Apparently the 2.0 line of EdgeOS now supports ZeroTier

Dashrender

@scottalanmiller said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Of course it depends - but he setup a site to site using it - so for the devices on the LAN, it is (or at least can be - depending on settings - be acting as a bridge/bridge like interface

Most people, by far, set up VPNs to have different IP ranges on either end. So acting as a router, not a bridge.

Sure. This is one of my /sigh moments though - I'm sure the OP doesn't likely give a crap if it's a bridge connection or a routed one - it's more likely they simply want to know - is there a connection?

Also - assuming the endpoints on the LAN don't have ZT installed on them, it's likely they are on a separate LAN from the ZT network - so a router would have to be done, which is what I though any of these "gateway" type solutions was really providing?

dafyre

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.

The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.

Dashrender

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.

The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.

I guess I'd need to see a diagram so I could follow.

dafyre

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.

The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.

I guess I'd need to see a diagram so I could follow.

How's this?
![4fb96b98-3628-4347-b84c-f5553fb4c984-image.png](https://i.imgur.com/CgWTyUj.png

JaredBusch

@dafyre

dafyre

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre

Thanks. Not sure how ( b0rked that.

jplee

@VoIP_n00b Yes, I have "Allow Bridging" checked. I'm still getting ping time outs from my lan.

jplee

These are my interfaces:

And these are my routes:

On the 192.168.50.0/24 (Lan1) network, I can successfully hit 10.1.1.0/24 (Lan2) addresses and go out on the internet. However, I can't get to any 10.147.20.0/24 nodes (ZT).

If I ssh into the router, I can ping anything on Lan1, Lan2, and ZT. This seems like it would be an easy solution that I'm missing???

Thanks.

VoIP_n00b

@jplee Very Interesting! Can you share how you got ZT setup on the edge router?

jplee

@VoIP_n00b I followed https://blog.kruyt.org/zerotier-on-a-ubiquiti-edgerouter/. It was pretty straightforward. Make sure you follow Part 2 of the guide as well. Now if I can just get the ER-X to route.

VoIP_n00b

@jplee I would like that too

jplee

I have it working! I needed to NAT.

I also disabled routing to 192.168.50.0/24 on ZeroTier Central and unchecked "Allow Bridging". They aren't needed.

VoIP_n00b

@jplee Interesting. I'll have to try it. As many details as you can provide would be great!

Dashrender

Why would you need to NAT? If you want the real IPs to work, you should be able to use them.

I don't NAT any of my other VPNs.

jplee

@Dashrender I couldn't get the ER-X to route LAN>ZT. NAT, although not ideal, did the trick for me. I'd love to hear if anyone has a no NAT solution.

Dashrender

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@Dashrender I couldn't get the ER-X to route LAN>ZT. NAT, although not ideal, did the trick for me. I'd love to hear if anyone has a no NAT solution.

Remind me what you setup is, I have a ER-X lying around I can set it up and give it a try this weekend.

jplee

@Dashrender Setup is outlined several posts above. Here

dinge

You don't need to set a NAT configuration if you set a route in the Zerotier web interface.

10.11.12.1/24 - (LAN)
192.168.1.1/24 via 10.11.12.1

The 10.11.12.1/24 is the Zerotier Network
The 192.168.1.1/24 is the Switch0 network for the ER-X

jplee

@dinge Do you have this working? It didn’t work for me. Remember, I’m trying to go from LAN to ZT, not the other way around.

dinge

@jplee From ZT to Lan I got this working without NAT or without a route configuration.

I could ping the ZT devices from my Switch0 LAN.

What I wanted was to be able to acces the complete Switch0 LAN from anywhere in the world when I am connected with a PC or phone in the same ZT Network.