ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZeroTier Question

    Scheduled Pinned Locked Moved IT Discussion
    zerotier
    279 Posts 9 Posters 196.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @JaredBusch
      last edited by Dashrender

      @JaredBusch said in ZeroTier Question:

      @Dashrender said in ZeroTier Question:

      @WLS-ITGuy said in ZeroTier Question:

      @Dashrender said in ZeroTier Question:

      @WLS-ITGuy said in ZeroTier Question:

      @dafyre said in ZeroTier Question:

      @WLS-ITGuy said in ZeroTier Question:

      @scottalanmiller said in ZeroTier Question:

      @WLS-ITGuy said in ZeroTier Question:

      I don't see how I can create a unique A record for the Public Network when it goes through the same DNS as the other two networks.

      You can't. That's why I mentioned having a different DNS server for that network.

      So I would be making an entirely separate network for the Student/Public network on the same internet pipe?

      Time for a dumb question... If we know that they have a URL that works on the Student/Guest side... why not just have them use that URL?

      This is what I have going on for now as https://wls-exchange.wls.wels.net/owa doesn't work off campus. So I have them go to that on campus and mailhost off campus.

      This just wraps you back around to either using the public DNS servers for the Public WiFi, or setting up a separate DNS server for that network.

      So I should just set in the Scope options 8.8.8.8 and 4.4.4.4 as the DNS and see if mailhost works on the Student/Guest network?

      You could, but, if there are any other hostnames that you reference from the Guest network that only exist on your internal DNS, those will no longer function when you make the change.

      Stop mixing things up. A guest network is a guest network and should have zero connection to a private network unless there is a very specific reason.

      You're right it SHOULD! but his does have connections. So as you keep saying, he has to be very careful with his DNS to make sure he doesn't create a whole new can of worms by splitting the guest network out.

      1 Reply Last reply Reply Quote 0
      • J
        Jason Banned @Dashrender
        last edited by

        @Dashrender said in ZeroTier Question:

        The hairpin routing could be a big gotcha for you too.

        Old Cisco Pix firewalls could not do hairpin routing.

        Okay? Any modern router can. and version 7.x and newer for the PIX firewalls could do.

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender
          last edited by

          Ultimately, the simplest solution might be to completely rework your network as follows:

          Production network physical, only thing on this network is servers and printers, including DNS servers, configure non ZT NICs to not register with DNS - this is critical (though could break things like clustering)

          PC internal network, This network has PCs a DHCP server on it, DNS is something global, like 8.8.8.8

          Guest network, Guest PCs and a DHCP server, DNS is something global, like 8.8.8.8

          (really splitting the guest and PC internal is really more for show than anything)

          All business devices have ZT installed with the ZT network having DNS configured for Production DNS servers.

          The PC's would need to have their ZT IPs manually added to production DNS.

          How this works: The ZT PCs will have access to the Production network through ZT network, and will use that because the production network will use the ZT DNS servers. You'll never have to worry about IP issues because the only ones in DNS should be the ZT ones. Non ZT users will use global DNS and that will resolve to something on your firewall and your firewall should forward as needed internally.

          WLS-ITGuyW 1 Reply Last reply Reply Quote 0
          • WLS-ITGuyW
            WLS-ITGuy @Dashrender
            last edited by

            @Dashrender said in ZeroTier Question:

            Ultimately, the simplest solution might be to completely rework your network as follows:

            Production network physical, only thing on this network is servers and printers, including DNS servers, configure non ZT NICs to not register with DNS - this is critical (though could break things like clustering)

            PC internal network, This network has PCs a DHCP server on it, DNS is something global, like 8.8.8.8

            Guest network, Guest PCs and a DHCP server, DNS is something global, like 8.8.8.8

            (really splitting the guest and PC internal is really more for show than anything)

            All business devices have ZT installed with the ZT network having DNS configured for Production DNS servers.

            The PC's would need to have their ZT IPs manually added to production DNS.

            How this works: The ZT PCs will have access to the Production network through ZT network, and will use that because the production network will use the ZT DNS servers. You'll never have to worry about IP issues because the only ones in DNS should be the ZT ones. Non ZT users will use global DNS and that will resolve to something on your firewall and your firewall should forward as needed internally.

