Configure zeroTier to work in a double-NAT situation

michel_angelo · June 24, 2022, 11:02am

Hello.
I want to use zeroTier to allow a secure remote access to my home network, using screen sharing. This is useful to access my computer, my data stored on a server, my home automation software. `screen sharing being an unsecured connection, it must pass through a secure link, like SSL.

ZEroTier permits to do what I want, provided always I do not use a double NAT.

Unfortunately, I see no alternative to double NATTing, in view of the fact (1) I cannot trust the firewall made mandatory by my ISP, and (2) I am not authorized to configure my ISP’s mandatory modem as bridge (the usual solution to prevent double NATTing…

If I locate a device in the LAN created by my ISP’s modem, in addition to my mobile computer when I am anywhere outside home and my mobile computer (when at home) `would that help Zerotier to memorize the path to my local server+.

Could that work ?

Which type of device should I set for this purpose ?

Many thanks in advance for any reply.

Michelangelo

zt-travis · June 24, 2022, 3:41pm

Hello,
thanks for writing. If there was some way to make it more reliable behind double NAT, we’d do it.

One thing you can do: if you can use a router than can run zerotier, then it won’t be double nat’d. Your LAN devices would access the zerotier network through that router instead of via the zerotier app.

Here is little list of router/firmware that runs zerotier

michel_angelo · June 24, 2022, 5:55pm

Hello. Great reply. Yes, using the firewall hidden behind my ISP’s modem, if you say so, coud be a way to go.

My device is not listed in your list, but it is quite close. I use a Netgate SG-1000 micro firewall, which runs pfSense on freeBSD. Not far indeed. In spite of the fact I am quite ignorant, I have always experienced excellent support from the pfSense experts, through the pfSense forum.

With your consent (and help), I could try to suggest the great pfSense community to produce a pfSense package which would save my bacon.

Could I contact them on the pfSense forum ordo you have any desire to the contrary ?

Many thanks in advance.

zt-travis · June 24, 2022, 6:07pm

pfsense had a zerotier package at one point. I’m not sure if it’s still maintained. I think there’s already a request out there for it.

charles.ross.oh · April 5, 2024, 2:52pm

A list with 1 item is technically a list, but geez…

zt-travis · April 5, 2024, 5:21pm

You can find it I believe in you