Hi!
I would like to do the same as described in this video
and in this topic Install a Router as ZeroTier Client ,
but when I'm trying to do route -n, the things going wrong. Router has zerotier ip 192.168.196.2.
I don't know the language in the video, but even looking at the pictures it is not clear if the guy knows what he is doing. I don't understand what 10 and 20 networks are for. There are only three networks needed. I'm going to make up my own rather than trying to follow what is in the video.
Site A LAN: 192.168.5.0/24, the router is 192.168.5.1, one of the PCs is 192.168.5.222.
Site B LAN: 192.168.6.0/24, the router is 192.168.6.1, one of the PCs is 192.168.6.111.
Zerotier tunnel: 192.168.195.0/24, site A is 192.168.195.5, site B is 192.168.195.6.
Then you need to configure two routes in Zerotier Central:
192.168.5.0/24 via 192.168.195.5
192.168.6.0/24 via 192.168.195.6
Make sure the Zerotier tunnel is in the lan firewall zone of both routers.
Yes, but when I'am trying to do route -n on router 192.168.196.2 the route is 192.168.10.0 192.168.196.1 instead 192.168.40.0 192.168.196.2...
The picture that appears before the video is played shows a simple case of two sites each with one LAN: A has 192.168.0.0/24 and B has 192.168.2.0/24, and a Zerotier tunnel with IPs in the range 192.168.196.0/24.
There are no 192.168.10.0 or 192.168.40.0 networks shown in that picture, nor are any such networks needed for this use case. I guess the video author introduces those later. Again, adding any networks other than the Zerotier tunnel /24 is unnecessary when linking two sites with one LAN at each site.
Thanks.
From router A I can ping router B and from router B router A .
But ip address when I connect to router A is ISP A , but should be from ISP B router B(server).
That is not what you asked before.
Assuming that site to site LAN to LAN access is working now, you can expand also to using one router as the gateway for all Internet use by the other site(s). It requires some additional steps which are a bit complicated because OpenWrt's port of Zerotier does not directly support this.
- In Zerotier Central, add a route 0.0.0.0/0 via 192.168.196.2 (B's zerotier IP)
- In A's local Zerotier configuration (which is configured directly at A, not by Zerotier Central), add the allowDefault option. On A CLI, enter
zerotier-cli set <networkId> allowDefault=1(networkID is the hex number at the top of the Zerotier Central network page) - This will only work until A is restarted-- then you would need to enter the allowdefault command again. To make the change permanent, follow the "Persistent Configuration" instructions at the bottom of this page: https://openwrt.org/docs/guide-user/services/vpn/zerotier#advanced_configuration
Note that if A's ISP supports IPv6 and your network is configured to use it, much Internet usage is now v6, bypassing this v4 only Zerotier setup, so sites accessed from A will see A's local IPv6 IP. You will need to either add IPv6 support to the VPN or disable the IPv6 wan at A.
1 Like
Thanks again! It works for me!
I have another question about speed and DNS. Maybe you can help me too.
All my zerotier routers behind double nat. When i try to connect from double nat the speed is low:
But from pc ( zerotier client) and router ISP the speed is high and connection via ipv6.
And second question about DNS from router server. How to set this DNS for another router client LAN?
And if I use zerotier-cli set <networkId> allowDefault=1 it becomes a default gateway and in the other vlans no internet. I use wireguard and pbr, but how it works with zerotier I don't know.
I try different combination.
Since you're controlling the A router's routes with pbr, turn off Zerotier allowManaged. The default is allowManaged=1, which means that routes configured at Zerotier Central will be pushed into the client's routing table(s). That will conflict with pbr. (All routes that involve Zerotier tunnels still need to be defined at Zerotier Central, so that Zerotier internally is aware of them. allowManaged=0 only means that the Zerotier client process will not alter its host's kernel routing tables)
It probably also means that you need to manually declare the route to the B lan, although the use of a 0.0.0.0 route should include the B lan from the .40 network. If you want other networks to reach B lan you'll need to add routes for them in pbr.
So, it's nice! But unfortunately I don't know where it should be written route in pbr. Maybe some examples, please?
I don't know PBR but it looks like you're not doing it quite right. I would write rules like
- Internal 192.168.40.0/24 External 0.0.0.0/0 via zerotier (tunnel to Internet via B)
- Internal 192.168.30.0/24 External 0.0.0.0/0 via wan (guests use regular wan)
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.