tapodufeu Posted November 15, 2020 Share Posted November 15, 2020 On the server 10.10.10.10, those routes already exist Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default GEN8 0.0.0.0 UG 0 0 0 br0 10.10.10.0 0.0.0.0 255.255.255.128 U 0 0 0 shim-br0 10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 10.10.10.128 0.0.0.0 255.255.255.128 U 0 0 0 shim-br0 10.10.20.0 Tower-2.local 255.255.255.0 UG 0 0 0 ztmjfbsomh 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-853fe7d63fa3 172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-312be3d41a1c 192.168.191.0 0.0.0.0 255.255.255.0 U 0 0 0 ztmjfbsomh So we can see that the route to 10.10.20;x exist, and the route to 192.168.191.x. Flasg G for gateway on 10.10.20.x means to redirect ip packets to the interface of zerotier on 10.10.20.10: root@Tower:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default livebox.home 0.0.0.0 UG 0 0 0 br0 10.10.10.0 Tower.local 255.255.255.0 UG 0 0 0 ztmjfbsomh 10.10.20.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-83a6ea76a1ec 192.168.191.0 0.0.0.0 255.255.255.0 U 0 0 0 ztmjfbsomh AFAIK, it looks good on that part. I am not sure at about masquerading too. If I remind well my telco studies (and I am an telco engineer but never worked in telco )...it should not be required. Quote Link to comment
Ford Prefect Posted November 15, 2020 Share Posted November 15, 2020 (edited) What IP is "Tower-2.local", can you issue the route command with "-n" parameter, please? Your default route is your local WAN router, "livebox.home". Is this device also handing out IP via DHCP for other clients in 10.10.10.0/255.255.255.128 and 10.10.10.128/255.255.255.128? Even if routes exist on your unraid servers, in order to connect a complete network, each client needs to know the route to 10.10.20.x and 192.168.191.x ... as they do not, they use their default gw, which is livebox.home....is it not? Network #1: WAN Router, local IP 10.10.10.1 (possibly, "livebox.home") Server #1, local IP 10.10.10.10 client #1, local 10.10.10.103 (via dhcp from WAN Router, possibly) default gateway in this network; 10.10.10.1 So each client will forward to livebox.home (their default gw) when trying to reach anything outside 10.10.10.x therefore livebox.home need the routes to 192,168.191.x (which is 10.10.10.1) and 10.10.20.x (which is 192.168.191.x-on-tower-2) Edited November 15, 2020 by Ford Prefect Quote Link to comment
tapodufeu Posted November 15, 2020 Share Posted November 15, 2020 You are totally right if I want to completely interconnect both LAN. And I will try to do it, you gave me a very interesting idea But in my case, I just want to access from my laptop (with the zerotier cli) to devices on the remote LAN such as printers, NAS, routers etc... For sure, if remote devices on 10.10.20.x want to connect to me (and they have no zerotier client running on), routes must be set properly to passthrough a peer with zerotier interco. For example, Tower2 is 10.10.20.10 and has an openvpn server (docker). If I connect with open vpn client from my laptop (on 10.10.10.xxx) to tower 2 (10.10.20.10)... I can access ALL devices on the LAN 10.10.20.x. If I use ZeroTier, only the server is accessible. Apparently many people get it to work properly, but me not... and I really wonder what I miss. Quote Link to comment
Ford Prefect Posted November 16, 2020 Share Posted November 16, 2020 23 hours ago, tapodufeu said: You are totally right if I want to completely interconnect both LAN. And I will try to do it, you gave me a very interesting idea OK, my bad... I actually thought that this was your usecase 23 hours ago, tapodufeu said: But in my case, I just want to access from my laptop (with the zerotier cli) to devices on the remote LAN such as printers, NAS, routers etc... For sure, if remote devices on 10.10.20.x want to connect to me (and they have no zerotier client running on), routes must be set properly to passthrough a peer with zerotier interco. ...but this still is what they (printer, smart-bulb) "want" to do, once you open a connection to them...IP packets intended to be returning from them to you will need a path back into zt-central. Your laptop with zt-interface up&running is connected to ZT-central. ZT-central will/can provision the routes, you configured back to the zt-client on the laptop. I think you will have to enable the propagation of routes in the zt-client or in zt-central...somewhere. I believe, this will only work, if your