Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
ZeroTier config
« previous
next »
Print
Pages: [
1
]
Author
Topic: ZeroTier config (Read 8229 times)
syntaxits
Newbie
Posts: 1
Karma: 0
ZeroTier config
«
on:
April 03, 2018, 10:56:04 am »
Hi, I am trying to get ZeroTier working. I have followed the guide here:
https://docs.opnsense.org/manual/how-tos/zerotier.html
But I cannot ping anything on the LAN from another Zerotier device. I have set the ZeroTier IPV4 Interface on the OPNSense to 10.147.20.1 same as the one in the Zerotier Portal.
It is connected and I have setup the ZeroTier portal. Are there any firewall rules I need to add? Any guidance would be really appreciated. Thanks
Logged
doug.dimick
Newbie
Posts: 18
Karma: 7
Re: ZeroTier config
«
Reply #1 on:
April 05, 2018, 10:13:36 pm »
I don't think the guide mentions how to get ZeroTier to assign a default gateway to clients via DHCP.
You need to add a managed route to 0.0.0.0/0 pointed at your OPNsense interface's ZeroTier IP address (see
http://prntscr.com/j1fee3
for an example).
DNS was also a bit tricky to control. I wound up adding a port forward NAT rule on the OPNsense ZeroTier interface to capture all traffic destined to port 53 and redirect it to Unbound.
Edit: Also of course you need firewall rules on your OPNsense ZeroTier interface to permit whatever traffic you're trying to pass. And you need to ensure an outbound NAT rule exists for your ZeroTier network if you want Internet access through it.
«
Last Edit: April 05, 2018, 10:18:24 pm by doug.dimick
»
Logged
rwtsk8
Newbie
Posts: 7
Karma: 0
Re: ZeroTier config
«
Reply #2 on:
April 09, 2018, 12:47:07 am »
Just wondering if you got this working.
As for my setup, I am running two ZeroTier networks. One is to link my three sites together. I run OSPF on that network via the routing plugin.
The other is a P2P to a cloud server from my main site (as of right now but considering a redundant link through another site. I cannot afford a lab but the small business isn't data dependent and the cloud server isn't in production yet so work continues). For this one I had to set the ZeroTier interface as a gateway.
In either case, I allow all LAN traffic across the link but that works because I only need that traffic across those links. Public traffic goes out the public gateway.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
ZeroTier config