.24,5,5,5s5-2.24,5-5 S14.76,7,12,7L12,7z M2,13l2,0c0.55,0,1-0.45,1-1s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S1.45,13,2,13z M20,13l2,0c0.55,0,1-0.45,1-1 s-0.45-1-1-1l-2,0c-0.55,0-1,0.45-1,1S19.45,13,20,13z M11,2v2c0,0.55,0.45,1,1,1s1-0.45,1-1V2c0-0.55-0.45-1-1-1S11,1.45,11,2z M11,20v2c0,0.55,0.45,1,1,1s1-0.45,1-1v-2c0-0.55-0.45-1-1-1C11.45,19,11,19.45,11,20z M5.99,4.58c-0.39-0.39-1.03-0.39-1.41,0 c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0s0.39-1.03,0-1.41L5.99,4.58z M18.36,16.95 c-0.39-0.39-1.03-0.39-1.41,0c-0.39,0.39-0.39,1.03,0,1.41l1.06,1.06c0.39,0.39,1.03,0.39,1.41,0c0.39-0.39,0.39-1.03,0-1.41 L18.36,16.95z M19.42,5.99c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06c-0.39,0.39-0.39,1.03,0,1.41 s1.03,0.39,1.41,0L19.42,5.99z M7.05,18.36c0.39-0.39,0.39-1.03,0-1.41c-0.39-0.39-1.03-0.39-1.41,0l-1.06,1.06 c-0.39,0.39-0.39,1.03,0,1.41s1.03,0.39,1.41,0L7.05,18.36z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP darkToggleIcon_wfgR"><path fill="currentColor" d="M9.37,5.51C9.19,6.15,9.1,6.82,9.1,7.5c0,4.08,3.32,7.4,7.4,7.4c0.68,0,1.35-0.09,1.99-0.27C17.45,17.19,14.93,19,12,19 c-3.86,0-7-3.14-7-7C5,9.07,6.81,6.55,9.37,5.51z M12,3c-4.97,0-9,4.03-9,9s4.03,9,9,9s9-4.03,9-9c0-0.46-0.04-0.92-0.1-1.36 c-0.98,1.37-2.58,2.26-4.4,2.26c-2.98,0-5.4-2.42-5.4-5.4c0-1.81,0.89-3.42,2.26-4.4C12.92,3.04,12.46,3,12,3L12,3z"></path></svg><svg viewBox="0 0 24 24" width="24" height="24" aria-hidden="true" class="toggleIcon_g3eP systemToggleIcon_QzmC"><path fill="currentColor" d="m12 21c4.971 0 9-4.029 9-9s-4.029-9-9-9-9 4.029-9 9 4.029 9 9 9zm4.95-13.95c1.313 1.313 2.05 3.093 2.05 4.95s-0.738 3.637-2.05 4.95c-1.313 1.313-3.093 2.05-4.95 2.05v-14c1.857 0 3.637 0.737 4.95 2.05z"></path></svg></button></div><div class="navbarSearchContainer_Bca1"><button type="button" class="DocSearch DocSearch-Button" aria-label="Search (Command+K)"><span class="DocSearch-Button-Container"><svg width="20" height="20" class="DocSearch-Search-Icon" viewBox="0 0 20 20" aria-hidden="true"><path d="M14.386 14.386l4.0877 4.0877-4.0877-4.0877c-2.9418 2.9419-7.7115 2.9419-10.6533 0-2.9419-2.9418-2.9419-7.7115 0-10.6533 2.9418-2.9419 7.7115-2.9419 10.6533 0 2.9419 2.9418 2.9419 7.7115 0 10.6533z" stroke="currentColor" fill="none" fill-rule="evenodd" stroke-linecap="round" stroke-linejoin="round"></path></svg><span class="DocSearch-Button-Placeholder">Search</span></span><span class="DocSearch-Button-Keys"></span></button></div></div></div><div role="presentation" class="navbar-sidebar__backdrop"></div></nav><div id="__docusaurus_skipToContent_fallback" class="theme-layout-main main-wrapper mainWrapper_z2l0"><div class="docsWrapper_hBAB"><button aria-label="Scroll back to top" class="clean-btn theme-back-to-top-button backToTopButton_sjWU" type="button"></button><div class="docRoot_UBD9"><aside class="theme-doc-sidebar-container docSidebarContainer_YfHR"><div class="sidebarViewport_aRkj"><div class="sidebar_njMd"><nav aria-label="Docs sidebar" class="menu thin-scrollbar menu_SIkG"><ul class="theme-doc-sidebar-menu menu__list"><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-1 menu__list-item"><a class="menu__link" href="/docs/0.4/getting-started/">Getting Started</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/docs/0.4/concepts/">Concepts</a><button aria-label="Expand sidebar category &#x27;Concepts&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist menu__link--active" href="/docs/0.4/category/guides/">Guides</a><button aria-label="Collapse sidebar category &#x27;Guides&#x27;" aria-expanded="true" type="button" class="clean-btn menu__caret"></button></div><ul class="menu__list"><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/0.4/guides/install/">Install</a><button