ZeroTier Bridging Configuration



  • So... I figured out how to get ZeroTier working as an Ethernet bridge thanks to some help from @adam-ierymenko and the initial guide that another user posted at :
    https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

    I did this using Ubuntu 15.10.

    Install Ubuntu however you wish. I'd recommend at least 1gb of RAM and 16GB of hard drive space (My current install has 1gb of ram and 32gb of hard drive space).

    You only need one interface actually connected to the physical network for both Management and the bridged traffic.

    After you have created your VM, before powering it on, you should take care that your Hypervisor will allow Mac Spoofing.
    In VMware, this is called Forged Transmits, and is done at a vSwitch level from what I understand. ( A little info is located here: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.networking.doc%2FGUID-74E2059A-CC5E-4B06-81B5-3881C80E46CE.html)

    In Hyper-V this is fixed on a per VM basis using the following powershell commands all typed on one line. Just replace MYVMNAME and MY_HYPERV_SWITCH with the values that are used from your own setup.

    get-vmnetworkadapter -VMName MYVMNAME|where {$_.SwitchName -eq "MY_HYPERV_SWITCH"}|
    set-vmnetworkadapter -MacAddressSpoofing on
    

    In VMware
    While Ubuntu is installing, create an account or log in to https://my.zerotier.com and create your network (or use your existing one). Things you need to make sure of:

    1. Your ZeroTier IP range is set to be part of your Network Subnet. IE: If your subnet is 192.168.10.0/23, you should make sure that ZeroTier is configured to be in the same range... For instance, my home network is configured as 192.168.10.0/23. ZeroTier is configured:

    0_1458596511070_upload-fb4e4776-7ca6-43c4-9249-0b39d4392546

    Note: The IP Autoassign settings are outside of the DHCP Scope of my DHCP server. IE: My DHCP server at home is set to hand out IPs between 192.168.10.100 and 192.168.10.150. Note here my Autoassign settings are 192.168.11.100 to 192.168.11.200.

    Note 2: This would theoretically work, even if you are on a /24 network, as long as the ZT autoassign settings are outside the scope of your LAN's DHCP server. I have not tested this.

    1. The device that you want to be designated as the bridge is marked as both Allowed AND bridge in the ZT interface...
      0_1458597211471_upload-426774c0-2a9b-4d7e-8ca7-46211fbfa3d4

    After you have installed Ubuntu, execute the following commands, which updates the package list, and ensures that the bridge-utils are installed. It also downloads and installs the ZeroTier binaries. Check the website: https://www.zerotier.com/product-one.shtml for the latest version.

    All commands should be executed as root

    apt-get update
    apt-get install bridge-utils
    
    wget https://download.zerotier.com/dist/zerotier-one_1.1.4_amd64.deb
    
    dpkg -i zerotier-one_1.1.4_amd64.deb
    

    After ZeroTier is installed, you need to start it:

    service zerotier-one start
    

    Then you need to get the Client ID for making sure you select the right one as the bridge.

    zerotier-cli info
    

    It will output something similar to :

    200 info ee88c712ab ONLINE 1.1.4
    

    The third item is your client's ID.

    Next up, you will need to join the client to your ZeroTier network via:

    zerotier-cli join your_network_id
    

    You should see the Network ID in the top left corner of your screen after you click on your Network on the ZT Web Portal.

    If you read through the guide at the site I posted above, he shows a network configuration guide using /etc/interfaces, which is the proper way to set it up. I went about it a different way by using a script that starts when the VM is rebooted, and waits for 30 seconds to ensure network connectivity...

    Place the script in /usr/local/bin
    Adjust the BRIDGE_IP and GATEWAY_IP, and SLEEP_TIMER to the correct values.
    The script removes ALL IP addresses and routes related to eth0, br0, and zt0, and then sets them according to the parameters you set up.

