Cannot access internet after configuring Zerotier

Hello everyone,
my Linux machine crashed (Raspberry Pi 4 running Raspberry Pi OS) and now I want to reinstall my zerotier “server”. The device is supposed to act as server between the internet and my LAN.
This worked before but now I cannot seem to get it right anymore.

Raspberry Pi is connected to the internet via wifi (wlan0).

My script looks like this

#!/bin/bash

echo “Install zerotier?”
read user_input
if [ “$user_input” = “y” ]; then
curl -s https://install.zerotier.com | sudo bash
sudo zerotier-cli join $MYZTNETWORK #then allow client to zerotier network
sudo zerotier-cli listnetworks
echo “Done”
fi

echo “Edit /etc/sysctl.conf to uncomment net.ipv4.ip_forward? This enables forwarding at boot.”
read user_input
if [ “$user_input” = “y” ]; then
sudo sysctl -w net.ipv4.ip_forward=1
#sudo nano /etc/sysctl.conf
echo “Done”
fi

echo “Configure iptables (replace $ZT_IFACE with the Zerotier client interface zt12345678?”
read user_input
if [ “$user_input” = “y” ]; then
echo “Enter Zerotier Interface name (zt12345678)”
read ZT_IFACE
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $ZT_IFACE -o wlan0 -j ACCEPT
sudo apt install iptables-persistent
sudo sh -c “iptables-save > /etc/iptables/rules.v4”
echo “Done”
fi

echo “We don’t want ZeroTier to manage addresses or routes on $ZT_IFACE. We’re doing it statically below, on the bridge interface.”
read user_input
if [ “$user_input” = “y” ]; then
sudo zerotier-cli set $MYZTNETWORK allowManaged=0
echo “Done”
fi

echo “Switch to systemd networking?”
read user_input
if [ “$user_input” = “y” ]; then
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf;
sudo systemctl enable systemd-networkd;
sudo systemctl enable systemd-resolved;
sudo systemctl enable systemd-timesyncd;
echo “Done”
fi

echo “Configure interfaces?”
read user_input
if [ “$user_input” = “y” ]; then
cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0.network
[Match]
Name=“br0”

[Network]
Address=192.168.0.2/24
Gateway=192.168.0.1
DNS=192.168.0.1
EOF

cat << EOF | sudo tee /etc/systemd/network/br0.netdev
[NetDev]
Name=“br0”
Kind=bridge
EOF

cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0-zt.network
[Match]
Name=$ZT_IFACE

[Network]
Bridge=“br0”
EOF

cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0-en.network
[Match]
Name=wlan0 # might be en*

[Network]
Bridge=“br0”
EOF
fi

echo “Please reboot”

But after running it, I cannot access the internet from that “server” anymore. I was able to connect to the server from the outside, but not to the LAN and not from the server to the internet.

Am I doing something wrong?
IPv6 is disabled on the zerotier network.

grafik850×147 4.34 KB

I just can’t figure it out.

Thank you everyone!
Alex

P.S.: In case it matters, IPv6 is disabled only on the zerotier WebUI, not the RasPi OS.

Hello,
sorry you’re having trouble. It’s pretty tricky. I haven’t tried this with the wifi interface. Were you using wifi the first time when it was working?

Hello Travis,

originally I was not, no.
I got it to work using eth0 after running
sudo apt remove --purge --auto-remove dhcpcd5 fake-hwclock ifupdown isc-dhcp-client isc-dhcp-common openresolv

Unfortunately this completely kills wifi, so you lose the wifi interface. I guess it might be due to dhcpcd5, but I don’t know.
Luckily I am using eth0, but it would be interesting to know why this kills wlan0 but not eth0.

Bridging an 802.11WiFi adapter to an Ethernet adapter (a virtual ZeroTier adapter or otherwise) generally does not work. From what I’ve read, it may be possible depending on hardware & some elbow grease, but that’s probably beyond the scope of topic here.

If things must be shared over the wifi connection, it’d be better to do Layer 3 Routing, rather than attempting an L2 Bridge.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.