Private networking, honestly reviewed. Self-host the controller, skip the third-party dependency.

TL;DR

What it is: A web dashboard for managing a self-hosted ZeroTier network controller — the UI layer for the thing ZeroTier Central does in the cloud, but running entirely on your own server [README].
Who it’s for: Home lab operators, dev teams, and technically-inclined founders who use ZeroTier for private networking and don’t want ZeroTier Inc. holding the keys to their network controller.
Cost savings: ZeroTier Central’s paid plans scale with device counts. ZTNET on a $5–10/mo VPS gives you the same controller capabilities with no per-device ceiling. Specific ZeroTier Central pricing is not documented in sources reviewed — check https://www.zerotier.com/pricing before doing the math.
Key strength: Multi-user and organization support that makes managing team networks practical, plus a REST API for automation — features ZeroTier’s own dashboard doesn’t provide [README].
Key weakness: Explicitly beta software, GPL-3.0 licensed, 1,101 GitHub stars, minimal documentation, and single-maintainer risk. Not ready for infrastructure you can’t afford to debug on a Saturday night.

What is ZTNET

ZeroTier is a software-defined networking tool that creates a virtual network “switch” spanning any geography. You install a client on each device, and those devices behave as if they’re on the same local Ethernet segment — regardless of physical location. It works at two layers: VL1 handles peer-to-peer transport between devices, and VL2 emulates an Ethernet layer so applications see what looks like a regular LAN [2].

Unlike Tailscale, which is built on WireGuard and routes initial connections through Tailscale’s servers, ZeroTier lets you self-host both the network controller (which tracks device memberships and routing) and the root servers that handle initial handshakes before direct peer connections are established [2]. That self-hosting capability is the entire premise of ZTNET.

ZeroTier’s controller daemon ships without a web UI — you manage it through a JSON API. ZTNET wraps that API in a web application, adding visual network management, multi-user accounts, organization-level grouping, and a REST API on top [README]. The project is maintained primarily by a single author (sinamics), licensed under GPL-3.0, and sits at 1,101 GitHub stars. The README includes a prominent beta disclaimer that should not be read as false modesty.

Why people choose it

The case for ZTNET collapses to one question: do you want a third party controlling access to your private network infrastructure?

ZeroTier Central, the official hosted controller service, works well and requires no server maintenance. The trade-off is that ZeroTier Inc. holds the network policy that governs which of your devices can communicate. For a personal home lab, that’s an acceptable dependency. For a business routing dev servers, databases, and internal tooling through private networking, that’s a company-level single point of failure you’re choosing to take on [2].

Self-hosting the ZeroTier controller via ZTNET removes that dependency entirely. Network membership rules, device authorizations, and IP assignments live on your infrastructure. ZeroTier’s peer-to-peer protocol still handles actual data transfer between devices — ZTNET manages the controller policy layer [2].

The second motivation is cost at scale. ZeroTier Central’s free tier has device limits. Once you’re running your own controller, device count doesn’t change your monthly bill. For teams running 20–50 devices across remote locations, the crossover math favors self-hosting.

The third reason is the UI itself. Managing a raw ZeroTier controller through JSON API calls is not something most people want to do repeatedly. ZTNET provides a web dashboard that makes network and member management accessible without a terminal [README].

Features

Based on the GitHub README and documentation site:

Network management:

Create and manage ZeroTier networks through a web UI [README]
Authorize and deauthorize network members (devices) visually [README]
Configure IP ranges, routing, and network settings [README]

Multi-user and organizations:

Multiple user accounts with separate access levels [README]
Organization support for team-based network management — the specific feature differentiating ZTNET from simpler ZeroTier UIs [README]
Platform-level admin views for users and controller status [README]

Infrastructure:

Docker and Docker Compose deployment [README]
REST API for programmatic control [README]
Mail configuration for user management workflows [README]
Admin controller visibility and management [README]

What’s absent: No built-in network traffic monitoring or alerting, no LDAP or SSO integration documented, no audit logs, and the documentation site has minimal content beyond installation steps. The feature surface is focused specifically on controller management — it doesn’t try to be a full network observability platform.

