ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Apparently the 2.0 line of EdgeOS now supports ZeroTier

    Scheduled Pinned Locked Moved IT Discussion
    edgeosedgeos 2.0.0zerotier
    52 Posts 11 Posters 8.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dafyreD
      dafyre @JaredBusch
      last edited by

      @JaredBusch said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

      @dafyre
      4fb96b98-3628-4347-b84c-f5553fb4c984-image.png

      Thanks. Not sure how ( b0rked that.

      1 Reply Last reply Reply Quote 0
      • J
        jplee @VoIP_n00b
        last edited by

        @VoIP_n00b Yes, I have "Allow Bridging" checked. I'm still getting ping time outs from my lan.

        1 Reply Last reply Reply Quote 0
        • J
          jplee
          last edited by

          These are my interfaces:

          interfaces

          And these are my routes:

          routes

          On the 192.168.50.0/24 (Lan1) network, I can successfully hit 10.1.1.0/24 (Lan2) addresses and go out on the internet. However, I can't get to any 10.147.20.0/24 nodes (ZT).

          If I ssh into the router, I can ping anything on Lan1, Lan2, and ZT. This seems like it would be an easy solution that I'm missing???

          Thanks.

          V 1 Reply Last reply Reply Quote 0
          • V
            VoIP_n00b @jplee
            last edited by

            @jplee Very Interesting! Can you share how you got ZT setup on the edge router?

            J 1 Reply Last reply Reply Quote 0
            • J
              jplee @VoIP_n00b
              last edited by

              @VoIP_n00b I followed https://blog.kruyt.org/zerotier-on-a-ubiquiti-edgerouter/. It was pretty straightforward. Make sure you follow Part 2 of the guide as well. Now if I can just get the ER-X to route. 😞

              V 1 Reply Last reply Reply Quote 0
              • V
                VoIP_n00b @jplee
                last edited by

                @jplee I would like that too 😞

                1 Reply Last reply Reply Quote 0
                • J
                  jplee
                  last edited by

                  I have it working! I needed to NAT.

                  alt text

                  I also disabled routing to 192.168.50.0/24 on ZeroTier Central and unchecked "Allow Bridging". They aren't needed.

                  V 1 Reply Last reply Reply Quote 0
                  • V
                    VoIP_n00b @jplee
                    last edited by

                    @jplee Interesting. I'll have to try it. As many details as you can provide would be great!

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      Why would you need to NAT? If you want the real IPs to work, you should be able to use them.

                      I don't NAT any of my other VPNs.

                      J 1 Reply Last reply Reply Quote 0
                      • J
                        jplee @Dashrender
                        last edited by

                        @Dashrender I couldn't get the ER-X to route LAN>ZT. NAT, although not ideal, did the trick for me. I'd love to hear if anyone has a no NAT solution.

                        DashrenderD 1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @jplee
                          last edited by

                          @jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier:

                          @Dashrender I couldn't get the ER-X to route LAN>ZT. NAT, although not ideal, did the trick for me. I'd love to hear if anyone has a no NAT solution.

                          Remind me what you setup is, I have a ER-X lying around I can set it up and give it a try this weekend.

                          J 1 Reply Last reply Reply Quote 0
                          • J
                            jplee @Dashrender
                            last edited by

                            @Dashrender Setup is outlined several posts above. Here

                            1 Reply Last reply Reply Quote 0
                            • D
                              dinge
                              last edited by

                              You don't need to set a NAT configuration if you set a route in the Zerotier web interface.

                              10.11.12.1/24 - (LAN)
                              192.168.1.1/24 via 10.11.12.1

                              The 10.11.12.1/24 is the Zerotier Network
                              The 192.168.1.1/24 is the Switch0 network for the ER-X

                              J 1 Reply Last reply Reply Quote 0
                              • J
                                jplee @dinge
                                last edited by

                                @dinge Do you have this working? It didn’t work for me. Remember, I’m trying to go from LAN to ZT, not the other way around.

                                D 2 Replies Last reply Reply Quote 0
                                • D
                                  dinge @jplee
                                  last edited by

                                  @jplee From ZT to Lan I got this working without NAT or without a route configuration.

