· Kalpa Madhushan · system administration · 5 min read

Bridging the Gap: Accessing Your Private Server Without a Public IP Using ZeroTier

Learn how to securely access a private server behind NAT without port forwarding using ZeroTier's virtual networking.

Learn how to securely access a private server behind NAT without port forwarding using ZeroTier's virtual networking.

Bridging the Gap: Accessing Your Private Server Without a Public IP Using ZeroTier

You’ve got a server humming along—maybe tucked away in your home office, a data closet, or inside a restrictive corporate network. It can reach the internet, but the internet can’t reach it.

Sound familiar?

This common scenario usually happens because of Network Address Translation (NAT) and the absence of a public IP address for your server. Without a public-facing address, external devices cannot initiate connections to it.

In this guide, you’ll learn how to securely access your private server from anywhere using ZeroTier, an incredibly powerful and easy-to-use virtual networking platform.

The Problem: The Unreachable Server

Imagine your server as a house behind a tall wall with no front door.

  • It can order pizza (make outbound internet connections).
  • But nobody can ring the doorbell (initiate inbound connections).

This happens because:

  • Your router performs NAT
  • Your server only has a private IP
  • You may not have permission to configure port forwarding

Traditional VPN solutions typically require opening ports on your router, which isn’t always possible or secure.

The Solution: ZeroTier — The Global Virtual Switch

ZeroTier creates a private encrypted network that spans the internet.

It makes devices appear as if they are connected to the same local Ethernet switch, regardless of their physical location.

Your:

  • Server
  • Laptop
  • Desktop
  • Phone

can all communicate securely over a virtual network.

ZeroTier achieves this by:

  • Bypassing NAT automatically
  • Traversing firewalls
  • Creating encrypted peer-to-peer tunnels between devices

Often no router configuration is required.

Why ZeroTier?

Here are a few reasons ZeroTier is extremely popular for remote access setups:

No Port Forwarding Required

You don’t need to modify router settings.

Firewall Friendly

ZeroTier often works even on restrictive networks that block traditional VPNs.

Secure

All network traffic is end-to-end encrypted.

Easy Setup

You can create and manage networks using a simple web dashboard.

Scalable

The free tier allows up to 25 connected devices.

Step-by-Step Setup Guide

Let’s connect your private server and remote device using ZeroTier.

Prerequisites

You will need:

  • A private server (Ubuntu 22.04 recommended)
  • A remote device (laptop, desktop, or phone)
  • Internet access on both devices

1. Create Your Virtual Network

Go to:

https://my.zerotier.com

Create a free account and log in.

Click:

Create a Network

You will see a 16-digit Network ID, for example:

83048a0632abcdef

Save this ID — you will need it later.

Next:

Scroll to Basics and ensure the following:

Access Control: Private

This ensures that devices must be manually approved before joining the network, which is important for security.

2. Install ZeroTier on Your Server (Ubuntu 22.04)

First, confirm your Ubuntu codename:

lsb_release -c

For Ubuntu 22.04 you should see:

Codename: jammy

Add the ZeroTier GPG Key

curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/main/doc/contact%40zerotier.com.gpg' | gpg --dearmor | sudo tee /usr/share/keyrings/zerotier-archive-keyring.gpg >/dev/null

Add the ZeroTier Repository

echo "deb [signed-by=/usr/share/keyrings/zerotier-archive-keyring.gpg] http://download.zerotier.com/debian/jammy jammy main" | sudo tee /etc/apt/sources.list.d/zerotier.list

Install ZeroTier

sudo apt update
sudo apt install zerotier-one

Enable the Service

sudo systemctl enable zerotier-one
sudo systemctl start zerotier-one

Join Your Network

Replace <YOUR_NETWORK_ID> with your network ID.

sudo zerotier-cli join <YOUR_NETWORK_ID>

If successful you should see:

200 join OK

3. Install ZeroTier on Your Laptop

Windows / macOS

  1. Download ZeroTier from:
https://www.zerotier.com/download
  1. Install the application
  2. Open it
  3. Click Join New Network
  4. Enter your Network ID

Linux

Follow the same installation steps used for the server.

Then run:

sudo zerotier-cli join <YOUR_NETWORK_ID>

4. Authorize Devices in ZeroTier Central

Now return to:

https://my.zerotier.com

Open your network.

Scroll to the Members section.

You should see both devices listed.

Check the box under:

Auth?

for:

  • Your server
  • Your laptop

Once authorized, ZeroTier will assign each device a Managed IP address, for example:

10.137.x.x

Take note of your server’s Managed IP.

5. Configure SSH on the Server

Your SSH daemon must listen on all network interfaces, including the ZeroTier interface.

Check current listening addresses:

sudo ss -tulpn | grep :22

If you see something like:

127.0.0.1:22

or

192.168.x.x:22

then SSH is not accessible through ZeroTier.

You want to see:

0.0.0.0:22

Edit SSH Configuration

sudo nano /etc/ssh/sshd_config

Find or add:

ListenAddress 0.0.0.0

Save the file and restart SSH:

sudo systemctl restart ssh

Verify again:

sudo ss -tulpn | grep :22

6. Connect via SSH

From your laptop terminal:

ssh <username>@<SERVER_MANAGED_IP>

Example:

ssh root@10.137.160.214

If everything is configured correctly, you should now be connected to your private server from anywhere in the world.

Security Best Practices

Now that remote access works, it’s important to secure your system.

Use SSH Key Authentication

Generate a key on your laptop:

ssh-keygen -t ed25519

Copy it to the server:

ssh-copy-id -i ~/.ssh/id_ed25519.pub <username>@<SERVER_MANAGED_IP>

Disable Password Authentication

Edit the SSH configuration:

sudo nano /etc/ssh/sshd_config

Set:

PasswordAuthentication no

Restart SSH:

sudo systemctl restart ssh

Keep Your ZeroTier Network Private

Always keep:

Access Control: Private

Never authorize unknown devices.

Limit Service Exposure

Only expose services that must be reachable through ZeroTier.

For example, keep databases bound to localhost:

127.0.0.1

unless another ZeroTier device must access them.

Keep Systems Updated

Regularly update your system:

sudo apt update && sudo apt upgrade

ZeroTier Behavior and Considerations

No Impact on Your Local Network

ZeroTier creates a virtual network interface that runs alongside your physical network.

Your local LAN configuration remains untouched.

Low Resource Usage

ZeroTier uses very little:

  • CPU
  • Memory
  • Battery

Split Tunneling

By default, ZeroTier only routes traffic destined for other ZeroTier devices.

Your normal internet traffic continues through your standard connection.

Performance

Most connections will establish direct peer-to-peer tunnels, giving excellent speed and latency.

If a direct connection cannot be established, traffic may relay through ZeroTier servers, which can slightly reduce speed.

Conclusion

ZeroTier provides an incredibly simple and secure way to access private infrastructure without exposing ports or requiring a public IP.

With just a few minutes of setup, you can:

  • Connect to servers behind NAT
  • Manage remote systems securely
  • Build private virtual networks across the internet

It delivers the flexibility of a public IP without the security risks or networking complexity.

Happy tunneling! 🚀

Share:
Back to Blog

Related Posts

View All Posts »