            I think this may cause bigger issues as there are rules on the core switch which is on the ZT/LAN side to allow access to the printer, exchange server, and the DHCP/DNS server.

            1 Reply Last reply Reply Quote 0
            • DashrenderD
              Dashrender
              last edited by

              that proposal is a huge massive upset to the way things are working today. That Core switch would have to have a major overall in it's configuration.

              But the simply idea that it represents is that you move to a LANLess design - not to different than saying you put everything in a remote datacenter and you have to access all services over the internet basically the same way websites and email are accessed today over the internet.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @Dashrender
                last edited by

                @Dashrender said in ZeroTier Question:

                @WLS-ITGuy said in ZeroTier Question:

                @Dashrender said in ZeroTier Question:

                @WLS-ITGuy said in ZeroTier Question:

                @dafyre said in ZeroTier Question:

                @WLS-ITGuy said in ZeroTier Question:

                @scottalanmiller said in ZeroTier Question:

                @WLS-ITGuy said in ZeroTier Question:

                I don't see how I can create a unique A record for the Public Network when it goes through the same DNS as the other two networks.

                You can't. That's why I mentioned having a different DNS server for that network.

                So I would be making an entirely separate network for the Student/Public network on the same internet pipe?

                Time for a dumb question... If we know that they have a URL that works on the Student/Guest side... why not just have them use that URL?

                This is what I have going on for now as https://wls-exchange.wls.wels.net/owa doesn't work off campus. So I have them go to that on campus and mailhost off campus.

                This just wraps you back around to either using the public DNS servers for the Public WiFi, or setting up a separate DNS server for that network.

                So I should just set in the Scope options 8.8.8.8 and 4.4.4.4 as the DNS and see if mailhost works on the Student/Guest network?

                You could, but, if there are any other hostnames that you reference from the Guest network that only exist on your internal DNS, those will no longer function when you make the change.

                the changing of your Core Switch without my massive changes post would be in line with this post.

                1 Reply Last reply Reply Quote 0
                • WLS-ITGuyW
                  WLS-ITGuy
                  last edited by

                  Silly question. Could I just uninstall ZT from the exchange server and all my issues go away?

                  DashrenderD 1 Reply Last reply Reply Quote 0
                  • WLS-ITGuyW
                    WLS-ITGuy
                    last edited by

                    Here is some weird shit.

                    New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                    JaredBuschJ DashrenderD 2 Replies Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @WLS-ITGuy
                      last edited by

                      @WLS-ITGuy said in ZeroTier Question:

                      Silly question. Could I just uninstall ZT from the exchange server and all my issues go away?

                      hmm... that's interesting... maybe. let's see it through.

                      Local devices in that network will see it fine, because DNS will only have one IP for it, devices on the guest network use the same DNS, so they too will be fixed because only one IP, and people at starbucks will be fine because global DNS is working.

                      1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @WLS-ITGuy
                        last edited by

                        @WLS-ITGuy said in ZeroTier Question:

                        Here is some weird shit.

                        New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                        Yes. That is how they should work.

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @WLS-ITGuy
                          last edited by

                          @WLS-ITGuy said in ZeroTier Question:

                          Here is some weird shit.

                          New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                          it's the round robin DNS thing.. aka you got lucky!

                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @Dashrender
                            last edited by

                            @Dashrender said in ZeroTier Question:

                            @WLS-ITGuy said in ZeroTier Question:

                            Here is some weird shit.

                            New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                            it's the round robin DNS thing.. aka you got lucky!

                            I assumed form the statement that he changed no DNS settings.

                            If that is the case, then it is NetBIOS over ZeroTier.
                            If he changed the DNS , then yeah, a crapshoot.

                            WLS-ITGuyW 1 Reply Last reply Reply Quote 1
                            • WLS-ITGuyW
                              WLS-ITGuy @JaredBusch
                              last edited by

                              @JaredBusch said in ZeroTier Question:

                              @Dashrender said in ZeroTier Question:

                              @WLS-ITGuy said in ZeroTier Question:

                              Here is some weird shit.

