Apparently the 2.0 line of EdgeOS now supports ZeroTier
- 
 I have it working! I needed to NAT.  I also disabled routing to 192.168.50.0/24 on ZeroTier Central and unchecked "Allow Bridging". They aren't needed. 
- 
 @jplee Interesting. I'll have to try it. As many details as you can provide would be great! 
- 
 Why would you need to NAT? If you want the real IPs to work, you should be able to use them. I don't NAT any of my other VPNs. 
- 
 @Dashrender I couldn't get the ER-X to route LAN>ZT. NAT, although not ideal, did the trick for me. I'd love to hear if anyone has a no NAT solution. 
- 
 @jplee said in Apparently the 2.0 line of EdgeOS now supports ZeroTier: @Dashrender I couldn't get the ER-X to route LAN>ZT. NAT, although not ideal, did the trick for me. I'd love to hear if anyone has a no NAT solution. Remind me what you setup is, I have a ER-X lying around I can set it up and give it a try this weekend. 
- 
 @Dashrender Setup is outlined several posts above. Here 
- 
 You don't need to set a NAT configuration if you set a route in the Zerotier web interface. 10.11.12.1/24 - (LAN) 
 192.168.1.1/24 via 10.11.12.1The 10.11.12.1/24 is the Zerotier Network 
 The 192.168.1.1/24 is the Switch0 network for the ER-X
- 
 @dinge Do you have this working? It didn’t work for me. Remember, I’m trying to go from LAN to ZT, not the other way around. 
- 
 @jplee From ZT to Lan I got this working without NAT or without a route configuration. I could ping the ZT devices from my Switch0 LAN. What I wanted was to be able to acces the complete Switch0 LAN from anywhere in the world when I am connected with a PC or phone in the same ZT Network. 
- 
 @jplee This are the commands I used on a ER-X setup as WAN+2LAN2 sudo -i curl -s https://install.zerotier.com | sudo bash cd /var/lib mv /var/lib/zerotier-one /config/scripts/ ln -s /config/scripts/zerotier-one cp /opt/vyatta/share/perl5/Vyatta/Interface.pm /opt/vyatta/share/perl5/Vyatta/Interface.pm.backup scp /Users/JohDoe/Downloads/zerotier-edgeos.tgz [email protected]:/home/ubnt 
 (from new terminal window)tar -C / -xvzf /home/ubnt/zerotier-edgeos.tgz connect zerotier (zerotieradress) show interfaces zerotier configure set interfaces zerotier zt3jnycvh4 description ZerotierNetwork commit ; save exit 
- 
 @dinge I did that exactly. Can we compare configs? Here's mine: interfaces { ethernet eth0 { address 10.1.1.10/24 description "Local Upstream" duplex auto speed auto } ethernet eth1 { description Local duplex auto speed auto } ethernet eth2 { description Local duplex auto speed auto } ethernet eth3 { description Local duplex auto speed auto } ethernet eth4 { description Local duplex auto poe { output off } speed auto } loopback lo { } switch switch0 { address 192.168.50.1/24 description Local mtu 1500 switch-port { interface eth1 { } interface eth2 { } interface eth3 { } vlan-aware disable } } zerotier ztklh3kllj { description ZeroTier } } protocols { static { route 0.0.0.0/0 { next-hop 10.1.1.1 { description "Default Gateway" } } } } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN2 { authoritative enable subnet 192.168.50.0/24 { default-router 192.168.50.1 dns-server 192.168.50.1 lease 86400 start 192.168.50.38 { stop 192.168.50.243 } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 150 listen-on switch0 name-server 10.1.1.1 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5000 { description ZT-NAT destination { group { address-group ADDRv4_eth0 } } log disable outbound-interface ztklh3kllj protocol all source { group { } } type masquerade } } ssh { port 22 protocol-version v2 } unms { disable } }
- 
 OK peoples. I got this working both ways: LAN > ZT and ZT > LAN. The trick was to configure a source NAT, which you can only do via the command line. Along with destination NAT, a bidirectional NAT is setup. BOOM! Here's my config: firewall { all-ping enable broadcast-ping disable group { network-group LAN { description "Switch LAN" network 192.168.50.0/24 } network-group Upstream { description "Upstream Network" network 10.1.1.0/24 } network-group ZeroTier { description "ZeroTier Network" network 10.147.20.0/24 } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address 10.1.1.10/24 description "Local Upstream" duplex auto speed auto } ethernet eth1 { description Local duplex auto speed auto } ethernet eth2 { description Local duplex auto speed auto } ethernet eth3 { description Local duplex auto speed auto } ethernet eth4 { description Local duplex auto poe { output off } speed auto } loopback lo { } switch switch0 { address 192.168.50.1/24 description Local mtu 1500 switch-port { interface eth1 { } interface eth2 { } interface eth3 { } vlan-aware disable } } zerotier ztklh3kllj { description ZeroTier } } protocols { static { route 0.0.0.0/0 { next-hop 10.1.1.1 { description "Default Gateway" } } } } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN2 { authoritative enable subnet 192.168.50.0/24 { default-router 192.168.50.1 dns-server 192.168.50.1 lease 86400 start 192.168.50.38 { stop 192.168.50.243 } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 150 listen-on switch0 name-server 10.1.1.1 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 1 { description "ZeroTier DNAT" destination { group { network-group ZeroTier } } inbound-interface ztklh3kllj inside-address { address 10.1.1.10 } log disable protocol all type destination } rule 5000 { description "ZeroTier SNAT" log disable outbound-interface ztklh3kllj outside-address { address 10.147.20.1 } protocol all source { group { network-group Upstream } } type source } } ssh { port 22 protocol-version v2 } unms { disable } }