                                  I could ping the ZT devices from my Switch0 LAN.

                                  What I wanted was to be able to acces the complete Switch0 LAN from anywhere in the world when I am connected with a PC or phone in the same ZT Network.

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    dinge @jplee
                                    last edited by

                                    @jplee This are the commands I used on a ER-X setup as WAN+2LAN2

                                    sudo -i

                                    curl -s https://install.zerotier.com | sudo bash

                                    cd /var/lib

                                    mv /var/lib/zerotier-one /config/scripts/

                                    ln -s /config/scripts/zerotier-one

                                    cp /opt/vyatta/share/perl5/Vyatta/Interface.pm /opt/vyatta/share/perl5/Vyatta/Interface.pm.backup

                                    scp /Users/JohDoe/Downloads/zerotier-edgeos.tgz [email protected]:/home/ubnt
                                    (from new terminal window)

                                    tar -C / -xvzf /home/ubnt/zerotier-edgeos.tgz

                                    connect zerotier (zerotieradress)

                                    show interfaces zerotier

                                    configure

                                    set interfaces zerotier zt3jnycvh4 description ZerotierNetwork

                                    commit ; save

                                    exit

                                    J 1 Reply Last reply Reply Quote 0
                                    • J
                                      jplee @dinge
                                      last edited by

                                      @dinge I did that exactly. Can we compare configs? Here's mine:

                                      interfaces {
                                          ethernet eth0 {
                                              address 10.1.1.10/24
                                              description "Local Upstream"
                                              duplex auto
                                              speed auto
                                          }
                                          ethernet eth1 {
                                              description Local
                                              duplex auto
                                              speed auto
                                          }
                                          ethernet eth2 {
                                              description Local
                                              duplex auto
                                              speed auto
                                          }
                                          ethernet eth3 {
                                              description Local
                                              duplex auto
                                              speed auto
                                          }
                                          ethernet eth4 {
                                              description Local
                                              duplex auto
                                              poe {
                                                  output off
                                              }
                                              speed auto
                                          }
                                          loopback lo {
                                          }
                                          switch switch0 {
                                              address 192.168.50.1/24
                                              description Local
                                              mtu 1500
                                              switch-port {
                                                  interface eth1 {
                                                  }
                                                  interface eth2 {
                                                  }
                                                  interface eth3 {
                                                  }
                                                  vlan-aware disable
                                              }
                                          }
                                          zerotier ztklh3kllj {
                                              description ZeroTier
                                          }
                                      }
                                      protocols {
                                          static {
                                              route 0.0.0.0/0 {
                                                  next-hop 10.1.1.1 {
                                                      description "Default Gateway"
                                                  }
                                              }
                                          }
                                      }
                                      service {
                                          dhcp-server {
                                              disabled false
                                              hostfile-update disable
                                              shared-network-name LAN2 {
                                                  authoritative enable
                                                  subnet 192.168.50.0/24 {
                                                      default-router 192.168.50.1
                                                      dns-server 192.168.50.1
                                                      lease 86400
                                                      start 192.168.50.38 {
                                                          stop 192.168.50.243
                                                      }
                                                  }
                                              }
                                              static-arp disable
                                              use-dnsmasq disable
                                          }
                                          dns {
                                              forwarding {
                                                  cache-size 150
                                                  listen-on switch0
                                                  name-server 10.1.1.1
                                              }
                                          }
                                          gui {
                                              http-port 80
                                              https-port 443
                                              older-ciphers enable
                                          }
                                          nat {
                                              rule 5000 {
                                                  description ZT-NAT
                                                  destination {
                                                      group {
                                                          address-group ADDRv4_eth0
                                                      }
                                                  }
                                                  log disable
                                                  outbound-interface ztklh3kllj
                                                  protocol all
                                                  source {
                                                      group {
                                                      }
                                                  }
                                                  type masquerade
                                              }
                                          }
                                          ssh {
                                              port 22
                                              protocol-version v2
                                          }
                                          unms {
                                              disable
                                          }
                                      }
                                      
                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        jplee
                                        last edited by

