Can ping some IPs on local LAN but not all

rash.m2k · October 13, 2023, 9:48am

OK folks, so I’ve setup my openwrt router, everything is working by following this guide: Home · mwarning/zerotier-openwrt Wiki · GitHub

The problem is I can ping some of the devices e.g. printer, camera etc but some devices won’t respond to ping and I can’t get access to them, e.g. I have my nextcloud instance running on IP 192.168.1.222 but I can’t access it, my camera however on IP .250, I can access perfectly fine.

I have restarted the zerotier service on the router, but that hasn’t fixed it, so currently I’m at a loss as to why it works for some and not others.

I’m struggling to see what the issue is, need some help debugging this please.

l0crian · October 13, 2023, 2:38pm

Without having read that article, it sounds like you’re doing bridging from the OpenWRT Router. So you have some remote device that is also on the 192.168.1.0/24 range. and you want it to talk strictly at Layer2.

If that is accurate, (from a design perspective), do you actually need the hosts to talk on Layer2? There’s some added complexity with stretching L2 into on-prem over a WAN, along with less visibility when troubleshooting. Just food for thought.

I might need more info on your deployment, but when you’re pinging your printer and camera, is that coming from a remote device on your ZT network? If so, it would seem to indicate you have things configured correctly for OpenWRT and ZT.

What is your NextCloud running on? Is it a docker on a host? Can you ping other Dockers/Services on that host?

rash.m2k · October 13, 2023, 4:22pm

I have this setup

internet == openwrt(running ZT - in bridging mode) == lan == camera, printer, server etc.

Then I connect my phone to ZT via 4g/5g and when I am not at home I can see my camera.

This is my ZT config:

Managed routes:
||172.23.0.0/24||(LAN)||
||192.168.1.0/24|via|172.23.0.1||

Auto assign pools:

172.23.0.1 to 172.23.0.255

My Router IP is 192.168.1.1
ZT IP on the router is 172.23.0.1

This setup should work and does work - for some IPs, but I’m trying to figure out why it doesn’t for ALL IPs?

For the time being I have fixed it by installed ZT on my server and now suddenly 192.168.1.222 pings and works fine…

BUT I shouldn’t have to do that…

l0crian · October 13, 2023, 4:39pm

Is it currently only services running on that server that are not reachable without putting ZT directly on it?

My immediate guess is the Server has a host level firewall that is blocking your traffic. A quick way to test this is disable the ZT you just put on your server, and try to ping the remote ZT node from the server. If that ping work, but you can’t ping from the remote Node to services on the server, then it’s a host level issue.

l0crian · October 13, 2023, 4:48pm

One side note: You’re not actually doing bridging right now. You’re doing a routed setup. For it to actually bridge, you’d need your on-prem LAN subnet (192.168.1.0/24) to be the same subnet as your ZT nodes.

It doesn’t seem right now that you actually need bridging though, so that’s perfectly fine.

system · November 12, 2023, 4:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.