ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZeroTier + Active Directory Authentication

    Scheduled Pinned Locked Moved IT Discussion
    zerotieradactive directoryauthenticationwork in progress
    111 Posts 10 Posters 47.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @dafyre
      last edited by

      @dafyre said:

      @Dashrender said:

      @wrx7m said:

      @FATeknollogee said:

      @Dashrender You have a "how to" instruction set?

      I think @dafyre created a script for it. I am pretty sure you can only install the bridge on a connector, which has to be a Linux box.

      Doh! you're right it was @dafyre

      It wasn't a script... Esentially what I did was build a Linux router.

      I have been unable to get the Official Bridged mode to work for some reason or another... It sounds like that is more involved than what @JaredBusch wants to do though.

      I'd agree - bridge mode is like a huge pain. Putting all devices into a /16 network? WOW - no thanks. Of course I realize you could just as easily do with with a /23 or /22.

      I'm curious though.. what happens when two NICs have IPs in the same range? This would be the case when a laptop is in the office.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said:

        I'm curious though.. what happens when two NICs have IPs in the same range? This would be the case when a laptop is in the office.

        Why would that happen with laptops?

        dafyreD 1 Reply Last reply Reply Quote 0
        • dafyreD
          dafyre @scottalanmiller
          last edited by

          @scottalanmiller said:

          @Dashrender said:

          I'm curious though.. what happens when two NICs have IPs in the same range? This would be the case when a laptop is in the office.

          Why would that happen with laptops?

          He means if they use the same IP range for both the LAN and the ZT network... what would happen if a laptop got 192.168.16.16 on the LAN, as well as 192.168.16.16 on the ZT network.

          scottalanmillerS DashrenderD 2 Replies Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @dafyre
            last edited by

            @dafyre said:

            @scottalanmiller said:

            @Dashrender said:

            I'm curious though.. what happens when two NICs have IPs in the same range? This would be the case when a laptop is in the office.

            Why would that happen with laptops?

            He means if they use the same IP range for both the LAN and the ZT network... what would happen if a laptop got 192.168.16.16 on the LAN, as well as 192.168.16.16 on the ZT network.

            Oh, you can't do that. The devices would freak out. It's as simple as... you can't.

            But... when would this happen? Why would you choose a ZT network that overlaps with the LAN?

            wirestyle22W dafyreD 2 Replies Last reply Reply Quote 0
            • wirestyle22W
              wirestyle22 @scottalanmiller
              last edited by

              Oh, you can't do that. The devices would freak out. It's as simple as... you can't.
              But... when would this happen? Why would you choose a ZT network that overlaps with the LAN?

              Couldn't you create two separate reservations--one for the LAN and one for ZT?

              dafyreD scottalanmillerS 2 Replies Last reply Reply Quote 0
              • dafyreD
                dafyre @scottalanmiller
                last edited by

                @scottalanmiller said:

                @dafyre said:

                @scottalanmiller said:

                @Dashrender said:

                I'm curious though.. what happens when two NICs have IPs in the same range? This would be the case when a laptop is in the office.

                Why would that happen with laptops?

                He means if they use the same IP range for both the LAN and the ZT network... what would happen if a laptop got 192.168.16.16 on the LAN, as well as 192.168.16.16 on the ZT network.

                Oh, you can't do that. The devices would freak out. It's as simple as... you can't.

                But... when would this happen? Why would you choose a ZT network that overlaps with the LAN?

                I think that may have been something that someone read a little too much into what @adam-ierymenko was saying about bridging (either in this thread, or another).

                1 Reply Last reply Reply Quote 0
                • dafyreD
                  dafyre @wirestyle22
                  last edited by

                  @wirestyle22 said:

                  Oh, you can't do that. The devices would freak out. It's as simple as... you can't.
                  But... when would this happen? Why would you choose a ZT network that overlaps with the LAN?

                  Couldn't you create two separate reservations--one for the LAN and one for ZT?

                  Right, but then how does the computer know which IP range to actually talk from?

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @wirestyle22
                    last edited by

                    @wirestyle22 said:

                    Oh, you can't do that. The devices would freak out. It's as simple as... you can't.
                    But... when would this happen? Why would you choose a ZT network that overlaps with the LAN?

                    Couldn't you create two separate reservations--one for the LAN and one for ZT?

                    DHCP would not work, you'd have a mess.

                    wirestyle22W 1 Reply Last reply Reply Quote 0
                    • wirestyle22W
                      wirestyle22 @scottalanmiller
                      last edited by

                      @scottalanmiller said:

                      @wirestyle22 said:

                      Oh, you can't do that. The devices would freak out. It's as simple as... you can't.
                      But... when would this happen? Why would you choose a ZT network that overlaps with the LAN?

