Apparently the 2.0 line of EdgeOS now supports ZeroTier

kleishman

@Curtis
You can configure routing to allow access to entire network. I am using an Opnsense router to provide routing and firewall so that my laptop is able to connect from anywhere. It also limits the collision domains so that all local traffic (arp and what not) doesn't traverse the wan like on a bridge.
I'm also working on a lab with zerotier, Opnsense and a ER-x to use OSPF for dynamic routing.

jplee

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

JaredBusch

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

VoIP_n00b

@jplee I want to know this as well

VoIP_n00b

@jplee did you allow bridging in the web interface?

dafyre

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Dashrender

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

scottalanmiller

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

Are you asking if a VPN is a bridge? That's actually a big "it depends".

Dashrender

@scottalanmiller said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

Are you asking if a VPN is a bridge? That's actually a big "it depends".

Of course it depends - but he setup a site to site using it - so for the devices on the LAN, it is (or at least can be - depending on settings - be acting as a bridge/bridge like interface

scottalanmiller

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Of course it depends - but he setup a site to site using it - so for the devices on the LAN, it is (or at least can be - depending on settings - be acting as a bridge/bridge like interface

Most people, by far, set up VPNs to have different IP ranges on either end. So acting as a router, not a bridge.

Dashrender

@scottalanmiller said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Of course it depends - but he setup a site to site using it - so for the devices on the LAN, it is (or at least can be - depending on settings - be acting as a bridge/bridge like interface

Most people, by far, set up VPNs to have different IP ranges on either end. So acting as a router, not a bridge.

Sure. This is one of my /sigh moments though - I'm sure the OP doesn't likely give a crap if it's a bridge connection or a routed one - it's more likely they simply want to know - is there a connection?

Also - assuming the endpoints on the LAN don't have ZT installed on them, it's likely they are on a separate LAN from the ZT network - so a router would have to be done, which is what I though any of these "gateway" type solutions was really providing?

dafyre

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.

The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.

Dashrender

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.

The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.

I guess I'd need to see a diagram so I could follow.

dafyre

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.

I've never dealt with ZT bridging at all. I only use it point to point as needed.

I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.

I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.

I have it set up as more of a site-to-site VPN now.

Isn't that bridging? more or less ?

No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.

The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.

I guess I'd need to see a diagram so I could follow.

How's this?
![4fb96b98-3628-4347-b84c-f5553fb4c984-image.png](https://i.imgur.com/CgWTyUj.png

JaredBusch

@dafyre

dafyre

@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

@dafyre

Thanks. Not sure how ( b0rked that.

jplee

@VoIP_n00b Yes, I have "Allow Bridging" checked. I'm still getting ping time outs from my lan.

jplee

These are my interfaces:

interfaces

And these are my routes:

routes

On the 192.168.50.0/24 (Lan1) network, I can successfully hit 10.1.1.0/24 (Lan2) addresses and go out on the internet. However, I can't get to any 10.147.20.0/24 nodes (ZT).

If I ssh into the router, I can ping anything on Lan1, Lan2, and ZT. This seems like it would be an easy solution that I'm missing???

Thanks.

VoIP_n00b

@jplee Very Interesting! Can you share how you got ZT setup on the edge router?

jplee

@VoIP_n00b I followed https://blog.kruyt.org/zerotier-on-a-ubiquiti-edgerouter/. It was pretty straightforward. Make sure you follow Part 2 of the guide as well. Now if I can just get the ER-X to route.