ZeroTier One on OctoPi?

Has anybody been able to get ZeroTier working?

ZeroTier One seems to install okay, via the Linux "brave" method given here:, but won't start (via sudo zerotier-one -d) because it throws a "fatal error: cannot bind to local control interface port".

OctoPrint version: 1.3.8
OctoPi version: 0.15.1
Pi Hardware: 3B

What does this indicate?

zerotier-cli info

zerotier-one info
zerotier-cli: missing authentication token and authtoken.secret not found (or readable) in /var/lib/zerotier-one

ls /var/lib/zerotier-one
shows it contains these files

  • authtoken.secret
  • identity.secret
  • zerotier-cli
  • controller.d
  • peers.d
  • zerotier-idtool
  • zerotier-one.port
  • identity.public
  • planet
  • zerotier-one

authtoken.secret requires sudo privileges to read (sudo cat authtoken.secret). Maybe it's a permissions problem. But I'm not sure how to fix it.

This might be pertinent but I really have never worked with this software before. (Do an ls -al in that folder and look for any hidden files as well.)

Running from /var/lib/zertier-one seems to work. Like this:

cd /var/lib/zerotier-one
sudo zerotier-one -d
zerotier-one info

It returns:
200 info [censored] 1.2.8 ONLINE

And yet, it looks like the CLI side of this needs one of the following:

  1. a file to be created
  2. the rights to be adjusted on an existing file
  3. ownership of an existing file to be adjusted

sudo ls -al /var/lib/zerotier-one

If I were to wildly guess at "the fix", it might be to do the following:

sudo cat /var/lib/zerotier-one/authtoken.secret >>/var/lib/zerotier-one/.zeroTierOneAuthToken
sudo chmod 0600 /var/lib/zerotier-one/.zeroTierOneAuthToken
sudo chown pi:pi /var/lib/zerotier-one/.zeroTierOneAuthToken

Here's a procedure that ended up working for me:

Start ZeroTier (ZT) with these two:

cd /var/lib/zerotier-one
sudo zerotier-cli -d

Successful output is: 200 info [Device ID] [version] ONLINE

If you don’t already have a ZT network, create one at Then, over to the Pi to join your network:

 sudo zerotier-cli join [Network ID]

Successful output is: 200 join OK

Now, back to the ZeroTier web control panel, networks tab, select your network, and scroll down to the Members section. The Pi should appear as a new device, which you can authorize to access the network by checking the box in the Authorize column.

On the Pi, check that the network connection is successful:

sudo zerotier-cli listnetworks

A good connection gives output: 200 listnetworks [Network ID]... OK PRIVATE ...

Configure the system to run ZeroTier at boot:

sudo systemctl enable zerotier-one

Set up ZeroTier to join the network at startup:

sudo touch /var/lib/zerotier-one/networks.d/[Network ID].conf

Reboot the Pi and verify it connected to the network:

sudo zerotier-cli listnetworks

If connected, the output is: 200 listnetworks [Network ID]... OK PRIVATE ...

All done. Now you should be able to join that ZT network with any other device anywhere in the world and access OctoPi as though it were on the local network. The zerotier web control panel will show the Pi's IP address, but octopi.local should also work.

Thanks for digging in. I'll test this if the below solution doesn't work out.

If I were you, I think I'd add an issue to their github (suggesting a change to the install script, to the documentation or to the daemon itself).

Seems like a OctoPi issue. The procedure above works fine (i.e. running from ~ rather than first cd /var/lib/zerotier-one) on a plain vanilla Raspian, installation.

I'd disagree. Upon attempting to start the service side of this, it didn't try looking for its own files in the executable's directory. That doesn't sound like anything that Raspbian nor OctoPrint/OctoPi controls.


cd ~
sudo zerotier-one -d


cd /var/lib/zerotier-one
sudo zerotier-one -d

I agree with @OutsourcedGuru, this sounds like it's simply not properly switching its working directory and then falling on its face.

Yes, when you put it that way it makes sense. Filed an issue:

1 Like


zerotier-one starts in the home directory that is passed to it. If you don't pass supply one, it defaults to /var /lib/zerotier-one

After some pondering, I think what's happening is:
The installer started the service (systemd) so it's already running in /var/lib/zerotier-one. The identity files don't exist until the first run.

doing zerotier-one without any args is trying to start it on the default port in the default home, so it can't start (port in use)

I tried doing zerotier-one -p12345 and that does seem to start another instance in /var/lib/zerotier-one, but on a different port, which is weird...

side note: authtoken.secret is owned by root, so zerotier-cli needs to be root/sudo to use it. On mac and windows, it gets copied to somewhere in the user's home, so the UI app can use it; Not sure if there's a way to do that on linux, but you can pass the token to zerotier-cli via -T.

It's cool that you're trying this!

:laugh: So create a script called zerotier-two which changes to the correct folder then runs zerotier-one. Just make sure it's in your path and marked a+x.

Hello again,
FYI: My installation has been stable over the past few days. It seems like one of these several workaround is needed, but once it's up it's up.
@laduke: Thanks for responding here at at the ZT forum!

Hey Sorry to reignite this but i cant find much info anywhere else for octopi and zerotier.
@jeffstreet have you still got it up and running

I installed Zerotier on the OctoPi and the server stop being able to reach the internet.
My solution was the following:

  1. Open the octoprint.service unit file:
sudo nano /etc/systemd/system/octoprint.service
  1. In the [Unit] section of the file, add the following line:

This ensures that octoprint.service will start only after zerotier-one.service has started.

  1. Save the file and exit the editor.
  2. Reload the systemd daemon to apply the changes:
sudo systemctl daemon-reload
  1. Restart the octoprint.service:
sudo systemctl restart octoprint.service

Now, whenever your system boots up, the zerotier-one service will start first, followed by the octoprint.service.

1 Like