aria-label="Expand sidebar category &#x27;Install&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/frontdoor/">frontdoor</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/permission-modes/">Permission Modes</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/0.4/guides/docker-share/">Docker Share</a><button aria-label="Expand sidebar category &#x27;Docker Share&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/linux-user-share/">Linux User Share</a></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-2 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" tabindex="0" href="/docs/0.4/category/self-hosting/">Self Hosting</a><button aria-label="Expand sidebar category &#x27;Self Hosting&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link" tabindex="0" href="/docs/0.4/guides/drives/">Drives</a></li><li class="theme-doc-sidebar-item-link theme-doc-sidebar-item-link-level-2 menu__list-item"><a class="menu__link menu__link--active" aria-current="page" tabindex="0" href="/docs/0.4/guides/vpn/">VPN</a></li></ul></li><li class="theme-doc-sidebar-item-category theme-doc-sidebar-item-category-level-1 menu__list-item menu__list-item--collapsed"><div class="menu__list-item-collapsible"><a class="menu__link menu__link--sublist" href="/docs/0.4/category/myzrok/">myzrok</a><button aria-label="Expand sidebar category &#x27;myzrok&#x27;" aria-expanded="false" type="button" class="clean-btn menu__caret"></button></div></li></ul></nav></div></div></aside><main class="docMainContainer_TBSr"><div class="container padding-top--md padding-bottom--lg"><div class="row"><div class="col docItemCol_VOVn"><div class="theme-doc-version-banner alert alert--warning margin-bottom--md" role="alert"><div>This is documentation for <!-- -->zrok<!-- --> <b>0.4</b>, which is no longer actively maintained.</div><div class="margin-top--md">For up-to-date documentation, see the <b><a href="/docs/guides/vpn/">latest version</a></b> (<!-- -->1.1<!-- -->).</div></div><div class="docItemContainer_Djhp"><article><nav class="theme-doc-breadcrumbs breadcrumbsContainer_Z_bl" aria-label="Breadcrumbs"><ul class="breadcrumbs"><li class="breadcrumbs__item"><a aria-label="Home page" class="breadcrumbs__link" href="/"><svg viewBox="0 0 24 24" class="breadcrumbHomeIcon_YNFT"><path d="M10 19v-5h4v5c0 .55.45 1 1 1h3c.55 0 1-.45 1-1v-7h1.7c.46 0 .68-.57.33-.87L12.67 3.6c-.38-.34-.96-.34-1.34 0l-8.36 7.53c-.34.3-.13.87.33.87H5v7c0 .55.45 1 1 1h3c.55 0 1-.45 1-1z" fill="currentColor"></path></svg></a></li><li class="breadcrumbs__item"><a class="breadcrumbs__link" href="/docs/0.4/category/guides/"><span>Guides</span></a></li><li class="breadcrumbs__item breadcrumbs__item--active"><span class="breadcrumbs__link">VPN</span></li></ul></nav><span class="theme-doc-version-badge badge badge--secondary">Version: 0.4</span><div class="tocCollapsible_ETCw theme-doc-toc-mobile tocMobile_ITEo"><button type="button" class="clean-btn tocCollapsibleButton_TO0P">On this page</button></div><div class="theme-doc-markdown markdown"><header><h1>zrok VPN Guide</h1></header>
<p>zrok VPN backend allows for simple host-to-host VPN setup.</p>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="operating-system-requirements">Operating System Requirements<a href="#operating-system-requirements" class="hash-link" aria-label="Direct link to Operating System Requirements" title="Direct link to Operating System Requirements"></a></h2>
<p>zrok VPN requires elevated privileges to manage network devices.</p>
<h3 class="anchor anchorWithStickyNavbar_LWe7" id="windows">Windows<a href="#windows" class="hash-link" aria-label="Direct link to Windows" title="Direct link to Windows"></a></h3>