Laptop is connected to a third network, like guest WLAN with internet access in a hotel, outside of site#1. Another service on the remote site#2 will receive a connect from an IP out of your zt-pool. This service, if not "inside" your unraid server#2 will need a route to zt-central network....if this service is a physical printer, for example, is outside of unraid-server#2 and will only know the route to the default-gw on network at site#2, not unraid#2 as gw to zt-central network. This usecase I use a lot myseklf when abroad...works like a charm...but I have configured my router (livebox.home) to forward traffic to my own zt-central-network via my unraid-zt-interface. I also choose to allocate a separate VLAN for the ZT-network inside my premise, which makes it more easy inside my setup but this is not a must. Sorry if this is confusing...english is not my native tongue. I still think you do not have a route in your local LAN to your zt-central-network and that is why this only works for services on your unraid-box, where the zt-interface resides. unraid will simply forweard between local interfaces anyway, Quote Link to comment
Ford Prefect Posted November 16, 2020 Share Posted November 16, 2020 23 hours ago, tapodufeu said: For example, Tower2 is 10.10.20.10 and has an openvpn server (docker). If I connect with open vpn client from my laptop (on 10.10.10.xxx) to tower 2 (10.10.20.10)... I can access ALL devices on the LAN 10.10.20.x. If I use ZeroTier, only the server is accessible. ...this is because maybe openVPN interface on unraid is using nat to the inside LAN? For devices in the LAN, packets appear to be originated from your unraid box, not from the transfer-network. Or is even handing out IPs of your original LAN. Zerotier is a real LAN and you need proper routing, using zt-central-network as "transfer net". Quote Link to comment
tapodufeu Posted November 20, 2020 Share Posted November 20, 2020 Thanks for your feedback. I understand my issue now. You are totally right, this is the NAT feature of openvpn. I tried disabling it then It is exactly like zerotier. So when I am at home, with just the fiber modem router from my ISP, (no advanced routing inside), openvpn is my only option, with NAT included in the openvpn server I can do what I want. It would be a great option to add a "kind of admin" access with zerotier with NAT included... I would have completely remove openvpn and just use zerotier only. This is exactly the kind of option that devops or infra manager need. For example, since march, with covid, not everyday hopefully, I have connect and change VPNs maybe 30 times per day !! Quote Link to comment
Ford Prefect Posted November 20, 2020 Share Posted November 20, 2020 (edited) ...you can add your own router as a VM on your unRaid box. There are pfsense/opnsense, openwrt or mikrotik CHR (free version only 100mbps) available to do just that. All do support virtio-NICs or you could passthrough a set of physical adapters, like a Quad-NIC and attach all to a managed switch, that supports VLANs. You could enable GRE/EoIP tunnels accross your sites....or ZT-Central based network interfaces. No VPN, but real LAN-to-LAN scenarios are possible that way. No need to tinker with your ISP modem/router.box. Edited November 20, 2020 by Ford Prefect Quote Link to comment
HisEvilness Posted December 4, 2020 Share Posted December 4, 2020 Finally a VPN solution for Unraid that does not involve pulling out ones hair, easy fast and simple. 1 Quote Link to comment
rmp5s Posted December 4, 2020 Share Posted December 4, 2020 Oh. Yea. So. Update. Dunno if I mentioned or not, but I ended up deleting everything I did and starting over and *poof*...everything works perfect. ZeroTier is AWESOME!! 1 Quote Link to comment
Dmitry Spikhalskiy Posted December 4, 2020 Author Share Posted December 4, 2020 The image was updated to use the latest 1.6.2 Zerotier version. 2 Quote Link to comment
technorati Posted December 10, 2020 Share Posted December 10, 2020 (edited) Ever since the update to 1.6.2, my unRAID machine no longer joins my ZT network, and when I try to debug inside the container, I get errors from the zerotier-cli tool: zerotier-cli info zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) 200 info XXXXXXXXXXX 1.6.2 OFFLINE I have tried deleting the container and reinstalling from CA, but it comes back with the same issue. Rolling back to spikhalskiy/zerotier:1.4.6 has fixed the issue for now. Edited December 10, 2020 by technorati Quote Link to comment
