Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
LAN addresses cannot reach ZeroTier peers over OPNsense's ZeroTier connection
« previous
next »
Print
Pages: [
1
]
Author
Topic: LAN addresses cannot reach ZeroTier peers over OPNsense's ZeroTier connection (Read 1727 times)
blegeth
Newbie
Posts: 2
Karma: 0
LAN addresses cannot reach ZeroTier peers over OPNsense's ZeroTier connection
«
on:
December 18, 2023, 11:31:50 pm »
I am using OPNsense to connect to a ZeroTier network. The OPNsense box is able to ping other ZeroTier peers, and other ZeroTier peers can ping the OPNsense box using the OPNsense box's ZeroTier address. Unfortunately, none of the LAN devices behind OPNsense can successfully ping any ZeroTier addresses (other than the OPNsense box's ZeroTier address), and no ZeroTier peers can ping any LAN devices behind the OPNsense box.
I am using the os-zerotier plugin (1.3.2_4) on OPNsense. I have set the managed route in ZeroTier Central for LAN destinations to be the OPNsense's ZeroTier address. The routing tables on OPNsense and ZeroTier peers all show the appropriate routes to reach ZeroTier peers and OPNsense. When I conduct a packet capture on the ZeroTier interface when I attempt to ping from a LAN device to a ZeroTier peer, I see the request ("10.XX.XX.10 > 172.27.XX.227: ICMP echo request, id 14, seq 12, length 64") but no response. When I conduct a packet capture on the ZeroTier interface when I attempt to ping from a ZeroTier peer to a LAN device, I see both the request ("172.27.XX.227 > 10.XX.XX.10: ICMP echo request, id 55631, seq 15, length 64") and the reply ("10.XX.XX.10 > 172.27.XX.227: ICMP echo reply, id 55631, seq 15, length 64"), but the reply never reaches the ZeroTier peer, which shows a "Request timeout". I don't believe that it's a firewall issue, because I allow both incoming and outgoing traffic over the ZeroTier interface between the ZeroTier net and the LAN net.
Does anyone have any suggestions of what I should try to be able to connect my ZeroTier peers and my LAN devices? Thank you!
Logged
stevie187
Newbie
Posts: 2
Karma: 0
Re: LAN addresses cannot reach ZeroTier peers over OPNsense's ZeroTier connection
«
Reply #1 on:
January 05, 2024, 02:12:58 am »
Did you ever figure this out? I'm having the exact same problem config seems ok, routes correct works fine on normal clients, opnsense can see remote clients from terminal, the firewall is logging egress trafiic but nothing connects on the lan side
Logged
blegeth
Newbie
Posts: 2
Karma: 0
Re: LAN addresses cannot reach ZeroTier peers over OPNsense's ZeroTier connection
«
Reply #2 on:
January 08, 2024, 02:42:57 am »
Sorry for the late reply! Unfortunately, I never did figure this out. If I do figure it out, I will definitely post something, and I hope that if you figure it out, you will share your insights too. Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
LAN addresses cannot reach ZeroTier peers over OPNsense's ZeroTier connection