                                        OK peoples. I got this working both ways: LAN > ZT and ZT > LAN. The trick was to configure a source NAT, which you can only do via the command line. Along with destination NAT, a bidirectional NAT is setup. BOOM! Here's my config:

                                        firewall {
                                            all-ping enable
                                            broadcast-ping disable
                                            group {
                                                network-group LAN {
                                                    description "Switch LAN"
                                                    network 192.168.50.0/24
                                                }
                                                network-group Upstream {
                                                    description "Upstream Network"
                                                    network 10.1.1.0/24
                                                }
                                                network-group ZeroTier {
                                                    description "ZeroTier Network"
                                                    network 10.147.20.0/24
                                                }
                                            }
                                            ipv6-receive-redirects disable
                                            ipv6-src-route disable
                                            ip-src-route disable
                                            log-martians enable
                                            receive-redirects disable
                                            send-redirects enable
                                            source-validation disable
                                            syn-cookies enable
                                        }
                                        interfaces {
                                            ethernet eth0 {
                                                address 10.1.1.10/24
                                                description "Local Upstream"
                                                duplex auto
                                                speed auto
                                            }
                                            ethernet eth1 {
                                                description Local
                                                duplex auto
                                                speed auto
                                            }
                                            ethernet eth2 {
                                                description Local
                                                duplex auto
                                                speed auto
                                            }
                                            ethernet eth3 {
                                                description Local
                                                duplex auto
                                                speed auto
                                            }
                                            ethernet eth4 {
                                                description Local
                                                duplex auto
                                                poe {
                                                    output off
                                                }
                                                speed auto
                                            }
                                            loopback lo {
                                            }
                                            switch switch0 {
                                                address 192.168.50.1/24
                                                description Local
                                                mtu 1500
                                                switch-port {
                                                    interface eth1 {
                                                    }
                                                    interface eth2 {
                                                    }
                                                    interface eth3 {
                                                    }
                                                    vlan-aware disable
                                                }
                                            }
                                            zerotier ztklh3kllj {
                                                description ZeroTier
                                            }
                                        }
                                        protocols {
                                            static {
                                                route 0.0.0.0/0 {
                                                    next-hop 10.1.1.1 {
                                                        description "Default Gateway"
                                                    }
                                                }
                                            }
                                        }
                                        service {
                                            dhcp-server {
                                                disabled false
                                                hostfile-update disable
                                                shared-network-name LAN2 {
                                                    authoritative enable
                                                    subnet 192.168.50.0/24 {
                                                        default-router 192.168.50.1
                                                        dns-server 192.168.50.1
                                                        lease 86400
                                                        start 192.168.50.38 {
                                                            stop 192.168.50.243
                                                        }
                                                    }
                                                }
                                                static-arp disable
                                                use-dnsmasq disable
                                            }
                                            dns {
                                                forwarding {
                                                    cache-size 150
                                                    listen-on switch0
                                                    name-server 10.1.1.1
                                                }
                                            }
                                            gui {
                                                http-port 80
                                                https-port 443
                                                older-ciphers enable
                                            }
                                            nat {
                                                rule 1 {
                                                    description "ZeroTier DNAT"
                                                    destination {
                                                        group {
                                                            network-group ZeroTier
                                                        }
                                                    }
                                                    inbound-interface ztklh3kllj
                                                    inside-address {
                                                        address 10.1.1.10
                                                    }
                                                    log disable
                                                    protocol all
                                                    type destination
                                                }
                                                rule 5000 {
                                                    description "ZeroTier SNAT"
                                                    log disable
                                                    outbound-interface ztklh3kllj
                                                    outside-address {
                                                        address 10.147.20.1
                                                    }
                                                    protocol all
                                                    source {
                                                        group {
                                                            network-group Upstream
                                                        }
                                                    }
                                                    type source
                                                }
                                            }
                                            ssh {
                                                port 22
                                                protocol-version v2
                                            }
                                            unms {
                                                disable
                                            }
                                        }
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • 1
                                        • 2
                                        • 3
                                        • 2 / 3
                                        • First post
                                          Last post