                              New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                              it's the round robin DNS thing.. aka you got lucky!

                              I assumed form the statement that he changed no DNS settings.

                              If that is the case, then it is NetBIOS over ZeroTier.
                              If he changed the DNS , then yeah, a crapshoot.

                              I have made no DNS changes since I was told to do FQDN names yesterday.

                              JaredBuschJ 1 Reply Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch @WLS-ITGuy
                                last edited by

                                @WLS-ITGuy said in ZeroTier Question:

                                @JaredBusch said in ZeroTier Question:

                                @Dashrender said in ZeroTier Question:

                                @WLS-ITGuy said in ZeroTier Question:

                                Here is some weird shit.

                                New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                                it's the round robin DNS thing.. aka you got lucky!

                                I assumed form the statement that he changed no DNS settings.

                                If that is the case, then it is NetBIOS over ZeroTier.
                                If he changed the DNS , then yeah, a crapshoot.

                                I have made no DNS changes since I was told to do FQDN names yesterday.

                                I was referring to the client you just set up. did you change his ZeroTier adapter to have a DNS value? Not to changing server side DNS settings.

                                WLS-ITGuyW 1 Reply Last reply Reply Quote 0
                                • WLS-ITGuyW
                                  WLS-ITGuy @JaredBusch
                                  last edited by

                                  @JaredBusch said in ZeroTier Question:

                                  @WLS-ITGuy said in ZeroTier Question:

                                  @JaredBusch said in ZeroTier Question:

                                  @Dashrender said in ZeroTier Question:

                                  @WLS-ITGuy said in ZeroTier Question:

                                  Here is some weird shit.

                                  New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                                  it's the round robin DNS thing.. aka you got lucky!

                                  I assumed form the statement that he changed no DNS settings.

                                  If that is the case, then it is NetBIOS over ZeroTier.
                                  If he changed the DNS , then yeah, a crapshoot.

                                  I have made no DNS changes since I was told to do FQDN names yesterday.

                                  I was referring to the client you just set up. did you change his ZeroTier adapter to have a DNS value? Not to changing server side DNS settings.

                                  Sorry - When I said no Static IP on the ZT NIC I meant didn't set static DNS.

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch @WLS-ITGuy
                                    last edited by

                                    @WLS-ITGuy said in ZeroTier Question:

                                    @JaredBusch said in ZeroTier Question:

                                    @WLS-ITGuy said in ZeroTier Question:

                                    @JaredBusch said in ZeroTier Question:

                                    @Dashrender said in ZeroTier Question:

                                    @WLS-ITGuy said in ZeroTier Question:

                                    Here is some weird shit.

                                    New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                                    it's the round robin DNS thing.. aka you got lucky!

                                    I assumed form the statement that he changed no DNS settings.

                                    If that is the case, then it is NetBIOS over ZeroTier.
                                    If he changed the DNS , then yeah, a crapshoot.

                                    I have made no DNS changes since I was told to do FQDN names yesterday.

                                    I was referring to the client you just set up. did you change his ZeroTier adapter to have a DNS value? Not to changing server side DNS settings.

                                    Sorry - When I said no Static IP on the ZT NIC I meant didn't set static DNS.

                                    Good, then you are working as it is intended. You are resolving things by NetBIOS.

                                    DNS has nothing to do with it since you did not set an address.

                                    WLS-ITGuyW 2 Replies Last reply Reply Quote 0
                                    • WLS-ITGuyW
                                      WLS-ITGuy @JaredBusch
                                      last edited by

                                      @JaredBusch said in ZeroTier Question:

                                      @WLS-ITGuy said in ZeroTier Question:

                                      @JaredBusch said in ZeroTier Question:

                                      @WLS-ITGuy said in ZeroTier Question:

                                      @JaredBusch said in ZeroTier Question:

                                      @Dashrender said in ZeroTier Question:

                                      @WLS-ITGuy said in ZeroTier Question:

                                      Here is some weird shit.

                                      New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                                      it's the round robin DNS thing.. aka you got lucky!