    #!/bin/bash
    LAN_INT="eth0" #Internal LAN Interface
    BR_INT="br0"  #Bridge Interface
    ZT_INT="zt0" #ZeroTier Interface
    
    BRIDGE_IP="192.168.10.100/23"
    GATEWAY_IP="192.168.10.1"
    
    SLEEP_TIMER="30s"
    RUN_TIME=`date`
    #Delay Timer to give the system a chance to finish booting
    sleep $SLEEP_TIMER
    
    echo $RUN_TIME > /var/log/bridge.log
    
    #Disable Interfaces, Remove IP addresses
    echo "Disabling Interface" >> /var/log/bridge.log
    /sbin/ifconfig $LAN_INT down >> /var/log/bridge.log
    /sbin/ifconfig $ZT_INT down >> /var/log/bridge.log
    /sbin/ip addr flush dev $LAN_INT >> /var/log/bridge.log
    /sbin/ip addr flush dev $ZT_INT >> /var/log/bridge.log
    
    echo "Setting up Bridging..." >> /var/log/bridge.log
    
    /sbin/brctl addbr $BR_INT >> /var/log/bridge.log
    /sbin/brctl addif $BR_INT $ZT_INT $LAN_INT >> /var/log/bridge.log
    
    /sbin/ifconfig $LAN_INT promisc up >> /var/log/bridge.log
    /sbin/ifconfig $ZT_INT promisc up >> /var/log/bridge.log
    /sbin/ifconfig $BR_INT up >> /var/log/bridge.log
    
    /sbin/ip addr add $BRIDGE_IP dev br0 >> /var/log/bridge.log
    /sbin/route add default gateway $GATEWAY_IP
    echo "Finished!" >> /var/log/bridge.log
    

    I have the script configured to run at reboot via crontab -e

    # m h  dom mon dow   command
    @reboot sh /usr/local/bin/bridge-start
    

    A few quick ping tests should reveal that your bridge can communicate on your LAN, as well as your ZT Network.

    From your ZT Network, ping towards a LAN IP address, and everything should work.

    It should be noted that if you are actually changing an existing ZeroTier network to make this work, all of the linux clients need to be stopped, and then started. Not restarted (the IP address doesn't change if you do service zerotier-one restart). Windows systems can restart the ZeroTier service from the services.msc file.

    If you have any issues or find any typos or recommend a better format, feel free to leave a comment below!



  • Thanks! I'll be trying this soon!



  • @aaronstuder said:

    Thanks! I'll be trying this soon!

    Keep me posted! If you find any of my instructions incorrect or too wordy, just let me know.



  • @dafyre Only 1 NIC needed? I could use my Raspberry Pi?



  • @aaronstuder said:

    @dafyre Only 1 NIC needed? I could use my Raspberry Pi?

    I don't see any reason why not. I don't think there's any special (non-default) settings that the kernel requires for this to work. It'd be worth a shot, I think.



  • @dafyre I forget the Raspberry Pi has terrible Distro choices 😞



  • @aaronstuder said:

    @dafyre I forget the Raspberry Pi has terrible Distro choices 😞

    Raspbian is a Debian based distro, yea?





  • @aaronstuder said:

    @dafyre Yes 🙂 https://www.raspberrypi.org/downloads/

    I seriously need to come up with $5 to get the Pi Zero, or $35 and just get me a dang Pi.



  • @aaronstuder said:

    @dafyre I forget the Raspberry Pi has terrible Distro choices 😞

    It does? What more do you need than CentOS 7?

    http://news.softpedia.com/news/centos-7-linux-officially-released-for-raspberry-pi-2-banana-pi-and-cubietruck-497891.shtml



  • And FreeBSD, too.

    https://wiki.freebsd.org/FreeBSD/arm/Raspberry Pi

    Really, pretty much any OS you'd actually want for production on a Pi is available.







  • @scottalanmiller said:

    Even Windows 10 is available.

    A Windows suggestion from you seems strange. 😛

    BTW Where are my emojis! 😃



  • @aaronstuder said:

    @scottalanmiller said:

    Even Windows 10 is available.

    A Windows suggestion from you seems strange. 😛

    BTW Where are my emojis! 😃

    Not suggesting it, just pointing out that the selection of OSes for the Pi is pretty good. CentOS, FreeBSD, Ubuntu, Windows... and those are just the ones that I found quickly. NetBSD is almost certainly available. Pretty much any OS you would reasonably want is available.



  • Hoping to get started in a few minutes 🙂



  • @aaronstuder said:

    Hoping to get started in a few minutes 🙂

    /me hands @aaronstuder a helmet.