[Support] spikhalskiy - ZeroTier


185 posts in this topic Last Reply

Recommended Posts

15 minutes ago, Hank Moody said:

I have pfsense/baremetal running 12vlans and a 100/60 connection.

 

VLAN 3 (10.1.30.0/24) is the Vlan where my Plex Servers reside (10.1.30.1 & 10.1.30.2). On the same Vlan there are 2 Steam Machines (10.1.30.40 & 10.1.30.41) I'd also like to 'share'.

 

My ZT resides in above Vlan3 (10.1.30.249), and with this Docker I'd just want to share Plex/Steam.

So 10.1.30.249 is the ZT-Client / the ZT-Docker IP on your unraid host?

What network did you choose as transfer network in ZT central?

 

Do you have another client, like a laptop and installed the ZT-client on it and are you able to connect and ping the 10.1.30.249 IP or any other IP on your VLAN3??

Preferably from outside of your own network, via a 3G/4G connection or remote (W)LAN at a friend's or family place?

 

This would be the first step you need to achieve.

 

 

 

 

15 minutes ago, Hank Moody said:

To my understanding it would be possible to use ZT for multiple Vlans, but for simplicity I'd rather start with one Vlan properly set-up 😅

Well, yes...but VLAN tags are not passed accros the ZT network, I think (actually I did not try)...so think of connecting LANs, not especially VLANs.

You should think of a each ZT-network as a Layer 3 Switch

Each ZT-Client, when connected to a ZT-Network is part of a LAN-IP Segment of that network. That means they are already, internally connected to each other.

As each ZT-client has an outside ZT connection, as it also sits in a LAN local to the ZT-client, like your ZT-docker or your Parent's laptop in their local LAN, think of each ZT-Client as a (possible) site-2-site connection gateway, using their internal ZT-network as transfer network.

 

Example (your zt-network IP in the range of 192.168.99.0/255.255.255.0):

 

Your PFsense/VLAN3 (10.1.30.1) - zt-docker (10.1.30.249 + zt-net-ip 192.168.99.2) - zt-central - zt-client-Laptop (zt-net-ip 192.168.99.22 - LAN-IP 192.168.1.120) - remote LAN gateway (192.168.1.1)

 

So, for the laptop to be able to reach your VLAN3, define (in ZT-central) the route to 10.1.30.0/24 with gateway=192.168.99.2 and of course the other path for returns (net 192.168.1.0/24 with gateway 192.168.99.22)

But wait, this is only half of the story ;-)

 

15 minutes ago, Hank Moody said:

Where do the routes have to go? Only ZT-Central? Or do I need to tweak pfsense/vlan-rules too?

...second half of the story:

 

In order for IP packets to be able to reach in return from VLAN3 -net back to remote LAN 192.168.1.0/24, of course the router which is hosting VLAN3 needs to know the routes to zt-central (using the zt-client docker IP as gateway) as well.

That means, your pfsense needs to be part of the game as well ;-)

And should you wish the same for more hosts on the remote network and not just the laptop running zt-client, the remote router as well (which would form a true site2site connection)

 

15 minutes ago, Hank Moody said:

 

As said above I read the entire thread couple of times, especially the posts of @Ford Prefect

about adding routes, but: I intend to only add certain hosts from the Vlan, not the entire network.

 

Zero-Tier is a LAN...in order to limit access to individual hosts in a network/LAN behind a zt-client, you should put the zt-docker in an additional, separate (V)LAN, different from VALN3 and let the firewall rules in your pfense decide which hosts are reachable/allowed from that zt-(V)LAN into your VLAN3.

That is the proper way of doing it, I think and also easier to maintain, should things change.

However, this is routing (performance wise) and might involve more resources on your pfsense box.

 

15 minutes ago, Hank Moody said:

 

I'm at a loss and every help is much appreciated! Especially how the routes should look like as I had a HARD time setting pfsense up.. 🤣

 

...I hope I was able to shed same light to the story. However, I will/can not help with your pfsense...I am a Mikrotik person ;-)

If you already have 12 VLANs running, a 13th shouldn't present a problem, should it?

