I have a firewall with multi wan support (pfsense, opnsense).
Now I have several wans, the default one and others.
Zerotier goes on the default one.
I need a firewall rule to tell zerotier to use second wan.
With other vpn it is very easy, I tell firewall to redirect all traffic that goes to vpn server to second wan.
But with zerotier there is no “server” and no fixed port.
What can I do?
There is not really a way directly as the ports are random (9993 as the src/dest udp is usually attempted). However, this is what you can do:
- Create a linux VM and add net.ipv4.ip_forward=1 to /etc/sysctl.conf, then reboot.
- Create policy routing in pfsense for that specific vm to only use a certain wan interface instead of your gateway group. This will force that vm to connect only via a specific wan.
- Join that linux vm to your zerotier networks
- Create routes in pfsense to route the zerotier subnets to that vm. That VM will then route to whichever zerotier networks its connected to.
- In the Zerotier controller, add routes to all subnets pfsense handles to route to the zerotier vm that you need accessible from zerotier.
This is how I use zerotier without needing to load zerotier to each device at each site. I just have 1 device that acts as a routing endpoint. Any devices on my network can talk to remote zerotier devices and vice versa. I also have rules set up that limit which device can access what.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.