                                      I assumed form the statement that he changed no DNS settings.

                                      If that is the case, then it is NetBIOS over ZeroTier.
                                      If he changed the DNS , then yeah, a crapshoot.

                                      I have made no DNS changes since I was told to do FQDN names yesterday.

                                      I was referring to the client you just set up. did you change his ZeroTier adapter to have a DNS value? Not to changing server side DNS settings.

                                      Sorry - When I said no Static IP on the ZT NIC I meant didn't set static DNS.

                                      Good, then you are working as it is intended. You are resolving things by NetBIOS.

                                      DNS has nothing to do with it since you did not set an address.

                                      OK

                                      1 Reply Last reply Reply Quote 0
                                      • WLS-ITGuyW
                                        WLS-ITGuy @JaredBusch
                                        last edited by WLS-ITGuy

                                        @JaredBusch said in ZeroTier Question:

                                        @WLS-ITGuy said in ZeroTier Question:

                                        @JaredBusch said in ZeroTier Question:

                                        @WLS-ITGuy said in ZeroTier Question:

                                        @JaredBusch said in ZeroTier Question:

                                        @Dashrender said in ZeroTier Question:

                                        @WLS-ITGuy said in ZeroTier Question:

                                        Here is some weird shit.

                                        New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                                        it's the round robin DNS thing.. aka you got lucky!

                                        I assumed form the statement that he changed no DNS settings.

                                        If that is the case, then it is NetBIOS over ZeroTier.
                                        If he changed the DNS , then yeah, a crapshoot.

                                        I have made no DNS changes since I was told to do FQDN names yesterday.

                                        I was referring to the client you just set up. did you change his ZeroTier adapter to have a DNS value? Not to changing server side DNS settings.

                                        Sorry - When I said no Static IP on the ZT NIC I meant didn't set static DNS.

                                        Good, then you are working as it is intended. You are resolving things by NetBIOS.

                                        DNS has nothing to do with it since you did not set an address.

                                        But shouldn't the other machines be working in the same fashion?

                                        I mean without the static DNS settings?

                                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                                        • JaredBuschJ
                                          JaredBusch @WLS-ITGuy
                                          last edited by JaredBusch

                                          @WLS-ITGuy said in ZeroTier Question:

                                          @JaredBusch said in ZeroTier Question:

                                          @WLS-ITGuy said in ZeroTier Question:

                                          @JaredBusch said in ZeroTier Question:

                                          @WLS-ITGuy said in ZeroTier Question:

                                          @JaredBusch said in ZeroTier Question:

                                          @Dashrender said in ZeroTier Question:

                                          @WLS-ITGuy said in ZeroTier Question:

                                          Here is some weird shit.

                                          New install of ZT on machine off campus. No static IP on the ZT NIC. Mapped Drives work as well as Exchange. WTF!

                                          it's the round robin DNS thing.. aka you got lucky!

                                          I assumed form the statement that he changed no DNS settings.

                                          If that is the case, then it is NetBIOS over ZeroTier.
                                          If he changed the DNS , then yeah, a crapshoot.

                                          I have made no DNS changes since I was told to do FQDN names yesterday.

                                          I was referring to the client you just set up. did you change his ZeroTier adapter to have a DNS value? Not to changing server side DNS settings.

                                          Sorry - When I said no Static IP on the ZT NIC I meant didn't set static DNS.

                                          Good, then you are working as it is intended. You are resolving things by NetBIOS.

                                          DNS has nothing to do with it since you did not set an address.

                                          But shouldn't the other machines be working in the same fashion?

                                          I mean without the static DNS settings?

                                          Yes. Your one specific non working example was getting a DNS result from its local connection and was causing your problem. I suspect something was resolving weird from the AT&T IPv6 DNS that was listed.

                                          1 Reply Last reply Reply Quote 1
                                          • DashrenderD
                                            Dashrender
                                            last edited by

                                            But relying on NetBIOS - come on, really? I don't want to hang my hat on that nail.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 13
                                            • 14
                                            • 2 / 14
                                            • First post
                                              Last post