Add vlan tag to ZT traffic going to certain subnet

I have 3 locations linked with zerotier. All three have different subnets. This is working. I can access all three subnets from any location and from any ZT connected device (laptop) from a remote location.

edit: All the routers are mikrotik.

I have a need in the third location to separate into vlans.

Zerotier network: 10.10.10.0/24
router 1 - 10.10.10.1/24
subnet - 192.168.11.0/24

router 2 - 10.10.10.2/24
subnet - 192.168.88.0/24

router3 - 10.10.10.3/24
subnet - 10.252.0.0/24 (needs to be vlan 50)

I am trying to find the proper way to tag traffic coming into zerotier destined for subnet 10.252.0.0/24 as vlan50.

My zerotier interface is not part of my bridge, as it causes routing issues if I try that. I have a firewall rule that allows all ZT traffic at the top of the list.

Please help me find what link I’m missing to make this work.

Hmmm - I have a similar setup and normally if your firewall rules allows all zerotier traffic, the routing should happen automatically. The only potentially missing piece is if the destination subnet that lives in VLAN50 is registered in the my.zerotier as a destination subnet. I have 4 VLANs on one site and I have registered all 4 subnets to the zerotier IP of the Mikrotik router for that site and I can reach all of them remotely.

Normally on the router you should have an interface in VLAN 50 and it’s just another IP address. The fact that it’s in a VLAN is irrelevant to zerotier.