                      Couldn't you create two separate reservations--one for the LAN and one for ZT?

                      DHCP would not work, you'd have a mess.

                      I was thinking statically assigned IP's

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @dafyre
                        last edited by

                        @dafyre said:

                        @scottalanmiller said:

                        @Dashrender said:

                        I'm curious though.. what happens when two NICs have IPs in the same range? This would be the case when a laptop is in the office.

                        Why would that happen with laptops?

                        He means if they use the same IP range for both the LAN and the ZT network... what would happen if a laptop got 192.168.16.16 on the LAN, as well as 192.168.16.16 on the ZT network.

                        uh.. no - that shouldn't happen.

                        So looking at the ZT docs on creating a bridge: The LAN will use 192.168.0.x and ZT will use 192.168.1.x. DHCP on the LAN will only provide 192.168.0.x addresses so you'll never have a conflict of IPs (wasn't part of my concern)
                        But since this is all in the same /22 you now have two adapters on the same network.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @wirestyle22
                          last edited by

                          @wirestyle22 said:

                          @scottalanmiller said:

                          @wirestyle22 said:

                          Oh, you can't do that. The devices would freak out. It's as simple as... you can't.
                          But... when would this happen? Why would you choose a ZT network that overlaps with the LAN?

                          Couldn't you create two separate reservations--one for the LAN and one for ZT?

                          DHCP would not work, you'd have a mess.

                          I was thinking statically assigned IP's

                          Bottom line, you cannot overlap the same network. It conceptually doesn't even make sense. The machine would have no idea how to differentiate between the two because they are literally the same network.

                          Static, dynamic, reservations.. doesn't matter. You can't layer the same network on itself.

                          1 Reply Last reply Reply Quote 1
                          • scottalanmillerS
                            scottalanmiller @Dashrender
                            last edited by

                            @Dashrender said:

                            @dafyre said:

                            @scottalanmiller said:

                            @Dashrender said:

                            I'm curious though.. what happens when two NICs have IPs in the same range? This would be the case when a laptop is in the office.

                            Why would that happen with laptops?

                            He means if they use the same IP range for both the LAN and the ZT network... what would happen if a laptop got 192.168.16.16 on the LAN, as well as 192.168.16.16 on the ZT network.

                            uh.. no - that shouldn't happen.

                            So looking at the ZT docs on creating a bridge: The LAN will use 192.168.0.x and ZT will use 192.168.1.x. DHCP on the LAN will only provide 192.168.0.x addresses so you'll never have a conflict of IPs (wasn't part of my concern)
                            But since this is all in the same /22 you now have two adapters on the same network.

                            I don't have the docs in from of me, but why is it making two addresses on the same LAN?

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @scottalanmiller
                              last edited by

                              @scottalanmiller said:

                              @Dashrender said:

                              @dafyre said:

                              @scottalanmiller said:

                              @Dashrender said:

                              I'm curious though.. what happens when two NICs have IPs in the same range? This would be the case when a laptop is in the office.

                              Why would that happen with laptops?

                              He means if they use the same IP range for both the LAN and the ZT network... what would happen if a laptop got 192.168.16.16 on the LAN, as well as 192.168.16.16 on the ZT network.

                              uh.. no - that shouldn't happen.

                              So looking at the ZT docs on creating a bridge: The LAN will use 192.168.0.x and ZT will use 192.168.1.x. DHCP on the LAN will only provide 192.168.0.x addresses so you'll never have a conflict of IPs (wasn't part of my concern)
                              But since this is all in the same /22 you now have two adapters on the same network.

                              I don't have the docs in from of me, but why is it making two addresses on the same LAN?

                              because that's how bridging works. Bridging assumes NO routes.. everything is on the same subnet.

                              1 Reply Last reply Reply Quote 1
                              • DashrenderD
                                Dashrender
                                last edited by

                                https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                                Configure the DHCP Server in the Office LAN to give leases in the range 10.0.0.100-10.0.0.200.
                                Configure the ZeroTier portal to manage IP addresses in the range range 10.0.1.100-10.0.1.200. Note how the address ranges are in the same 10.0.0.0/16 subnet, but have a unique pool of IP addresses.

                                The instructions have you create a giant subnet /16 the LAN will be on x.x.0.x and the ZT will be on x.x.1.x No routers involved for communication here.

                                dafyreD 1 Reply Last reply Reply Quote 2
                                • DashrenderD
                                  Dashrender
                                  last edited by

                                  So if I'm reading this correctly, using bridging means that no ZT devices can ever be on the local network, except the one server providing the bridging, which it's doing through a disconnected NIC port that's acting like a switch port.