Ford Prefect Posted December 10, 2020 Share Posted December 10, 2020 I see the same messages in the logs, but my ZT-Container joins ZT-central just fine. Quote Link to comment
Dmitry Spikhalskiy Posted December 10, 2020 Author Share Posted December 10, 2020 4 hours ago, technorati said: Ever since the update to 1.6.2, my unRAID machine no longer joins my ZT network, and when I try to debug inside the container, I get errors from the zerotier-cli tool: zerotier-cli info zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) 200 info XXXXXXXXXXX 1.6.2 OFFLINE I have tried deleting the container and reinstalling from CA, but it comes back with the same issue. Rolling back to spikhalskiy/zerotier:1.4.6 has fixed the issue for now. "no version information available" messages are fine, you can ignore them, it's not what causes the issue. Quote Link to comment
technorati Posted December 11, 2020 Share Posted December 11, 2020 Apologies - you'd think that by my age I'd be aware that correlation does not imply causation, but ¯\_(ツ)_/¯ Quote Link to comment
rami22 Posted December 19, 2020 Share Posted December 19, 2020 (edited) Looks like enabling "Host access to custom networks" in Network settings causes ZeroTier to go offline. Does anyone know what needs to be done to allow ZeroTier to connect when this setting is enabled? Edited December 19, 2020 by rami22 Quote Link to comment
Wozzagonebush Posted December 21, 2020 Share Posted December 21, 2020 (edited) Quote Application Name: ZeroTier Application Site: https://www.zerotier.com/ Docker Hub: https://hub.docker.com/r/spikhalskiy/zerotier/ Github Docker: https://github.com/Spikhalskiy/zerotier-unraid-docker Templates Repo: https://github.com/Spikhalskiy/docker-templates This works very well on my Optus wireless broadband which is double NAT, if anyone else is interested Edited December 21, 2020 by Wozzagonebush Inserted quote Quote Link to comment
akeid Posted December 27, 2020 Share Posted December 27, 2020 (edited) Hi, thank you for this container. ZT looks very promising. I've been able to connect to RDP using the ZT on my home pc to a remote pc. I have Apache Guacamole which is an RDP client that runs as a webserver on my unraid server running in bridged mode, however, i cannot connect via Apache Guac to ZT PC clients on the same LAN or Remote networks for some reason. Would it be correct to assume that ZT needs to be installed in the individual apache guacamole container for me to be able to connect to the ZT network? PC -> PC RDP through ZT works fine, its just when i use apache guac i begin to run into connection problems. Appreciate the help. Edit: After doing some testing, I managed to get this to work with some modifications. In the docker container that you wish to connect to your zerotier network, you can use the docker install script they show on their website and join the network within the container. You can also tunnel a second docker container through this zt docker container by using the extra parameters setting with "--net=container:zerotier" under advance settings. You also have to set the network option to none on the tunneled container. On a side note, apache guac will not connect to a RDP computer without a password, even though the windows RDP client can. Edited December 30, 2020 by akeid Quote Link to comment
phoenix13023 Posted February 4, 2021 Share Posted February 4, 2021 On 12/10/2020 at 6:48 PM, technorati said: Ever since the update to 1.6.2, my unRAID machine no longer joins my ZT network, and when I try to debug inside the container, I get errors from the zerotier-cli tool: zerotier-cli info zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) 200 info XXXXXXXXXXX 1.6.2 OFFLINE I have tried deleting the container and reinstalling from CA, but it comes back with the same issue. Rolling back to spikhalskiy/zerotier:1.4.6 has fixed the issue for now. Hello , I have the something wrong like this. The different is that it display online ,but it's offine in ZeroTier central. Quote Link to comment
phoenix13023 Posted February 5, 2021 Share Posted February 5, 2021 Hello , I have find why it could not work in someone's unraid. it should be in China , have gfw block something. the offical client could work well on pc in China. Quote Link to comment
