dafyre last edited by dafyre
ZeroTier Site-To-Site Setup
- Site A is on 192.168.10.0/24
- Site B is on 192.168.122.0/24
- Site A's VM is 192.168.10.2 for the Local Network
- Site A's VM is 10.0.0.107 on the ZT Network
- Site B is 192.168.122.1 on the Local Network
- Site B is 10.0.0.129 on the ZT Network.
Step 1: Build a Private Network on https://my.zerotier.com
Step 2: Spin up a Linux VM at each site. Connect and authorize them to the ZT Network and note their IP address. For instance:
Step 2B. Enable IP_Forward:
Follow your distribution's instructions to enable ip_forward and make it a permanent change... On most distros, this should work:
sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
You can then
sysctl -p /etc/sysctl.confto reload the configuration or reboot.
sysctl net.ipv4.ip_forwardshould return
net.ipv4.ip_forward = 1
if everything is going to work correctly.
Step 3: From either of the Linux VMs, ensure that they can ping one another on the ZT Subnet.
Step 4: Set up the Routes inside on https://my.zerotier.com
*Once you set up the routes in ZeroTier Central, you do not have to manually add them to your Linux VMs.
Step 5: Set up the Site Routes at the Routers for Site A and Site B
SITE A Main Router:
You'll notice for the router at Site A that I am using the INTERNAL network address of my Linux VM.
SITE A Linux Router VM:
[email protected] /root # ip route default via 192.168.10.1 dev eth0 onlink 10.0.0.0/24 dev zt1 proto kernel scope link src 10.0.0.107 192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.2 192.168.20.0/24 via 10.0.0.116 dev zt1 192.168.122.0/24 via 10.0.0.129 dev zt1
SITE B, KVM Server, no need for separate VM:
[email protected]:/root# ip route default via <my public ip> dev eth0 onlink 10.0.0.0/24 dev zt1 scope link #ZT Subnet 192.168.10.0/24 via 10.0.0.107 dev zt1 #SiteA, 10.0.0.107 is the ZT IP for the Linux VM at Site A 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 #This server is Site B
**This was done on systems that do not have UFW or firewall-cmd enabled. You may have to set them up to allow traffic between your sites.
Okay... I think that's it. Mine is working.
If you have any questions or comments, ask away!