I spoke a bit too soon - I wasn’t able to get the Protectli to issue an ip address to the stream bridge - now I know something about self-assigned IPs.
What I did do is take the LAN port on the Protectli and connect it to a small 4 port unmanaged switch. On the switch I hooked up one ethernet cable to the protectli LAN port (WAN port to internet via router) and another to the steam bridge. The stream bridge now gets a proper IP address. Here’s the current setup:
Waco Protectli LAN IP - 192.168.10.1
Waco Stream Bridge IP (assigned by router) - 192.168.10.11
Waco Protectli ZT IP - 10.147.19.87
I can ping the Protectli ZT IP from another machine and all looks good. I’m about to travel to the camera location and will have the following setup:
Austin Protectli LAN IP - 192.168.1.1
Austin Camera IP - not sure yet, will be assigned by router through switch)
Austin Protectli ZT IP - 10.147.19.97
At this moment I can not ping the stream bridge IP (192.168.10.11), but I think that’s expected as it’s not a ZT IP. Is this where routing happens? It seems like I need a way to tell ZT running on the router that anything sent to 192.168.10.11 should go to a ZT managed IP. Is that right?
Waco Protectli LAN IP - 192.168.10.1
Waco Stream Bridge IP (assigned by router) - 192.168.10.11
Waco Stream Bridge Gateway - 192.168.10.1
Austin Protectli LAN IP - 192.168.20.1
Austin Camera IP - 192.168.20.10
Austin Camera Gateway - 192.168.20.1
I can ping the Stream Bridge (192.168.10.11) successfully from a ZT desktop. When I try to ping the camera I get a ‘Communication prohibited by filter’ error. The camera is capable of being pinged when hooked up in a traditional local switch.
Edit - had to update the route on ZT. Can ping the Camera and Stream bridge for a ZT desktop!
Welp, got it working! I’m putting a majority of the blame on Black Magic Design, with the remainder coming to me. When the Stream Bridge would autogenerate a config file for the camera, it would set the url in the XML setting as ‘store_bridge_name.local’. This, apparently, did not jive with Zerotier. Going into the XML and changing the url to the router zerotier (also worked with Wireguard VPN in site to site) address resulted in an immediate, fast, and stable connection. Thanks you @l0crian for helping me get through the nuances of a ZeroTier setup!