firewall rule on the ZeroTier interface in OPNsense

Started by manilx, September 03, 2022, 10:26:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 03, 2022, 10:26:22 AM Last Edit: September 03, 2022, 02:12:50 PM by manilx
I have configured ZT according to this: https://wcollins.io/post/2022/exploring-zerotier-for-remote-access/

All is working just fine. But the wide open fw rule is of course an issue.

Any ideas on how I should close down this rule a bit? I have tried to make an alias and put the ZT client IP's in there and then use this as the source in the fw rule to only allow the defined clients access but this does not work as clients which are not mentioned in the alias can connect.
September 03, 2022, 11:09:51 AM #1 Last Edit: September 03, 2022, 02:13:00 PM by manilx
What I want to do is only allow specific nodes to connect to OPNsense (i.e. my internal network), even if they are connected to the ZT network...

As the fw rule I created as specified above doesn't work I don't have a clue and really appreciate help.
September 03, 2022, 02:11:35 PM #2 Last Edit: September 03, 2022, 02:13:45 PM by manilx
I had lots of traffic being blocked on the FW level regarding ZT.
One has to add a few FW rules in addition to the description in the blog above. Didn't know which ones...

Also the speed was 25-30% of what I get with working Wireguard.

So in the end no advantage and I uninstalled it.
Print
Go Up Pages1
User actions