Need help to connect two office with OPNSense router and a laptop by using Zerotier
-
Hi everyone....
Hope you guys doing well over this crazy time
I have two office and a laptop that need to be connected together by using ZeroTier over the internet.
Each site has a 4G internet connection without public IP.I installed of each OPNSense router the ZeroTier client and assigned to the ZT interface a static IP.
On the laptop (Linux Mint) I successfully install the ZeroTier application and registered to the networkBelow you can see details
SITE 1
OPNS IP: 192.168.2.1/24
ZT INTERFACE: 10.10.10.2
WAN: 4GSITE 2
OPNS IP: 192.168.3.1/24
ZT INTERFACE: 10.10.10.3
WAN: 4GLAPTOP
ZT INTERFACE: 10.10.10.4
WAN: 4GAt this stage I can only ping and access the local network just from the laptop to office 1 & 2 by using the local network ip address but
I can't ping office 2 from office 1 and vice-versa.
I think I need set some rules on the OPNSense router but I am not sure how to do it.Any one can please help me with this?
Thanks a lot -
What's your goal here?
If your goal is connectivity between to locations, you could setup a site to site VPN.ZT is a mesh VPN, so all devices basically talk directly to all other devices.
-
@ismurdegus said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
I think I need set some rules on the OPNSense router but I am not sure how to do it.
Yes, that is what you need. Normally on firewalls all traffic is blocked. So you need to make rules for what you allow.
So if you want to be able to ping you need to allow ICMP.So on Site 1 firewall you need to allow incoming ICMP on the ZT interface and whatever else traffic you need that will come from outside in. And likewise on Site 2. Maybe on the laptop as well, I'm not sure.
You need to also allow traffic on the LAN interface on the firewall. In some cases there will be a rule already there just to make it easier to get up and running. But all rules are made from the firewall's point of view, because it's basically instruction what to do with the traffic.
What can make it tricky to grasp is that VPN interfaces and such, are their own (virtual) interface even if they physically are a part of the WAN interface.
-
@ismurdegus said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
I installed of each OPNSense router the ZeroTier client and assigned to the ZT interface a static IP.
ZT needs to be configured as a gateway. By default it is not, it's a client.
-
@scottalanmiller said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@ismurdegus said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
I installed of each OPNSense router the ZeroTier client and assigned to the ZT interface a static IP.
ZT needs to be configured as a gateway. By default it is not, it's a client.
On OPNsense you install OPNsense packages so it's not a regular install. You need to configure it in the GUI.
https://docs.opnsense.org/manual/how-tos/zerotier.html -
@Dashrender Yes I need a "Site to Site" VPN, but because I don't have a static or public IP, I can't use something OpenVPN.
-
@Pete-S Hi, I followed the instruction already, I have already done it.
-
@scottalanmiller Hi, I try it but is not working.
-
-
@ismurdegus said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Dashrender Yes I need a "Site to Site" VPN, but because I don't have a static or public IP, I can't use something OpenVPN.
When you say you don't have a public IP, I assume your 4G connecting is NATed.
You can setup things anyway with OpenVPN but you need to host a VPN hub on vultr, digitalocean or somewhere that has a public IP. Then you'd have a hub and spoke VPN topology.
-
@ismurdegus said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Pete-S Hi, I followed the instruction already, I have already done it.
Those instruction are just to setup the zerotier link. Then you have to figure out how to route the traffic over it.
Same thing with OpenVPN or any other VPN link. First you get the link up, then you need to route traffic over it.Normally you'd do something like this in a series of steps where you can verify that each step is successful.
If you are new to configuring firewalls with rules and routing, and perhaps also to OPNSense and Zerotier, I think it will be extremely difficult getting it to work - unless you can find step-by-step instruction that will work for you setup.
-
Another way that is easier to get working, is to just install zerotier on everything that need to communicate with each other.
So you don't set it up on the firewalls themselves but on the devices behind the firewall, for instance servers.
-
@Pete-S said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Another way that is easier to get working, is to just install zerotier on everything that need to communicate with each other.
So you don't set it up on the firewalls themselves but on the devices behind the firewall, for instance servers.
If you don't need any other devices like printers, NAS, IoT, etc.
-
@scottalanmiller said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Pete-S said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Another way that is easier to get working, is to just install zerotier on everything that need to communicate with each other.
So you don't set it up on the firewalls themselves but on the devices behind the firewall, for instance servers.
If you don't need any other devices like printers, NAS, IoT, etc.
if the printers/NAS are local to you, it shouldn't be a problem, but your point is valid.
-
Can OpenVPN not use DDNS instead of a specific IP?
-
@Dashrender said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Can OpenVPN not use DDNS instead of a specific IP?
The problem the OP has (I'm assuming) is that some 4G operators put you in their LAN, so you are behind NAT. You can't host a service that have incoming connections when you're behind a NAT and can't do port forwards.
But yeah if you have OpenVPN you only need one side that allows incoming connections. Dynamic IP would be fine.
-
@scottalanmiller said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Pete-S said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Another way that is easier to get working, is to just install zerotier on everything that need to communicate with each other.
So you don't set it up on the firewalls themselves but on the devices behind the firewall, for instance servers.
If you don't need any other devices like printers, NAS, IoT, etc.
You could work around that by routing over devices that has a zerotier connection. But if you know enough to do that I guess you'd have the knowledge to do it on the firewall instead.
ZT makes any machine dual homed.
-
@Pete-S said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
@Dashrender said in Need help to connect two office with OPNSense router and a laptop by using Zerotier:
Can OpenVPN not use DDNS instead of a specific IP?
The problem the OP has (I'm assuming) is that some 4G operators put you in their LAN, so you are behind NAT. You can't host a service that have incoming connections when you're behind a NAT and can't do port forwards.
But yeah if you have OpenVPN you only need one side that allows incoming connections. Dynamic IP would be fine.
Good point, I hadn't considered that.
-
Hey guys sorry for late update....
I still didn't fix my issue....like I say before I am not a PRO so I really need a step by step help if someone has time.The main issue is that the two site can't ping each other but I can from the laptop and access to both network LAN clients.
I tried to create a new GATEWAY and select the Zerotier interface + made a static rule but is not working.