sxt_ Posted February 21, 2021 Share Posted February 21, 2021 Hello, I've been trying to use this to run a VLAN for a Valheim gaming server using ich777's docker container. I'd like to apologize in advance for being generally uneducated about networking. Please correct me if I'm wrong but folks should be able to join the server after connecting to my ZeroTier using my local address for my Unraid server? I've been having trouble getting people to connect. Quote Link to comment
cherrybullet Posted February 22, 2021 Share Posted February 22, 2021 On 12/10/2020 at 3:48 AM, technorati said: Ever since the update to 1.6.2, my unRAID machine no longer joins my ZT network, and when I try to debug inside the container, I get errors from the zerotier-cli tool: zerotier-cli info zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli) 200 info XXXXXXXXXXX 1.6.2 OFFLINE I have tried deleting the container and reinstalling from CA, but it comes back with the same issue. Rolling back to spikhalskiy/zerotier:1.4.6 has fixed the issue for now. I'm getting these error messages too, except mine does connect. Although yesterday, the internet went out for a few hours, when it came back I had to restart the container for it to connect so I checked the logs. Quote Link to comment
PsykoB Posted February 24, 2021 Share Posted February 24, 2021 Hi, I really like your app!! it works really well. Thank you! Any plan to update it to 1.6.4 any soon? Quote Link to comment
IxsharpxI Posted February 26, 2021 Share Posted February 26, 2021 (edited) Hey thanks for this great write up and template. Im having some issues that im not sure the root of the problem. Ive got the container started and add to my zt network and authorized. However i am unable to ping via the ZT IP address? im able to ping other devices on my zt network but not my unraid server when trying from my mac remotely but connected to ZT network. i do have some devices on different subnets so im wondering if my routing is the issue. On the unraid side do i need any static routes set to work or just on the zerotier center side? I currently have a managed network for each LAN subnet via a ZT device that is located on the same internal subnet. is that the right methodology? ex: unraid LAN IP: 192.168.1.6 ZT IP: 10.244.27.6 route: 192.168.1.0/24>10.244.27.6 etc for other subnets Edit: Got it figured out. Went into unraid shell and found that the ZT network adapter hadnt pickup the ipv4 IP address.. i restarted the container and it picked up the IP i picked. Then i set the static route accordingly route: 10.244.0.0/24>zt adapter then i was able to access unraid server Edited February 26, 2021 by IxsharpxI typos Quote Link to comment
mcrommert Posted March 5, 2021 Share Posted March 5, 2021 (edited) So mine says joined and does not error out - but it never shows up in the zerotier interface to approve Anyway to pull the name of this one so i can whitelist it manually in the zerotier interface? EDIT: When i change to bridge it changes to online but still doesn't work Under host it says 200 info xxxxxxxxx 1.6.2 OFFLINE Edited March 5, 2021 by mcrommert Quote Link to comment
Hank Moody Posted March 23, 2021 Share Posted March 23, 2021 (edited) So I'm rereading this topic the 7th time in 7days with no end in sight. My main goal is to open Plex for friends with granular control. A handful of good friends are parents now too and as they discovered my Kids Video Collection (damn those VHS rips) they'd love to be able to give their kids those programs too instead of the utter BS that's running on TV nowadays. I have pfsense/baremetal running 12vlans and a 100/60 connection. VLAN 3 (10.1.30.0/24) is the Vlan where my Plex Servers reside (10.1.30.1 & 10.1.30.2). On the same Vlan there are 2 Steam Machines (10.1.30.40 & 10.1.30.41) I'd also like to 'share'. My ZT resides in above Vlan3 (10.1.30.249), and with this Docker I'd just want to share Plex/Steam. To my understanding it would be possible to use ZT for multiple Vlans, but for simplicity I'd rather start with one Vlan properly set-up 😅 As said above I read the entire thread couple of times, especially the posts of @Ford Prefect about adding routes, but: I intend to only add certain hosts from the Vlan, not the entire network. Where do the routes have to go? Only ZT-Central? Or do I need to tweak pfsense/vlan-rules too? I'm at a loss and every help is much appreciated! Especially how the routes should look like as I had a HARD time setting pfsense up.. 🤣 Kind regards, Hank Edited March 23, 2021 by Hank Moody Tipo Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.