Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - rwtsk8

#1
I am still having this issue in 18.5.  I have three different sites and none get an IP address after reboot (or power failure).  In all cases, clicking save on the interface then clicking apply changes fixes the issue.  They come up with the static IP assigned. 
#2
18.1 Legacy Series / Re: ZeroTier config
April 09, 2018, 12:47:07 AM
Just wondering if you got this working.

As for my setup, I am running two ZeroTier networks.  One is to link my three sites together.  I run OSPF on that network via the routing plugin. 

The other is a P2P to a cloud server from my main site (as of right now but considering a redundant link through another site. I cannot afford a lab but the small business isn't data dependent and the cloud server isn't in production yet so work continues).  For this one I had to set the ZeroTier interface as a gateway.

In either case, I allow all LAN traffic across the link but that works because I only need that traffic across those links.  Public traffic goes out the public gateway.
#3
All,

I have three sites that have a ZeroTier mesh setup. For the most part, I followed the how-to guide to set this up. I updated two of the sites to 18.5 over the weekend and in both cases, the ZeroTier interface failed to start up after reload so my site to site VPN no longer worked.  I have static IPs set on the three ZeroTier interfaces, all from the same private /24.  I couldn't get it to work if I had automatic assignments turned on within my.zerotier.

On reload, they don't seem to load the assigned IP. The first two sites I got working again by disabling and enabling the ZeroTier interface but the remaining site I will have to physically visit if the VPN connection doesn't come back up. I am not sure if these are the first time I have rebooted the devices since getting the VPN working so I am not sure if this is upgrade related or reboot related.

Screenshot has all ZeroTier related messages from system log.  Just wondering if I need to change how the IPs are assigned if the interface cannot properly recover from a reboot.  Thank you.
#4
I presume from the way that you describe your situation that you have already installed the os-upnp plugin but you continue to be restricted.  The only way I have got my PlayStation to Type 2 (I believe what you are looking for but in different lingo) was to create a firewall rule that allows all ports outbound from my PlayStation (the LAN interface).  I didn't need to change any NAT from the default configuration.

As you can see from the screenshot, I reworked that idea a bit because I got nervous having a device exposed like that.  What I ended up doing is creating an alias for my PlayStation's static IP, giving that access to the firewall (because it uses it for DNS) and then gave it all port access to anything that wasn't a RFC1918 address (anything else in my network). You might have to retool it a bit if you need access from your PC to other devices but my PS didn't need access to anything but the outside world.  There also may be a better way to do this but it is working for my needs right now.  The PlayStation is exposed but it cannot be used to communicate with the rest of my network if it is ever compromised. 

I am also learning this system as I have spent the entirety of my career working for an ISP as a router engineer so I never had to go beyond making devices communicate.  Security was someone else's responsibility.  I was needing to branch out a bit because my wife's small business added a second location so the easy, off the shelf, Netgear wireless routers weren't meeting their needs.  I started out using pfSense because I had a lot of trouble getting opnSense installed (turned out it was my issue) but once I did get opnSense up and running, I haven't looked back.
#5
I just got this working tonight.  I am a router engineer by trade so I am much more comfortable working below layer 3 so forgive me if this breaks some best practice rules.

I installed the UPnP plugin (os-upnp),  enabled it in the new menu in the services tab, set a static on my PS, set a firewall rules for my LAN interface that allowed all ports with a source of my PS IP to all destinations other than my LAN address.  I am not really happy that it is wide open to my PS like that (why I currently have it where it cannot reach out to any other devices in my LAN) but it got "UPnP Available" and NAT type 2.

I fully intend to keep working and see if I can pin down some specific ports rather than fully exposed but it is working for now.
#6
Also, because I know more about normal old fashioned routing protocols than I know or trust ZeroTier, I just used this service to create the VPN links between my sites.  I am running OSPF across those links so I am not reliant on ZeroTier to advertise my routes.  Not necessarily saying it is the only way but it seems to be working pretty darn well.
#7
I haven't tried it yet due to lack of a server but I was reading through this a few days ago.  I am a router engineer by trade and I am trying to get up above layer 3 so forgive me if this isn't what you are looking for.

https://github.com/zerotier/ZeroTierOne/tree/master/controller