Link to post
  • Replies 184
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Application Name: ZeroTier Application Site: https://www.zerotier.com/ Docker Hub: https://hub.docker.com/r/spikhalskiy/zerotier/ Github Docker: https://github.com/Spikhalskiy/zerotier-

1.4.6 is released for everybody, the CLI instructions in the topic header are updated for the new docker image layout.

@argonaut @ice pube Hey, I released a separate tag for you with some dirty hacks, but looks like it's working. You can use the tag spikhalskiy/zerotier:1.4.2 and it will give you the latest Zerotier v

Posted Images

  • 2 weeks later...

Hi all,

I have succesfully configured ZeroTier and can access my Unraid server from my mobile phone outside of my wifi. But I need some help to define the route to the rest of the network outside of the Unraid IP.

 

Unraid is part of 192.168.1.x, I can access all services running on the Unraid services but not any other IPs in the subnet.

I have tried to run the user script/commands to setup a route with IPtables but it did not work. I would like to use the GUI to have better control over this but I am not sure what do I need to add in the "Routing table" under "Network settings".

Thanks in advance!

Link to post
  • 2 weeks later...

zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli)  

 

UNRAID can access other devices and other devices cannot access UNRAID

Edited by xukai
Link to post

Hi,

Are there plans to upgrade the Zerotier version to 1.6.5 any time soon?

 

I'm having the Zerotier 'Coma' problem where some hosts can't communicate with others in the same network, and the upgrade to 1.6.5 is recommended.  I've tried downgrading one other host to 1.6.2 and it fixed the problem, for a while.

 

Cheers,

Russell

Edit: new version available.

Edited by Russell_C
Version update
Link to post
  • 2 weeks later...
On 4/13/2021 at 10:16 AM, Russell_C said:

Hi,

Are there plans to upgrade the Zerotier version to 1.6.4 any time soon?

 

I'm having the Zerotier 'Coma' problem where some hosts can't communicate with others in the same network, and the upgrade to 1.6.4 is recommended.  I've tried downgrading one other host to 1.6.2 and it fixed the problem, for a while.

 

Cheers,

Russell

Same. It was working but after one day, I cannot connect to my unraid server anymore. An upgrade will be very much helpful.

Link to post
On 4/1/2021 at 7:14 PM, chortya said:

Hi all,

I have succesfully configured ZeroTier and can access my Unraid server from my mobile phone outside of my wifi. But I need some help to define the route to the rest of the network outside of the Unraid IP.

 

Unraid is part of 192.168.1.x, I can access all services running on the Unraid services but not any other IPs in the subnet.

I have tried to run the user script/commands to setup a route with IPtables but it did not work. I would like to use the GUI to have better control over this but I am not sure what do I need to add in the "Routing table" under "Network settings".

Thanks in advance!

This cannot be solved with unraid network settings.

In order for other clients in your IP-Segment, their gateway (aka your router, 192.168.1.1), needs to know the route back to the zt-transfer net and the zt-client on unraid as the gateway to the "other side"..

 

Link to post

Thank you Dmitry!

 

That's fixed my connectivity issue.

 

Hint for those who are having similar issues:  Stop the new Zerotier container and empty the peers.d directory (/mnt/user/appdata/zerotier/zerotier-one/peers.d in the Unraid command window).

Once restarted, Zerotier will repopulate this directory.  The same thing may be necessary at the other end(s) too.

In my instance, success was indicated by my peers no longer appearing as RELAY hosts, but as DIRECT.

 

1ffxxxx11d 1.6.5  LEAF      -1 RELAY

becomes:

ddfxxxxc57 1.6.5  LEAF      -1 DIRECT 6090     16835    192.168.1.xxx/20052

 

Happy sailing,

Russell.

 

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.