Lan to lan via zerotier

mbunal · March 21, 2022, 8:33am

hi
i already use zerotier point to point. but i want to use lan to lan. how can i do that?

(net a) <-> (modem a with zerotier) <-> (internet) <-> (modem b with zerotier) <-> (net b)

mk24 · March 21, 2022, 1:48pm

First you need to allocate IP addresses. There are the two LANs, and the VPN "backbone". The two LANs must not be in the same subnet. The "backbone" is a pool of IPs used for inter-site links-- it must be a subnet apart from everything else. Each router will hold one unique IP on the backbone, that IP is the gateway for others to reach its LAN.

These are configured locally on the routers in the usual way:
LAN A: 192.168.10.0/24
LAN B: 192.168.20.0/24

On the Zerotier control page, set up these:
Zerotier network: 192.168.200.0/24
Router A's address on the network: 192.168.200.10
Router B's address on the network: 192.168.200.20
Zerotier static routes:
192.168.10.0/24 via 192.168.200.10
192.168.20.0/24 via 192.168.200.20

Zerotier will push the IPs and routes to each router as it signs on. The route to the other LAN should appear in its routing table.
Determine the name of your zerotier interface (ztxxxxxxxx) and add it to the LAN firewall zone with option device. This name is a hash of the random network number created when you created the Zerotier network on the control server. It will be the same on all routers that are part of the same network. It won't change as long as you keep using that same network.

mbunal · March 21, 2022, 7:24pm

how can i add to LAN firewall zone with option device? which config? or uci command???

mk24 · March 21, 2022, 10:42pm

Edit /etc/config/firewall and find the zone named 'lan' then add a list device with the name of the Zerotier interface.

config zone
	option name		lan
	list network		'lan'
	list device         'ztxxxxxxxx'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT

mbunal · March 22, 2022, 4:29pm

thank you very much. it worked.
By the way, I found in luci what you said. network -> firewall -> edit lan zone -> advanced tab -> covered device. there are all devices. select zt device. save and apply.

system · April 1, 2022, 4:30pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.