How to do peer-to-peer backups with ZeroTier VPN

This is not yet a guide - juts my experiences so far.

Warning 1: This is something I’m still testing, but I thought I’d share in case others might be playing with it as well. It is NOT a suggestion for how you should set up your system (yet). :slight_smile:

Warning 2: This is SUPER overkill for a backup destination. Doing this will essentially put all devices attached to your ZeroTier network literally on the same network. So if you and a friend both have your own home networks AND connect over ZeroTier, you are at best giving your friend access to your computer as if they were on your home network and at worst (depending on your configuration) giving them access to your entire home network! (Consider this - are you constantly having to clean your friends computer of viruses? Then maybe this isn’t the solution for you-and-them…)

As with any VPN solution, you should be aware of what you are allowing to access your network and consider setting up a firewall to limit access across the ZeroTier IP range to only the ports needed for backups, only in the directions, and/or only for appropriate apps (like Duplicati.server).

ZeroTier DOES have “flow rules” that can be configured to work like a firewall. For example, if you know you are only using your ZeroTier VPN for Duplicati backups using an SFTP connection you could set up a flow rule that says something like “drop the ethernet frames if they are not over port 22” (assuming you are using 22 as your SFTP port).

Of course, using their “flow rules” means you’re trusting them to be your firewall. If you do trust them, then great! If not, it couldn’t hurt to ALSO set up your local firewall with similar rules. :slight_smile:

One feature that people (including myself) seem to really like about CrashPlan is (was) the ability to back up directly between two computers even if they weren’t on the same network (ignoring “the cloud” completely).

While Duplicati does not (as of canary) have that functionality built in, it can be approximated with third-party VPN tools such as OpenVPN or the ZeroTier VPN,

I’ve played with ZeroTier a bit and found it exceedingly easy to work with (especially compared to OpenVPN). Basically, it will create a virtual network of your own that runs on top of your regular network. Since it’s virtual, any devices can join as long as they can get to the internet.

Note that currently ZeroTier is open source and it is free for up to 100 devices using ZeroTier Central as the service to get all your virtual devices talking to each other. If you don’t want to be “at the mercy” of a third party controller, you can even run your own DIY ZeroTier Controller.

Before you ask, no - this is NOT a VPN like one could use to mask your location and all traffic is NOT routed through it (unless you do more configuring). This will make it look like your machine is on two DIFFERENT networks - your regular one and the virtual ZeroTier one. And they should ABSOLUTELY HAVE DIFFERENT IP ADDRESS RANGES.

As a reminder, this is a rough draft work-in-progress so I’m starting with what I did - which was to:

  • install the ZeroTier Docker container on my unRAID box
  • create a free ZeroTier account on their web site @
  • create a network (which automatically assigned me a 16 character hex Network ID that looked something like 3f72959a04d7c77)
  • choose an IP address range (such as 10.147.17.* or 192.168.193.* - as long as it’s DIFFERENT from your current IP ranges). For now lets say I chose 192.168.2.*
  • that’s it - the network as been created!

Adding my Windows PC to the network was simple:

  • I downloaded the msi install file from ZeroTier | Download ZeroTier One (they also have Mac, iOS, Android, Linux DEB/RPM, QNAP, Synology, libzt, MyCloud, FreeBSD, and OpenWRT links!)
  • installed the app and told it to run which brought up a window which allowed me to create or join a network
  • I joined my existing network by entering the 3f72959a04d7c77 address assigned earlier
  • I logged back into and clicked on my network
  • I scrolled down to the “Members” section and click the “Auth?” box next to the new machine (and gave it a useful name while I was at it)
  • that’s it - my Windows PC could now connect to my unRAID by via the ZeroTier IP address!

Running Duplicati over this connection was as simple as:

  • setting up my backup job with a Destination storage type of “Local folder or drive”
  • selecting “Manually type path” and entering “\<share name><backup path>”. For example: \\\Backups\Duplicati\MyPC. Remember, I’m working on Windows so have built in SMB capabilities and use back-slashes - I suspect you could also use FTP, SFTP, etc. for whatever server happens to be running at your ZeroTier destination box
  • finish the job setup as normal

That’s pretty much it! The job runs as normal thinking it’s working over a standard SMB connection.

1 Like

thank you for the excellent post .
i was wondering if the experiment went well after your 2018 post . I want to replicate this and i have a lay user . appreciate it if you could advise

Wow, I was trying to find anything like that on the internet and finally found an experimental guide here. I don’t know if you’re still active on this forum but thank you for the information. And I also wonder if this trick is possible with other VPNs because I want to get something else instead of ZeroTier. Don’t say that this VPN is bad but sometimes there is a huge problem with connecting which is not really cool. That’s why I started to read various guides regarding the most usable VPNs today. For example, I found a very informative guide on which describes the positive and negative sides of popular products today. Hopefully, I will finally get a secure fast VPN.

As far as I’m concerned, I’ve been using Duplicati + ZeroTier successfully for over 1.5 years, in order to backup my parents’ data to my computer and vice versa (both PCs are running Windows).

We haven’t encountered any significant issues.

We usually call each other every 2-3 weeks, to make sure the other PC is going to be up for the entire duration of the backup, even though it’s relatively quick (10 to 20 minutes, typically).

I’ve just tested restoring a file from a backup today, and it worked perfectly.

I still recommend also backing up to a good old external HDD - not necessarily using Duplicati - in order to have an additional backup, that can be restored very quickly.

1 Like

Welcome to the forum @Seb_4506 and thanks for your input.
It’s great when people post what they’ve found, to help others.