ZeroTier + Active Directory Authentication
-
@Dashrender said:
it's only the half installed situation that it becomes a problem with ZT IP's showing up in DNS for clients that aren't on the ZT network.
Right, the only scenario I would pretty much not entertain is this one. A partial deployment means all of the complexity of the SDN with all of the complexity of managing a VPN in the traditional way along with quite a few additional complications from the lack of intention in design. This introduces problems that neither full mesh nor hub and spoke face.
-
@scottalanmiller If you try AD feel free to update this thread and/or https://www.zerotier.com/community/topic/22/the-big-zerotier-active-directory-lan-virtualization-thread-retitled/2 -- would be helpful
-
LOL - the problem is - that thread is JB's. Where he's trying to deploy ZT but not to every endpoint.
-
Yeah, my tests would not be useful there. He already knows that it works in the modes that we would use it in.
-
@adam.ierymenko said:
@scottalanmiller You could also bridge it to a physical network if you have old boxes, printers, fax machines, etc. A Raspberry Pi makes a great bridge for $30.
Where is this bridge everyone keeps talking about?
-
@FATeknollogee said:
@adam.ierymenko said:
@scottalanmiller You could also bridge it to a physical network if you have old boxes, printers, fax machines, etc. A Raspberry Pi makes a great bridge for $30.
Where is this bridge everyone keeps talking about?
It's just software. install it on whatever you want to install it on.
-
@Dashrender You have a "how to" instruction set?
-
Would you say that the biggest difference between ZT and Pertino in terms of logistics is that Pertino routes traffic across its network, whereas ZT just performs the initial connection and the "clients" then communicate with each other until a loss of connectivity occurs?
Pertino does have smartzones that allows you to tell it when it should just route traffic locally/across the non pertino interface but I don't think it would be encrypted.
-
@FATeknollogee
I don't, but I think @BRRABill was working on it.https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux
This thread talks about it.
The gist is that you make a router out of a device that you can install ZT onto.
-
@FATeknollogee said:
@Dashrender You have a "how to" instruction set?
I think @dafyre created a script for it. I am pretty sure you can only install the bridge on a connector, which has to be a Linux box.
-
I just had a thought.
This is just a wacky solution to the multi IP's for a single host problem that @dafyre was able to solve by telling a NIC to not register with DNS, but I couldn't get to work.
What if you install a bridge on the network, and make your default gateway aware of that network? then if your PC gets a ZT IP from DNS, it can still communicate, only it will be through the bridge.
It's ugly.. but provides a path.
-
@wrx7m said:
@FATeknollogee said:
@Dashrender You have a "how to" instruction set?
I think @dafyre created a script for it. I am pretty sure you can only install the bridge on a connector, which has to be a Linux box.
Doh! you're right it was @dafyre
-
@Dashrender said:
I just had a thought.
This is just a wacky solution to the multi IP's for a single host problem that @dafyre was able to solve by telling a NIC to not register with DNS, but I couldn't get to work.
What if you install a bridge on the network, and make your default gateway aware of that network? then if your PC gets a ZT IP from DNS, it can still communicate, only it will be through the bridge.
It's ugly.. but provides a path.
Why does the gateway need to be aware of it?
-
@scottalanmiller He might mean that the ZT clients would need to know which gateway to use if it is a different gateway on the same network.
-
@scottalanmiller said:
@Dashrender said:
I just had a thought.
This is just a wacky solution to the multi IP's for a single host problem that @dafyre was able to solve by telling a NIC to not register with DNS, but I couldn't get to work.
What if you install a bridge on the network, and make your default gateway aware of that network? then if your PC gets a ZT IP from DNS, it can still communicate, only it will be through the bridge.
It's ugly.. but provides a path.
Why does the gateway need to be aware of it?
Well.. hmm.. OK I was going to say because that way it knows where to forward the packets to internal bridge/router...
But I just read the ZT forum post about the bridge, it's a bridge, not a router between two networks.. it's assumed (bridge) that all devices are on the same network, so there won't be any involvement of the default gateway.. so you can disregard my earlier comments.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
I just had a thought.
This is just a wacky solution to the multi IP's for a single host problem that @dafyre was able to solve by telling a NIC to not register with DNS, but I couldn't get to work.
What if you install a bridge on the network, and make your default gateway aware of that network? then if your PC gets a ZT IP from DNS, it can still communicate, only it will be through the bridge.
It's ugly.. but provides a path.
Why does the gateway need to be aware of it?
Well.. hmm.. OK I was going to say because that way it knows where to forward the packets to internal bridge/router...
But I just read the ZT forum post about the bridge, it's a bridge, not a router between two networks.. it's assumed (bridge) that all devices are on the same network, so there won't be any involvement of the default gateway.. so you can disregard my earlier comments.
That's what I was wondering about A bridge is just like another switch port.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
I just had a thought.
This is just a wacky solution to the multi IP's for a single host problem that @dafyre was able to solve by telling a NIC to not register with DNS, but I couldn't get to work.
What if you install a bridge on the network, and make your default gateway aware of that network? then if your PC gets a ZT IP from DNS, it can still communicate, only it will be through the bridge.
It's ugly.. but provides a path.
Why does the gateway need to be aware of it?
Well.. hmm.. OK I was going to say because that way it knows where to forward the packets to internal bridge/router...
But I just read the ZT forum post about the bridge, it's a bridge, not a router between two networks.. it's assumed (bridge) that all devices are on the same network, so there won't be any involvement of the default gateway.. so you can disregard my earlier comments.
That's what I was wondering about A bridge is just like another switch port.
And now I understand why in that ZT post that they wanted an open unused nic port to act like a switch port.. that's what ZT grabs onto to form the bridge...lol weird.
-
I'm thankful that my installation would be simple and only require editing the hosts file to point at the right DNS server.
-
@scottalanmiller you can not so respectfully piss off.
I can tell you that your opinion of how ZT should work is your opinion and nothing more than that. The developer told you to post your information to that thread.
My goal has nothing to do with making everything work for AD. That thread has nothing to do with my desire to make AD be the only piece that works.
-
@Dashrender said:
@wrx7m said:
@FATeknollogee said:
@Dashrender You have a "how to" instruction set?
I think @dafyre created a script for it. I am pretty sure you can only install the bridge on a connector, which has to be a Linux box.
Doh! you're right it was @dafyre
It wasn't a script... Esentially what I did was build a Linux router.
I have been unable to get the Official Bridged mode to work for some reason or another... It sounds like that is more involved than what @JaredBusch wants to do though.