I have searched the forums in the hope of finding a guide, but every single damn example just shows people with 2 Zerotier routers on each end which is not what I'm looking for.
What I want is this:
Comp A (ZT) <--> Router A <--> Internet <--> Router B (ZT) <--> Device X
192.168.1.30 (10.147.17.40) <--> 192.168.1.0 <--> Internet <--> 192.168.2.0 (10.147.17.30) <--> Device X (192.168.2.94)
Problem is getting the Managed Routes right, I am unable to access LAN devices from ZeroTier Router B from my ZeroTier Computer across different networks.
current 'Managed Routes':
10.147.17.0/24 (LAN)
192.168.2.0/24 via 10.147.17.30
Anyone knows how to setup the correct routes? Or what else am I missing? I'm sure many would like a proper guide to get this right. This example would allow people to access remote devices, like controlling Nvidia Shield away from home with SCRCPY without ever needing to open up the application beforehand.
In Router B, make sure the ZT device is in the lan firewall zone: insert the line list device ztxxxxxxxxx with the x's being your device name (which is hashed from the network ID). Intra-zone forwarding is enabled on lan by default, so packets can forward from ZT to the 2.0 LAN.
Then try each of these pings from computer A:
10.147.17.30 (Router B end of the Zerotier tunnel)
192.168.2.1 (Router B's internal IP on the LAN)
192.168.2.94 (Device X)
If it's a routing table problem, the first one will work but the others will not since A doesn't know how to route to the remote LAN. If it's a firewall problem, the first two will work but the third will fail.
Zerotier works almost exactly the same whether the tunnel terminations are road wariors or routers, since it pushes the whole routing table to all of them.
It's also important that wherever you take computer A, its LAN providing the unencrypted connection to the Internet can't be 192.168.2.0. That would cause ambiguity in the routing table. Using an obscure number for the home LAN is common to avoid this.
I got it working. Yes both routers needs their default gateway IP to be different so there are no subnet clashes or ambiguity.
Like you pointed out, the ZeroTier 'Manage Route' settings were correctly set from the beginning. All that is needed is the (LAN) and pointing the default gateway/24 via Zerotier Router IP.
After following the guide (kevron2u) and upgrading to 22.03.4 the Zerotier => lan was set to (accept, accept, reject). After setting the 'forward' selection to (accept) aswell everything works. I can now access my LAN devices across different networks as long as they are connected to my ZeroTier router.
