Zerotier examples

memilanuk · January 9, 2022, 3:30am

So… just started getting my feet wet in the wonderful world of ‘overlay’ networks using Zerotier.

I’ve watched more than a few videos, including ones from Jay and Tom… and unless I’m missing something, they all seem to cover the same basic/generic stuff - create a private network, join one or more devices to that network, verify connectivity between said devices, log into device A from device B, done (obviously drastic oversimplification).

I’m not seeing much in the way of anything more involved, like actual walk-throughs of establishing network connectivity into a LAN from outside, or different scenarios with the rules engine. Yes, there are examples in the ZeroTier KB documents, both for routing between ZT and physical networks, and for bridging… but I’m not seeing anything more, for people having trouble (for whatever reason) with the provided examples.

Are there further resources out there that I’m missing?

hulxmash · January 9, 2022, 4:50pm

Sorry if I come across as ignorant, but I’m not sure what you are asking for. What exactly are you trying to accomplish? The “virtual local network” that is accomplished via the overlay network is pretty basic and very helpful for most scenarios. You have mentioned that you have found documentation for routing between ZT and physical networks and for bridging. I’m not sure what else you would need. Any clarification would be helpful.

If you are having trouble with any of the documentation you have found, please ask about the specifics. People around here are more than willing to help clarify things for you.

memilanuk · January 9, 2022, 5:22pm

Oh I definitely agree, the basic ability to connect easily between devices that are behind CGNAT on one end, and a generic home dynamic IP + firewall on the other, is awesome. To paraphrase Jay, it’s pretty much how I originally envisioned a VPN as working… until I found out what all was actually involved.

I’ve got that part working beautifully. What I’m after now is being able to route into a physical network, and reach devices that don’t have ZT installed. There are two possible solutions in the ZT KB… routing between ZT and physical LAN, and bridging between the two. The examples are somewhat simple… but in my case (routing between ZT and physical network) immediately killed the networking on the client that was supposed to be the ‘edge router’. Disabling the route in the ZT dashboard appeared to fix things, so I’m sure it’s something I misread/misunderstood and/or typo’d.

Just a bit surprised that there are probably 50 (at least) walk-thrus on YT on how to do the most basic connection between two devices, and not one (that I can find) on either of these use cases. The KB documentation is like ‘yep, that’s it, should work’. Not much else.

I recently put ZT on my proxmox box, so now I can access the webui of that device, which combined with Jay’s Proxmox series should keep me entertained for a long while.

hulxmash · January 9, 2022, 5:52pm

I did all of my “routing” through a reverse proxy. It’s helpful at least for web interfaces. I set up my zero tier address for public dns records to my internal services, so I can access them easily while I’m away from my LAN. It’s not really what you are asking for, I know, but it’s good solution as long as you are talking about web interfaces like the one on proxmox. As far as being able to bridge or route, I haven’t even thought of trying that before, so I haven’t got anything to point you to, that you probably haven’t found. Someone else may have some insight for you.

But thank you for this post. You’ve got me curious. Now I have to try setting this up myself. I’m going to follow this guide to set up a bridge and let you know if I find anything useful.

hulxmash · January 13, 2022, 10:11pm

So I did a little playing around with setting up a bridged network with zero tier and found it was surprisingly simple-ish. I created a new zero tier network using the guide I linked above. In zero tier central I deleted the managed route and added one that nearly matched my subnet. I used the CIDR subnet of /23 instead of /24 as per the guide. I changed the auto assign pool in zero tier to match my subnet using ip’s in a different range from the DHCP server in my LAN.

I used Ubuntu server 20.04 on a VM in proxmox as my network bridge. After installing and upgrading the vm, I installed zero tier and added it to the new ZT network I created. Before authorizing this member in ZT Central, I clicked the wrench icon by the new member, and checked the boxes for Allow Ethernet Bridging and Do Not Auto-Assign IPs. Then I authorized the connection.

The next step was to bridge the Networks on the VM. To do this I edited /etc/netplan/00-installer-config.yaml to this:

# This is the network config written by 'subiquity'
network:
  ethernets:
    ens18:
      dhcp4: false
    ztklhtyipy:
      dhcp4: false
  version: 2

  bridges:
    br0:
      dhcp4: true
      interfaces:
        - ens18
        - ztklhtyipy
      dhcp4: yes

In this file ens18 is my physical Ethernet interface and ztklhtyipy is the name of the Zero Tier interface. After saving the file I ran sudo netplan apply. This is when I had a little bit of a surprise. The IP address for the bridge changed, but to one from the IP pool of ZT. I expected the bridge would use an IP from my LAN DHCP server, since I have zero tier set to not auto-assign an ip. I haven’t figured out why this happened.

But after setting all this up, I joined the ZT network using my cell phone and on cellular data it’s like I’m connected to the local network. I can ping, ssh, and access all my web clients as if I’m directly connected to the LAN. It works pretty good from the little bit of testing I’ve done. Albeit quite a bit slower on cellular data. I hope this helps some.