Pricing: SaaS vs self-hosted math

ZeroTier Central (managed service): Specific current pricing tiers are not documented in the sources reviewed. ZeroTier Central offers a free tier with device count limits and paid plans that scale with devices. Check https://www.zerotier.com/pricing directly before making a cost comparison — data not available here to give you an accurate number.

ZTNET self-hosted:

Software cost: $0 (GPL-3.0) [README]
VPS to run it: $5–10/month on Hetzner, Contabo, or similar (1–2 GB RAM is workable for small networks)
ZeroTier controller daemon: included, runs alongside ZTNET in the Docker Compose stack
Optional: domain and reverse proxy for HTTPS access to the admin UI

Where self-hosting wins: The compelling argument isn’t the software cost — ZeroTier Central has a free tier too. It’s that once you control your own controller, device count becomes irrelevant to your bill. A team that’s growing past ZeroTier Central’s free tier ceiling and adding devices regularly will hit a clear crossover point where the VPS cost beats the managed service cost by a meaningful margin.

Deployment reality check

ZTNET deploys via Docker Compose. The documentation site at ztnet.network lists Docker Compose as the primary installation path.

What the stack includes:

ZTNET web application (Next.js)
PostgreSQL database
ZeroTier controller daemon
Redis for session management

What you actually need:

Linux VPS or home server with Docker installed
1–2 GB RAM minimum
Publicly reachable IP if you need remote access to the admin UI
Optionally: a domain and reverse proxy (Caddy or nginx) for HTTPS

What can go sideways:

The beta disclaimer in the README is explicit: “it is provided ‘as is’ without any warranties or guarantees of any kind. As this is a beta release, you may encounter bugs or unexpected behavior.” That’s the kind of language that means what it says.

The documentation site renders minimal body content — the homepage has navigation links and little else. Troubleshooting will mean reading GitHub issues and the project’s Discord server, not official runbooks.

Single-maintainer projects at 1,101 stars carry real bus-factor risk. ZTNET is not backed by a company. If the maintainer deprioritizes the project, forward momentum depends on the community or a fork. GPL-3.0 makes forking legally clean, which is something.

Realistic time estimates: A technical user following the Docker Compose documentation: 1–2 hours to a working instance. A non-technical founder with Docker familiarity but no Linux admin background: budget a full afternoon. Without any Linux server experience: find someone to deploy it for you, or use ZeroTier Central.

Pros and Cons

Pros

Actual control over your network policy. No third-party company can revoke or modify access to your ZeroTier controller. Your device authorization rules are yours [2][README].
Multi-user and organization support. This is the real differentiator from simpler ZeroTier UI alternatives — ZTNET was built from the start for team environments [README].
REST API. Programmatic control means ZTNET fits into infrastructure-as-code workflows and scripted provisioning [README].
No per-device scaling costs. Self-hosting removes any ceiling that managed services impose as your device count grows.
GPL-3.0. Auditable, forkable, and fully open. You can inspect exactly what it does with your network configuration data.
Active Docker Hub presence. Pull counts indicate real deployment activity beyond the star count.

Cons

Explicitly beta. The software disclaimer is not modesty. Run a fallback plan if this is production networking for your business.
GPL-3.0 copyleft. If you’re embedding ZTNET into a commercial product you distribute, the GPL requires opening that product’s source. Not relevant for internal use; important if you’re packaging it for clients.
Minimal documentation. The official docs site is thin. Expect GitHub issue archaeology for edge cases.
Single-maintainer risk. No company, no commercial support tier, no SLA. The project’s continuity depends on one person’s availability.
No SSO or LDAP. User accounts are local to ZTNET. No integration with an existing identity provider is documented.
Almost no independent review coverage. The sources available for this review don’t contain third-party production assessments of ZTNET at scale — which is itself a signal about the project’s maturity and adoption.
Small community. 1,101 stars is a niche project within a niche category. Compare to ZeroTierOne itself at 12K+ stars for a sense of scale.

Who should use this / who shouldn’t

Use ZTNET if:

You’re already using ZeroTier and hitting ZeroTier Central’s device limits or cost ceiling.
You’re running a home lab or small dev team that needs visual management of a self-hosted ZeroTier controller.
You have policy or compliance reasons to keep network control data entirely on-premise.
You’re comfortable with Docker, can tolerate beta software, and have the appetite to troubleshoot via GitHub issues when something breaks.

Skip it if:

You’re not already committed to ZeroTier as your networking protocol. If you’re starting fresh, evaluate ZeroTier vs WireGuard-based tools first — ZTNET is useful only if ZeroTier wins that comparison for your use case.
You need enterprise features: SSO, audit logs, SLA-backed support. None of those exist here.
Your network going down for a few hours while you debug an undocumented Docker issue is unacceptable.
ZeroTier Central’s free tier covers your device count. Zero cost versus zero cost — pick the one with real support documentation.

Alternatives worth considering

Headscale — the self-hosted control server for Tailscale networks. More mature project (8K+ stars), significantly better documented, active community. The trade-off is you’re on Tailscale’s client ecosystem rather than ZeroTier’s [2].

ZeroUI — another open-source web UI for ZeroTier controllers. Smaller and less actively developed than ZTNET, but worth checking if you want to compare maturity signals before committing.

ZeroTier Central — the official managed controller. No server to maintain, actual support, but a third party holds your network policy and pricing scales with devices.

Tailscale + Headscale — if self-hosted network control is the goal and you’re not ZeroTier-committed, this combination has more community momentum and documentation than the ZeroTier/ZTNET path [2].

NetBird — newer open-source private networking built on WireGuard with a self-hosted management console. Different protocol and deployment model; potentially simpler initial setup than standing up a full ZeroTier controller stack.

Netmaker — WireGuard-based private network manager with a web UI. More production-tested than ZTNET, larger community, though it has had its own historical issues with licensing model changes.

The honest shortcut: ZTNET is specifically valuable to people who have already chosen ZeroTier as their protocol and want to self-host the controller with a usable interface. If you’re making the protocol choice fresh, compare ZeroTier itself against WireGuard-based tools before selecting ZTNET.

Bottom line

ZTNET fills a genuine gap. ZeroTier is a solid private networking tool, but managing a self-hosted controller through raw JSON API calls is painful, and ZeroTier Central means trusting a third party with your network access policy. ZTNET gives you a web interface that makes self-hosting practical — with multi-user support and a REST API that ZeroTier’s own interface doesn’t offer.

The caveats are real: beta software with minimal documentation, single-maintainer continuity risk, and almost no independent production reviews to draw on. If your private network is load-bearing for a business and you can’t afford debugging time on short notice, ZTNET isn’t ready for that role yet. If you’re a technical founder or home lab operator who wants control over your private networking stack, can handle Docker, and is comfortable with the rougher edges of a community project, ZTNET delivers what the README promises.

Sources

selfh.st — This Week in Self-Hosted (24 May 2024). https://selfh.st/weekly/2024-05-24/ (weekly digest; does not contain ZTNET-specific coverage)
Joe Rice-Jones, XDA Developers — “5 reasons ZeroTier is the best Tailscale alternative for your home lab” (Mar 18, 2025). https://www.xda-developers.com/why-zerotier-is-the-best-tailscale-alternative-for-your-home-lab/

Primary sources:

GitHub repository and README: https://github.com/sinamics/ztnet (1,101 stars, GPL-3.0)
Official documentation: https://ztnet.network
Docker Hub: https://hub.docker.com/r/sinamics/ztnet

Features

Integrations & APIs

REST API

Related Networking & VPN Tools

View all 99 →

Caddy

71K

A fast, extensible web server with automatic HTTPS — zero-config TLS certificates for every site, built-in reverse proxy, and a simple Caddyfile config format.

networking Apache-2.0

Traefik

62K

Cloud-native application proxy and ingress controller that auto-discovers services and handles TLS certificates, load balancing, and routing with zero manual configuration.

networking MIT