OPNsense Forum

English Forums => Tutorials and FAQs => Topic started by: optic on April 18, 2017, 09:07:02 pm

Title: HOWTO: Zerotier SDN/VPN on OPNsense to connect your devices
Post by: optic on April 18, 2017, 09:07:02 pm
Thanks to the awesome help from fitch on #OPNsense i managed to get zerotier working

So i been a fan of zerotier.com for a while, it basicly creates a VPN based L2 Switch that you can put your clients on. It works over IPv6, IPv4 and through most NAT enviroments. Since i only have Carrier Grade NAT at home i wanted to rent a VPS and run OPNsense on it to get some more connectivity.

now to the work part, we will create a syshook file so zerotier starts at system startup early enough so the interface won't get lost on reboots.

# pkg install zerotier
# mkdir -p /usr/local/etc/rc.syshook.d
# vim /usr/local/etc/rc.syshook.d/50-zerotier.early

put the following content in (press i for insert mode)

ifconfig lo0
ifconfig lo0 up
/usr/local/etc/rc.d/zerotier onestart

Save the file by typing in "ESC :wq" 

# chmod 755 /usr/local/etc/rc.syshook.d/50-zerotier.early

you can now reboot opnsense or invoke zerotier with "service zerotier onestart"
check your connection status with "zerotier-cli listpeers", it should show at least 2 or 3 entrys of the supernodes

now you can configure your desired network on zerotier.com (you need an account there OR run your own Configuration Server, use Google Login with 2FA for extra security)

When you created your network join it by typing "zerotier-cli join <networkID>"
You can now use this like a new interface, so go into the GUI and assign the IP and Network Mask that you like, or use the auto assigned IP from the zerotier manager (if enabled)

Now you can join other PCs, Servers or OPNsense Boxes and connect them to your virtual zerotier L2 Switch.