Apparently the 2.0 line of EdgeOS now supports ZeroTier
-
@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
Of course it depends - but he setup a site to site using it - so for the devices on the LAN, it is (or at least can be - depending on settings - be acting as a bridge/bridge like interface
Most people, by far, set up VPNs to have different IP ranges on either end. So acting as a router, not a bridge.
-
@scottalanmiller said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
Of course it depends - but he setup a site to site using it - so for the devices on the LAN, it is (or at least can be - depending on settings - be acting as a bridge/bridge like interface
Most people, by far, set up VPNs to have different IP ranges on either end. So acting as a router, not a bridge.
Sure. This is one of my /sigh moments though - I'm sure the OP doesn't likely give a crap if it's a bridge connection or a routed one - it's more likely they simply want to know - is there a connection?
Also - assuming the endpoints on the LAN don't have ZT installed on them, it's likely they are on a separate LAN from the ZT network - so a router would have to be done, which is what I though any of these "gateway" type solutions was really providing?
-
@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.
I've never dealt with ZT bridging at all. I only use it point to point as needed.
I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.
I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.
I have it set up as more of a site-to-site VPN now.
Isn't that bridging? more or less ?
No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.
The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.
-
@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.
I've never dealt with ZT bridging at all. I only use it point to point as needed.
I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.
I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.
I have it set up as more of a site-to-site VPN now.
Isn't that bridging? more or less ?
No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.
The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.
I guess I'd need to see a diagram so I could follow.
-
@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@Dashrender said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@dafyre said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
Did anyone get bridging to work? I have ZT installed on an ER-X. I can ping the ZT nodes from the ER-X cli. However, I cannot ping a ZT node from a machine on my internal network that’s not on ZT.
I've never dealt with ZT bridging at all. I only use it point to point as needed.
I believe @dafyre did a bridge a long time ago before some of it was built into the design like it now is.
I did get bridging set up, but it was a bit of a pain to get going and I ran into some rather interesting issues, lol.
I have it set up as more of a site-to-site VPN now.
Isn't that bridging? more or less ?
No, I've got it set up strictly doing routing between sites. I had odd issues when setting up the bridge that are eliminated when setting it up as a site-to-site vpn.
The bonus is that I don't have to install ZT on everything, just a VM at each site, and add the appropriate routes.
I guess I'd need to see a diagram so I could follow.
How's this?
![4fb96b98-3628-4347-b84c-f5553fb4c984-image.png](https://i.imgur.com/CgWTyUj.png -
-
@JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
Thanks. Not sure how ( b0rked that.
-
@VoIP_n00b Yes, I have "Allow Bridging" checked. I'm still getting ping time outs from my lan.
-
These are my interfaces:
And these are my routes:
On the 192.168.50.0/24 (Lan1) network, I can successfully hit 10.1.1.0/24 (Lan2) addresses and go out on the internet. However, I can't get to any 10.147.20.0/24 nodes (ZT).
If I ssh into the router, I can ping anything on Lan1, Lan2, and ZT. This seems like it would be an easy solution that I'm missing???
Thanks.
-
@jplee Very Interesting! Can you share how you got ZT setup on the edge router?
-
@VoIP_n00b I followed https://blog.kruyt.org/zerotier-on-a-ubiquiti-edgerouter/. It was pretty straightforward. Make sure you follow Part 2 of the guide as well. Now if I can just get the ER-X to route.
-
@jplee I would like that too
-
I have it working! I needed to NAT.
I also disabled routing to 192.168.50.0/24 on ZeroTier Central and unchecked "Allow Bridging". They aren't needed.
-
@jplee Interesting. I'll have to try it. As many details as you can provide would be great!
-
Why would you need to NAT? If you want the real IPs to work, you should be able to use them.
I don't NAT any of my other VPNs.
-
@Dashrender I couldn't get the ER-X to route LAN>ZT. NAT, although not ideal, did the trick for me. I'd love to hear if anyone has a no NAT solution.
-
@jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:
@Dashrender I couldn't get the ER-X to route LAN>ZT. NAT, although not ideal, did the trick for me. I'd love to hear if anyone has a no NAT solution.
Remind me what you setup is, I have a ER-X lying around I can set it up and give it a try this weekend.
-
@Dashrender Setup is outlined several posts above. Here
-
You don't need to set a NAT configuration if you set a route in the Zerotier web interface.
10.11.12.1/24 - (LAN)
192.168.1.1/24 via 10.11.12.1The 10.11.12.1/24 is the Zerotier Network
The 192.168.1.1/24 is the Switch0 network for the ER-X -
@dinge Do you have this working? It didn’t work for me. Remember, I’m trying to go from LAN to ZT, not the other way around.