Due to christmas parties, son's license driver examination and other familly stuff... not much time to diff into the ZeroTier documentation in depth.
Here is my first draft diagram:
It will contain most probably errors, will be incomplete, and so on...
But at least then we have something to discuss about.
The red part is the port forwarding which we should avoid.
Some things that are unclear to me:
-
The browser in the LAN on the windows portable (black dotted lines). Should it go directly to my Node-RED running on the Raspberry (so no ZeroTier One agent on the portable), or should it go via a ZeroThier agent via the virtual network (via a ZeroTier One agent on the portable)?
-
As I already asked above in this discussion, the Google cloud platfrom requires a callback url (containing port 3001) to access the endpoint of node-red-contrib-google-smarthome node to send voice commands from a Google Home. Can this be setup via the ZeroTier virtual network, so without port forwarding of port 3001?
-
Which rules could be usefull (for most users) to specify in the ZeroTier controller?
-
Which ip addresses should be whitelisted in Node-RED? I am not sure which IP address would arrive in the Node-RED httpMiddleware if the ZeroTier agent acesses Node-RED: I assume the LAN ip address and not the ip address from the devices in the virtual network. Because I 'assume' it would be good that Node-RED only allows in this setup to only allow http requests from the virtual ip addresses from the virtual network?
-
@smcgann99 : do you mean traffic via their root servers? And which traffic goes via their servers as last resort, and if what fails?
