Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: ja3far on July 14, 2021, 10:43:53 AM

Title: force Zerotier outgoing interface
Post by: ja3far on July 14, 2021, 10:43:53 AM
Hello
I have installed zerotier plugin and everything is working as expected. In my OPNsense setup I also have OpenVPN clients connected to the outside world and assigned to interfaces. On the zerotier management portal I noticed that OPNsense is connected using one of the OpenVPN client IPs.
Is there a way to force it to use the WAN interface only? my WAN interface is vtnet1. I tried the following zerotier configuration without success.

{
  "settings": {
    "defaultBondingPolicy": "aggressive-active-backup",
    "policies": {
      "aggressive-active-backup": {
        "links": {
          "vtnet1": {
            "ipvPref": 4,
            "mode": "primary"
          }
        }
      }
    }
  }
}
Title: Re: force Zerotier outgoing interface
Post by: Cerberus on July 20, 2021, 04:47:08 PM
Hi,

you need to blacklist the openvpn network, you need this custom parameters in zerotier:

for example:

"physical": {
   "192.168.0.0/24": {
      "blacklist": true
Title: Re: force Zerotier outgoing interface
Post by: ja3far on July 20, 2021, 09:49:23 PM
Thanks Cerberus
I have reviewed the config manual, and found that I can do this

{
    "settings": {
        "interfacePrefixBlacklist": [ "ovpnc" ]
    }
}
Text only | Text with Images