<p>On Windows, you must run zrok VPN commands as an administrator and install Wintun by placing <code>wintun.dll</code> (<a href="https://www.wintun.net/" target="_blank" rel="noopener noreferrer">download link</a>) in the same directory as the <code>zrok.exe</code> executable.</p>
<h3 class="anchor anchorWithStickyNavbar_LWe7" id="linux">Linux<a href="#linux" class="hash-link" aria-label="Direct link to Linux" title="Direct link to Linux"></a></h3>
<p>On Linux, the simplest way to grant the necessary privileges is to run zrok VPN commands as root. You can enable a separate environment for root by also running <code>zrok enable</code> as the root user, or you can prefix the commands like <code>sudo -E</code> to allow zrok running as root to use the zrok environment owned by the current user. The minimum privilege is runing zrok VPN commands and the <code>ip</code> command with the <code>NET_ADMIN</code> kernel capability. The <code>zrok-share.service</code> unit has a commented example to grant <code>NET_ADMIN</code> as an Ambient Capability.</p>
<h3 class="anchor anchorWithStickyNavbar_LWe7" id="macos">macOS<a href="#macos" class="hash-link" aria-label="Direct link to macOS" title="Direct link to macOS"></a></h3>
<p>On macOS, you must run zrok VPN commands as root. You can prefix the zrok command with <code>sudo -E</code> to allow zrok running as root to use the zrok environment owned by the current user.</p>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="start-the-vpn-server">Start the VPN Server<a href="#start-the-vpn-server" class="hash-link" aria-label="Direct link to Start the VPN Server" title="Direct link to Start the VPN Server"></a></h2>
<p>VPN is shared through the <code>vpn</code> backend of <code>zrok</code> command.</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@hermes $ sudo -E zrok share private --headless --backend-mode vpn</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.542] INFO sdk-golang/ziti.(*listenerManager).createSessionWithBackoff: {session token=[589d443c-f59d-4fc8-8c48-76609b7fb402]} new service session</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.705] INFO main.(*sharePrivateCommand).run: allow other to access your share with the following command:</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">zrok access private 3rq7torslq3n</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.705] INFO zrok/endpoints/vpn.(*Backend).Run: started</span><br></span></code></pre></div></div>
<p><img decoding="async" loading="lazy" alt="VPN share" src="/assets/images/vpn-share-077094eabd79a2e072ee4c40f8e0fd31.png" width="1626" height="1314" class="img_ev3q"></p>
<p><code>sudo</code> or equivalent invocation is required because VPN mode needs to create a virtual network device (<code>tun</code>)
<code>-E</code> option allows <code>zrok</code> to find your zrok configuration files (in your <code>$HOME/.zrok</code>)</p>
<p>By default <code>vpn</code> backend uses subnet <code>10.122.0.0/16</code> and assigns <code>10.122.0.1</code> to the host that stared VPN share.</p>
<p>Example output from <code>ifconfig</code>:</p>
<div class="language-text codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-text codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">tun0: flags=4305&lt;UP,POINTOPOINT,RUNNING,NOARP,MULTICAST&gt; mtu 16384</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> inet 10.122.0.1 netmask 255.255.0.0 destination 10.122.0.1</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> inet6 fe80::705f:24e4:dcfc:a6b2 prefixlen 64 scopeid 0x20&lt;link&gt;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> inet6 fd00:7a72:6f6b::1 prefixlen 64 scopeid 0x0&lt;global&gt;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> RX packets 0 bytes 0 (0.0 B)</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> RX errors 0 dropped 0 overruns 0 frame 0</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> TX packets 27 bytes 3236 (3.2 KB)</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span><br></span></code></pre></div></div>