                                  The typical ZT clients would need to never be on that same physical network.

                                  JaredBuschJ A 2 Replies Last reply Reply Quote 1
                                  • JaredBuschJ
                                    JaredBusch @Dashrender
                                    last edited by

                                    @Dashrender said:

                                    So if I'm reading this correctly, using bridging means that no ZT devices can ever be on the local network, except the one server providing the bridging, which it's doing through a disconnected NIC port that's acting like a switch port.

                                    The typical ZT clients would need to never be on that same physical network.

                                    There is no reason they cannot be on the same network.
                                    I can have my laptop plugged in to the LAN and WiFi at the same time. they get two different addresses. This is no different with ZT. it is a separate adapter.

                                    Basic IP functions here, nothing complicated.

                                    DashrenderD 1 Reply Last reply Reply Quote 1
                                    • dafyreD
                                      dafyre @Dashrender
                                      last edited by

                                      @Dashrender said:

                                      https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                                      Configure the DHCP Server in the Office LAN to give leases in the range 10.0.0.100-10.0.0.200.
                                      Configure the ZeroTier portal to manage IP addresses in the range range 10.0.1.100-10.0.1.200. Note how the address ranges are in the same 10.0.0.0/16 subnet, but have a unique pool of IP addresses.

                                      The instructions have you create a giant subnet /16 the LAN will be on x.x.0.x and the ZT will be on x.x.1.x No routers involved for communication here.

                                      I totally missed that bit before... I think I am going to try it out again. 🙂

                                      DashrenderD 1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender @JaredBusch
                                        last edited by

                                        @JaredBusch said:

                                        @Dashrender said:

                                        So if I'm reading this correctly, using bridging means that no ZT devices can ever be on the local network, except the one server providing the bridging, which it's doing through a disconnected NIC port that's acting like a switch port.

                                        The typical ZT clients would need to never be on that same physical network.

                                        There is no reason they cannot be on the same network.
                                        I can have my laptop plugged in to the LAN and WiFi at the same time. they get two different addresses. This is no different with ZT. it is a separate adapter.

                                        Basic IP functions here, nothing complicated.

                                        Good point - I've done that before too. Though It's my understanding that the default in Windows - when the LAN is connected, the WLAN is ignored.

                                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @dafyre
                                          last edited by

                                          @dafyre said:

                                          @Dashrender said:

                                          https://www.zerotier.com/community/topic/5/bridging-ethernet-to-zerotier-virtual-networks-on-linux

                                          Configure the DHCP Server in the Office LAN to give leases in the range 10.0.0.100-10.0.0.200.
                                          Configure the ZeroTier portal to manage IP addresses in the range range 10.0.1.100-10.0.1.200. Note how the address ranges are in the same 10.0.0.0/16 subnet, but have a unique pool of IP addresses.

                                          The instructions have you create a giant subnet /16 the LAN will be on x.x.0.x and the ZT will be on x.x.1.x No routers involved for communication here.

                                          I totally missed that bit before... I think I am going to try it out again. 🙂

                                          Well that might be why your Bridge didn't work 😛

                                          I don't really want a bridge - I want a ZT to LAN router. Then you could have all of your printers on your production network, all of your users on open/free network, and the ZT would still provide IP access to the printers and their real IPs.

                                          The problem with this is putting a route into the local machine that ensures that traffic bound for that routed network goes through ZT, not the default gateway of the end point.

                                          dafyreD 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @Dashrender
                                            last edited by JaredBusch

                                            @Dashrender said:

                                            @JaredBusch said:

                                            @Dashrender said:

                                            So if I'm reading this correctly, using bridging means that no ZT devices can ever be on the local network, except the one server providing the bridging, which it's doing through a disconnected NIC port that's acting like a switch port.

                                            The typical ZT clients would need to never be on that same physical network.

                                            There is no reason they cannot be on the same network.
                                            I can have my laptop plugged in to the LAN and WiFi at the same time. they get two different addresses. This is no different with ZT. it is a separate adapter.

                                            Basic IP functions here, nothing complicated.

                                            Good point - I've done that before too. Though It's my understanding that the default in Windows - when the LAN is connected, the WLAN is ignored.

                                            Not even close to true. Windows does not care about it. You need to set that up in BIOS or have HP/Dell software running to do it automagically.

                                            In Windows, you can set adapter order. But some things like Pertino reinstall the adapter when they update and that puts it back on the top of the list.

                                            This is where you specify it in Windows.

                                            0_1458317895214_upload-011b79a0-a98c-4783-aeaf-3b966706c1d9

                                            0_1458317929845_upload-27d5cf25-e179-4a8d-9ef4-f64ba0fa5371

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 2 / 6
                                            • First post
                                              Last post