Need help to connect two office with OPNSense router and a laptop by using Zerotier
-
-
@ismurdegus said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Dashrender Yes I need a "Site to Site" VPN, but because I don't have a static or public IP, I can't use something OpenVPN.
When you say you don't have a public IP, I assume your 4G connecting is NATed.
You can setup things anyway with OpenVPN but you need to host a VPN hub on vultr, digitalocean or somewhere that has a public IP. Then you'd have a hub and spoke VPN topology.
-
@ismurdegus said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Pete-S Hi, I followed the instruction already, I have already done it.
Those instruction are just to setup the zerotier link. Then you have to figure out how to route the traffic over it.
Same thing with OpenVPN or any other VPN link. First you get the link up, then you need to route traffic over it.Normally you'd do something like this in a series of steps where you can verify that each step is successful.
If you are new to configuring firewalls with rules and routing, and perhaps also to OPNSense and Zerotier, I think it will be extremely difficult getting it to work - unless you can find step-by-step instruction that will work for you setup.
-
Another way that is easier to get working, is to just install zerotier on everything that need to communicate with each other.
So you don't set it up on the firewalls themselves but on the devices behind the firewall, for instance servers.
-
@Pete-S said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Another way that is easier to get working, is to just install zerotier on everything that need to communicate with each other.
So you don't set it up on the firewalls themselves but on the devices behind the firewall, for instance servers.
If you don't need any other devices like printers, NAS, IoT, etc.
-
@scottalanmiller said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Pete-S said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Another way that is easier to get working, is to just install zerotier on everything that need to communicate with each other.
So you don't set it up on the firewalls themselves but on the devices behind the firewall, for instance servers.
If you don't need any other devices like printers, NAS, IoT, etc.
if the printers/NAS are local to you, it shouldn't be a problem, but your point is valid.
-
Can OpenVPN not use DDNS instead of a specific IP?
-
@Dashrender said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Can OpenVPN not use DDNS instead of a specific IP?
The problem the OP has (I'm assuming) is that some 4G operators put you in their LAN, so you are behind NAT. You can't host a service that have incoming connections when you're behind a NAT and can't do port forwards.
But yeah if you have OpenVPN you only need one side that allows incoming connections. Dynamic IP would be fine.
-
@scottalanmiller said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Pete-S said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Another way that is easier to get working, is to just install zerotier on everything that need to communicate with each other.
So you don't set it up on the firewalls themselves but on the devices behind the firewall, for instance servers.
If you don't need any other devices like printers, NAS, IoT, etc.
You could work around that by routing over devices that has a zerotier connection. But if you know enough to do that I guess you'd have the knowledge to do it on the firewall instead.
ZT makes any machine dual homed.
-
@Pete-S said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Dashrender said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Can OpenVPN not use DDNS instead of a specific IP?
The problem the OP has (I'm assuming) is that some 4G operators put you in their LAN, so you are behind NAT. You can't host a service that have incoming connections when you're behind a NAT and can't do port forwards.
But yeah if you have OpenVPN you only need one side that allows incoming connections. Dynamic IP would be fine.
Good point, I hadn't considered that.
-
Hey guys sorry for late update....
I still didn't fix my issue....like I say before I am not a PRO so I really need a step by step help if someone has time.The main issue is that the two site can't ping each other but I can from the laptop and access to both network LAN clients.
I tried to create a new GATEWAY and select the Zerotier interface + made a static rule but is not working.