<p>Default IP/subnet setting can be overridden by adding <code>&lt;target&gt;</code> parameter:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">sudo -E zrok share private --headless --backend-mode vpn 192.168.42.12/24</span><br></span></code></pre></div></div>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="reserve-a-vpn-share-token">Reserve a VPN Share Token<a href="#reserve-a-vpn-share-token" class="hash-link" aria-label="Direct link to Reserve a VPN Share Token" title="Direct link to Reserve a VPN Share Token"></a></h2>
<p>As with all backend modes, you can reserve a share token for a VPN share.</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@hermes $ zrok reserve private --backend-mode vpn</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.297] INFO main.(*reserveCommand).run: your reserved share token is &#x27;k77y2cl7jmjl&#x27;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@hermes $ sudo -E zrok share reserved k77y2cl7jmjl --headless</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.211] INFO main.(*shareReservedCommand).run: sharing target: &#x27;10.122.0.1/16&#x27;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.211] INFO main.(*shareReservedCommand).run: using existing backend target: 10.122.0.1/16</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.463] INFO sdk-golang/ziti.(*listenerManager).createSessionWithBackoff: {session token=[22c5708d-e2f2-41aa-a507-454055f8bfcc]} new service session</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.641] INFO main.(*shareReservedCommand).run: use this command to access your zrok share: &#x27;zrok access private k77y2cl7jmjl&#x27;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[</span><br></span></code></pre></div></div>
<h2 class="anchor anchorWithStickyNavbar_LWe7" id="access-the-vpn-share">Access the VPN Share<a href="#access-the-vpn-share" class="hash-link" aria-label="Direct link to Access the VPN Share" title="Direct link to Access the VPN Share"></a></h2>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@calculon % sudo -E zrok access private --headless k77y2cl7jmjl</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.201] INFO main.(*accessPrivateCommand).run: allocated frontend &#x27;50B5hloP1s1X&#x27;</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.662] INFO main.(*accessPrivateCommand).run: access the zrok share at the following endpoint: VPN:</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.662] INFO main.(*accessPrivateCommand).run: 10.122.0.1 -&gt; CONNECTED Welcome to zrok VPN</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">[ 0.662] INFO zrok/endpoints/vpn.(*Frontend).Run: connected:Welcome to zrok VPN</span><br></span></code></pre></div></div>
<p>zrok creates a virtual network device, i.e., a &quot;tun&quot; interface, when you run <code>zrok access</code>.</p>
<p>Example output from <code>ifconfig</code> run on a VPN client device:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">utun5: flags=8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1500</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> inet 10.122.0.3 --&gt; 10.122.0.1 netmask 0xff000000</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> inet6 fe80::ce08:faff:fe8a:7b25%utun5 prefixlen 64 scopeid 0x14</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> nd6 options=201&lt;PERFORMNUD,DAD&gt;</span><br></span></code></pre></div></div>
<p>At this point a VPN tunnel is active between your server and client.
