ZeroTier w/ Digital Loggers Web Power Switch
Disclaimer: This guide is for informational purposes only. I am not responsible for any damage to your equipment that may result from performing these steps. I also will not provide technical support for ZeroTier or Digital Logger devices. I’ve performed this procedure on a number of units with no issue. If you follow the steps and it doesn’t work it’s not likely I’ll be able to solve your issue and I will not try.
The Digital Loggers Web Power Switch is one of if not THE go to choice for web enabled power switches. You’ll find them in remote observatories and server closets all across the globe. They are jam packed with features many of which frankly aren’t very relevant to operation in a remote observatory. Features aside what makes the DL so trusted is its reputation for reliability. And when operating a remote telescope the reliability of your equipment is of the highest importance. Different observatories all have different network topologies but no matter where you are hosting the need to be able to access the web switch directly in a secure manner exists.
There are a few different ways one can securely access their web switch remotely. You or the observatory can set up a client to server VPN and through that server, create a tunnel that provides access your LAN and web switch. This is a fine option given that free and open source VPNs like OpenVPN exists. The downside of this option is that it requires an OpenVPN server to be running on site on either observatory equipment or your own router. Depending on where you’re hosting this may not be an ideal solution.
This is where mesh networks such as ZeroTier come into play. As mentioned above, a client to server VPN uses a server to create a tunnel which a client (your local device) use to securely connect to a remote LAN. All traffic between the LAN and the remote device must pass through the VPN server and the quality of the connection heavily relies on the performance of the server.
ZeroTier on the other hand uses a server on the network called a “node” to create an encrypted peer to peer connection between the 2 end devices letting them communicate directly. This cuts out the need to route all traffic though a static VPN server. Did your imaging PC freeze, shut down, or is otherwise unreachable? No problem simply connect to ZeroTier on your local device of choice and log directly into your web switch to power cycle the PC or any other equipment plugged into the web switch.
In this post I will walk you through the steps for setting up ZeroTier and installing it on the web switch. This guide assumes that you have already configured your power switch to access the internet by enabling DHCP and setting your DNS server(s). This can be done on the unit itself. Consult the Digital Loggers manual.
Setting Up ZeroTier
First we will need to head over to https://my.zerotier.com/
Click LOG IN / SIGN UP
Click Sign Up under “New User?”
Complete the sign up steps and log in
Once logged click Create A Network. Your new network will show up in the box below. You will notice that there is a string of numbers and letters under NETWORK ID. This is important and you’ll need it later on in the configuration. You can always find it by logging into the ZeroTier web console.
Now click the newly created network.
Under basic settings give your network a name. This name doesn’t matter beyond letting you distinguish different networks on your ZeroTier account.
Access Control should be set to Private.
Under IPv4 Auto-Assign you select what subnet you want ZeroTier to assign the devices that connect to the network. It’s unlikely that any of these subnets are being used on your LAN but make sure whatever you choose isn’t the same as your LAN to prevent IP conflicts.
Now scroll down to Members. It will say “No devices have joined this network yet”. We’re done with the ZeroTier web console for now but don’t close it yet, we will be back.
Setting Up Web Switch
Connect your web switch to your home network via either ethernet or WIFI. I recommend ethernet if possible. Once the switch is connected You can obtain the IP address of the web switch by navigating to the network info on the switch itself or by logging into your router and checking connected devices.
Once you have the IP address of the web switch go back to the web browser of your PC and enter that IP into the web browser. It should bring you to the login screen of the web switch. Use the default credentials to log in.
First scroll down to Administrator credentials. Here you will change the login and password for the web switch. Once done hit Submit. The switch should boot you out so that you can log in with the newly created credentials.
Scroll down to General Network Settings. Make the following changes:
Hostname: The name the web switch will have on the network. What it will show as to other devices.
Enable SSH Server: CHECKED.
Same subnet access only: UNCHECKED.
Hit the SUBMIT button below when done.
Scroll down to WiFi Configuration. If you’re connected to ethernet and don’t plan on running WiFi (which you shouldn’t) make sure WiFi module enable is UNCHECKED.
We are done with the web switch console for now. Time to head into command line via SSH. For this we will need an SSH client. Go ahead and download the free PuTTY application on you PC.
Once opened you will be presented with this little window. Type in the IP address of your web switch into the Host Name (or IP address) field and hit open.
You’ll be presented with a black window prompting you to log in. User the credentials you created for the web switch earlier. It is normal to not see any characters when typing in the password.
Once you’re in you will be in the root directory of the web switch and ready to enter the commands necessary to install ZeroTier onto the switch. Since I’ve already done this on mine there wont be a ton of screenshots when going through the commands. Follow the steps to the letter and you’ll be fine.
All of the following commands are to be typed in the SSH terminal using the ENTER keyboard.
cd /tmp
Moves you from the root directory into the temp directory
opkg update
Tells the package manager (opkg) to grab the latest updates, dependencies, and other information for all your installed packages.
opkg install zerotier
Installs the ZeroTier package
cd
Takes you back to the root directory
zerotier-one -d
Starts the ZeroTier service
zerotier-cli join <Network ID>
Tells the web switch to join your zerotier network ID found in your ZT web console. DO NOT include the < > with the network ID.
Now head back over to the ZT web console and scroll down to Members. Under Display Filter make sure Not Authorized is CHECKED.
You should see a new device with red dots that is UNCHECKED in the Auth? column. This is your web switch waiting to be authorized to the ZT network. Check the box under Auth.
The red dotted line will turn solid green
An IP address will appear under Managed IPs. This is the devices ZT IP
An IP address will appear under Physical IP. This is the actual IP address of the web switch.
Now we need to go back to our SSH terminal to verify the connection.
zerotier-cli info
Displays the web switch’s device ID, ZT version installed, and status of the switch on the network. The status should read “ONLINE”
Now we need to test remote connectivity to the web switch using a mobile device such as your smartphone. Go into your app store and download the ZeroTier app. Sign in and join your network. Don’t forget to authorize the device in your ZT web console. Turn off WiFi so that your phone is on the cellular network. This will simulate the 2 devices being in different locations and communicating through the internet.
Go into the settings and make sure Allow mobile data is enabled. Exit the settings page.
Click on your network and go to the configuration tab. Make sure Network DNS is selected.
Exit the settings and connect to your ZT network.
Once connected to ZT open your web browser and type the ZT IP address of your web switch. You may get a warning that your connection isn’t private. This is because the switch is forcing the connection to go through HTTPS without having certificates. Proceed as normal and you’ll be presented with the login screen to the web switch. You have successfully connected to your web switch remotely via ZeroTier. Pat yourself on the back!
You may log out on your phone now. But we aren’t finished just yet.
Now we need to edit the ZeroTier config file on the web switch so that the service runs automatically should the switch lose power or otherwise be rebooted.
Head back to the SSH terminal and type the following:
vi /etc/config/zerotier
Opens up the ZeroTier config file in the vi text editor.
Press the “i” key on your keyboard
Puts vi into edit mode.
Using the arrow keys on the keyboard locate and make the following changes:
option enable ‘0’ — Change the 0 to be 1
list join ‘‘ — enter your ZeroTier network ID
Press the “ESC” key on your keyboard to exit edit mode and get back into command mode
Type :wq and press enter
Writes the changes to the config file, saves the config file, exits the vi text editor
Close the SSH terminal
You may find that after a reboot of the web switch it’s no longer reachable via its ZeroTier IP address. If you log into your ZeroTier web console you will find a new device waiting for authorization. This is your web switch. I’m not sure why but this seems to happen regularly following the first reboot of the web switch post ZeroTier setup. It should only happen one time though. After authorizing the new device ID and deleting the old on in the web console the new ID should persist across all future reboots.