Problems with setting up ZeroTier private subnet

My YunoHost server

Hardware: Raspberry Pi 4 (4gb) at home
YunoHost version: (stable)
I have access to my server : Through SSH | through the webadmin
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain: n.a
If your request is related to an app, specify its name and version: ZeroTier 1.10.6~ynh1

Description of my issue

Hello, once again dear ZeroTier Wizards,

I have either a question about how to set up my ZeroTier network + devices in order to access my e.g. Nextcloud subdomain (or at least ZeroTier-IP/Nextcloud) from my phone when not in LAN,


How to bypass the official guide from ZeroTier to be found here:

In the end after setting up port forwarding from the LAN member and modifying iptables it guides to install iptables-persistent.

However until execution this package does not like other yunohost packages as I have received following query:

The following additional packages will be installed:
The following packages will be REMOVED:
  yunohost yunohost-admin
The following NEW packages will be installed:
  iptables-persistent netfilter-persistent
WARNING: The following essential packages will be removed.
This should NOT be done unless you know exactly what you are doing!
0 upgraded, 2 newly installed, 2 to remove and 0 not upgraded.
Need to get 23.4 kB of archives.
After this operation, 13.5 MB disk space will be freed.
You are about to do something potentially harmful.
To continue type in the phrase 'Yes, do as I say!'

I have not been digging into the iptables-persistent manual as I think there is probably an easier solution to set up ZeroTier with Yunohost as I have intended.

Thanks in advance for all help,


This will never work in the context of YunoHost. Apps can only be accessed from a domain or subdomain.

Oh wow stop indeed, that’s too hacky for YunoHost.

Simple solution

If you only try to access Nextcloud from your local network, or from outside always via ZeroTier, then consider installing Nextcloud on a .local domain. .local domains are well broadcast through ZeroTier.

this would make it necessary to direct ZeroTier to the Yunohost’s DNS server right?

I am also fine with this however I was yet not able to make it work with the subdomains since the IP behind the subdomain is different in the Zerotier network? (Pardon my naivity if thats bullshit)

consider installing Nextcloud on a .local domain

wouldnt this corrupt my Yunohost web interface links? or at least mess with younohost DNS capabilities?

thanks again for your input.

Best Regards,

If only your server “knows” what’s its IP address and the domains and subdomains it uses, then yeah, it needs to become a DNS server for your VPN.

Nah indeed, we will need to tweak dnsmasq, cf. below, to be active on the ZeroTier interface and to return a different IP address for that interface.

Absolutely not, if you use your server like I described earlier you wouldn’t need DNS, since .local domains are broadcast via mDNS. The tiles would link to whatever.local, or nextcloud.local and the broadcast IP addresses would vary upon the network you are on. (our magic happens there)

Advanced solution

If you want to use a custom domain or subdomain, let’s make your server a DNS server for your ZeroTier clients.

  1. Check ZeroTier’s interface name and your server’s ZeroTier IP address with ip -br a. Mine are zt3jnskpna and, respectively
  2. Create a new file for dnsmasq: sudo nano /etc/dnsmasq.d/zerotier. Copy and alter accordingly the following. will be the domain onto which Nextcloud is installed on the server.

(cf. “interface-name” option in Man page 8 : dnsmasq)

Save and quit with CTRL+O then CTRL+X

  1. Restart dnsmasq: systemctl restart dnsmasq
  2. On your ZeroTier clients, setup Custom DNS with your server’s ZeroTier IP address I put an open resolver as secondary DNS server and left IPv6 ones empty.

Sorry for late reply, I did not find time to look into your guide.

Thanks for providing detailed instructions, I really appreciate the help here.

I tried at first the

Simple solution

however without the dnsmasq.d file it was not working.

Anyway using the Advanced solution you proposed I was able to connect to my nextcloud subdomain via ZeroTier. :star_struck:

I have tried it at first connecting my Android phone via the unofficial Zerotier client but I assume the allow DNS functionality is not included in this one (which is necessary, as mentioned in the ZeroTier knowledge base).

The official ZeroTier client (load via Aurora Store) allows this functionality and is therefore working.

The only thing I observed was that I have to disconnect and reconnect with the ZeroTier client once in a while when changing the “access method” to reach the Nextcloud subdomain.

As I have tested to reach my Nextcloud subdomain via my phone browser - I got to the Nextcloud login screen.
Then when I wanted to also configure the subdomain in the Nextcloud client the app gave me either “malfunctioned server” error or was not able to set up a connection.

Only a dis-/ reconnect resolved this and I was able to configure the Nextcloud client.

I do not know if this is an ZeroTier issue. But I am fine for now.

Many thanks to @tituspijean

Have a blessed day.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.