In the example above server is <code>hermes(10.122.0.1)</code> and client is <code>calculon(10.122.0.3)</code>.
All devices in the VPN can access one another by IP address.</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@calculon ~ % ssh eugene@10.122.0.1</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">Welcome to Ubuntu 23.10 (GNU/Linux 6.5.0-27-generic x86_64)</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> * Documentation: https://help.ubuntu.com</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> * Management: https://landscape.canonical.com</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain"> * Support: https://ubuntu.com/pro</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">0 updates can be applied immediately.</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">Last login: Tue Apr 16 09:27:13 2024 from 127.0.0.1</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@hermes:~$ who am i</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene pts/8 2024-04-16 10:04 (10.122.0.3)</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@hermes:~$</span><br></span></code></pre></div></div>
<p>You can also make a reverse(server-to-client) connection:</p>
<div class="language-bash codeBlockContainer_Ckt0 theme-code-block" style="--prism-color:#F8F8F2;--prism-background-color:#282A36"><div class="codeBlockContent_QJqH"><pre tabindex="0" class="prism-code language-bash codeBlock_bY9V thin-scrollbar" style="color:#F8F8F2;background-color:#282A36"><code class="codeBlockLines_e6Vv"><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@hermes:~$ ssh 10.122.0.3</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">Last login: Tue Apr 16 09:57:28 2024</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain" style="display:inline-block"></span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene@calculon ~ % who am i</span><br></span><span class="token-line" style="color:#F8F8F2"><span class="token plain">eugene ttys008 Apr 16 10:06 (10.122.0.1)</span><br></span></code></pre></div></div></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col"><a href="https://github.com/openziti/zrok/blob/main/docs/versioned_docs/version-0.4/guides/vpn/vpn.md" target="_blank" rel="noopener noreferrer" class="theme-edit-this-page"><svg fill="currentColor" height="20" width="20" viewBox="0 0 40 40" class="iconEdit_Z9Sw" aria-hidden="true"><g><path d="m34.5 11.7l-3 3.1-6.3-6.3 3.1-3q0.5-0.5 1.2-0.5t1.1 0.5l3.9 3.9q0.5 0.4 0.5 1.1t-0.5 1.2z m-29.5 17.1l18.4-18.5 6.3 6.3-18.4 18.4h-6.3v-6.2z"></path></g></svg>Edit this page</a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/docs/0.4/guides/drives/"><div class="pagination-nav__sublabel">Previous</div><div class="pagination-nav__label">Drives</div></a><a class="pagination-nav__link pagination-nav__link--next" href="/docs/0.4/category/myzrok/"><div class="pagination-nav__sublabel">Next</div><div class="pagination-nav__label">myzrok</div></a></nav></div></div><div class="col col--3"><div class="tableOfContents_bqdL thin-scrollbar theme-doc-toc-desktop"><ul class="table-of-contents table-of-contents__left-border"><li><a href="#operating-system-requirements" class="table-of-contents__link toc-highlight">Operating System Requirements</a><ul><li><a href="#windows" class="table-of-contents__link toc-highlight">Windows</a></li><li><a href="#linux" class="table-of-contents__link toc-highlight">Linux</a></li><li><a href="#macos" class="table-of-contents__link toc-highlight">macOS</a></li></ul></li><li><a href="#start-the-vpn-server" class="table-of-contents__link toc-highlight">Start the VPN Server</a></li><li><a href="#reserve-a-vpn-share-token" class="table-of-contents__link toc-highlight">Reserve a VPN Share Token</a></li><li><a href="#access-the-vpn-share" class="table-of-contents__link toc-highlight">Access the VPN Share</a></li></ul></div></div></div></div></main></div></div></div><footer class="theme-layout-footer footer footer--dark"><div class="container container-fluid"><div class="footer__bottom text--center"><div class="footer__copyright">Copyright © 2025 <a href="https://netfoundry.io">NetFoundry Inc.</a></div></div></div></footer></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink