Skip to main content
Skip to main content
🚧 Work in Progress

Using Zerops VPN

At Zerops, security is our core priority. We ensure everything stays within a private network with zero exposure to the internet. Unlike typical consumer VPNs that focus on changing your public IP address, our WireGuard VPN implementation is specifically designed to give you secure access to your project's services.

Prerequisites​

Before getting started, ensure you have:

  • WireGuard installed on your system
  • zCLI (serves as the WireGuard client)
  • A Zerops project with at least one service

Usage​

You can interact with services within your project and even establish SSH connection to your services after connecting to project through VPN.

Start VPN​

To start a VPN session:

zcli vpn up

Select your project when prompted.

Usage:
  zcli vpn up [projectId] [flags]

Flags:
      --auto-disconnect    Automatically disconnects existing VPN connections
      --help              Display help for the vpn up command
      --projectId string  Project ID for command execution (required for multiple projects)

To connect to a specific project without using the interactive mode, use the project ID from your Zerops dashboard:

zcli vpn up Evs8Je4NTvKeIkUqoUXp2w
Info

First-time zcli vpn up usage requires installing the Zerops VPN daemon. Confirm with y when prompted (administrator privileges may be required).

Upon connection, you'll have secure access to your project's private network with the following characteristics:

  • All services are accessible via their hostnames
  • Only one project connection is possible at a time (new connections automatically close existing ones)
  • The VPN daemon maintains connection stability with automatic reconnection
  • Environment variables are not available through VPN connections

Stop VPN​

To stop the VPN session:

zcli vpn down

Usage:
  zcli vpn down [flags]

Flags:
      --help   Display help for the vpn down command

How do we provide better security?​

We are using WireGuard under the hood for VPN to establish a secure tunnel connection to a private network of a Zerops project. This approach provides a safer connection compared to SSH.

Additionally, you won't need to add any passwords or IP addresses for SSH access. WireGuard is a free, lightweight, open-source software—technically a communication protocol—that utilizes cryptography.

It helps us create a secure tunnel that uses UDP for transmitting traffic. We use public/private key pairs for authorization.

Inside Zerops project runs a Wireguard server and zCLI (Zerops Command Line Interface) works as a Wireguard client which helps you to interact with your zerops project if you're authorized.

Previous
Zsc
Next
Troubleshooting
Docs theme & components by the amazing medusajs.com
© 2025 Zerops s.r.o..