OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: syntaxits on April 03, 2018, 10:56:04 am
-
Hi, I am trying to get ZeroTier working. I have followed the guide here: https://docs.opnsense.org/manual/how-tos/zerotier.html (https://docs.opnsense.org/manual/how-tos/zerotier.html)
But I cannot ping anything on the LAN from another Zerotier device. I have set the ZeroTier IPV4 Interface on the OPNSense to 10.147.20.1 same as the one in the Zerotier Portal.
It is connected and I have setup the ZeroTier portal. Are there any firewall rules I need to add? Any guidance would be really appreciated. Thanks
-
I don't think the guide mentions how to get ZeroTier to assign a default gateway to clients via DHCP.
You need to add a managed route to 0.0.0.0/0 pointed at your OPNsense interface's ZeroTier IP address (see http://prntscr.com/j1fee3 for an example).
DNS was also a bit tricky to control. I wound up adding a port forward NAT rule on the OPNsense ZeroTier interface to capture all traffic destined to port 53 and redirect it to Unbound.
Edit: Also of course you need firewall rules on your OPNsense ZeroTier interface to permit whatever traffic you're trying to pass. And you need to ensure an outbound NAT rule exists for your ZeroTier network if you want Internet access through it.
-
Just wondering if you got this working.
As for my setup, I am running two ZeroTier networks. One is to link my three sites together. I run OSPF on that network via the routing plugin.
The other is a P2P to a cloud server from my main site (as of right now but considering a redundant link through another site. I cannot afford a lab but the small business isn't data dependent and the cloud server isn't in production yet so work continues). For this one I had to set the ZeroTier interface as a gateway.
In either case, I allow all LAN traffic across the link but that works because I only need that traffic across those links. Public traffic goes out the public gateway.