diff --git a/zerotier-one/20-zerotier.sh b/zerotier-one/20-zerotier.sh
new file mode 100755
index 0000000..d917ac7
--- /dev/null
+++ b/zerotier-one/20-zerotier.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+CONTAINER=zerotier-one
+# Starts a wireguard container that is deleted after it is stopped.
+# All configs stored in /mnt/data/wireguard
+if podman container exists ${CONTAINER}; then
+  podman start ${CONTAINER}
+else
+  podman run --device=/dev/net/tun --net=host --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --cap-add=CAP_SYS_RAWIO -v /mnt/data/zerotier-one:/var/lib/zerotier-one --name zerotier-one -d bltavares/zerotier
+fi
+
diff --git a/zerotier-one/README.md b/zerotier-one/README.md
new file mode 100644
index 0000000..3f96b5e
--- /dev/null
+++ b/zerotier-one/README.md
@@ -0,0 +1,25 @@
+# Run ZeroTier VPN on your UDM
+
+## Install
+1. Copy 20-zerotier.sh to /mnt/data/on_boot.d
+2. Create directories for persistent Zerotier configuration
+
+   ```
+   mkdir -p /mnt/data/zerotier-one
+   ```
+3. Start the zeriotier container
+   ```
+   podman run -d \
+   --name zerotier-one \
+   --device=/dev/net/tun \
+   --net=host \
+   --cap-add=NET_ADMIN \
+   --cap-add=SYS_ADMIN \
+   --cap-add=CAP_SYS_RAWIO \
+   -v /mnt/data/zerotier-one:/var/lib/zerotier-one \
+   bltavares/zerotier
+   ```
+4. Join your zerotier network
+   ```
+   podman exec zerotier-one zerotier-cli join <your network id>
+   ```