Expose Lan using zerotier and mikrotik

Hello there
i am new to mikrotik router ( i have got one today )

i have installed zerotier in mikrotik ,but i do not know how to let mikrotik make lan devices reachable via zerotier client :

netwrok A

PC- zerotier client IP (10.147.20.133)

network - B
internet modem 192.168.1.1
mikrotik 192.168.1.2
zerotier client -installed on mikrotik 10.147.20.135

PC 1 lan 192.168.1.10
PC 2 lan 192.168.1.20
PC 3 lan 192.168.1.30

what i need now is how to reach PC1-PC2 and PC3 in network B from PC in network A
I can do that by routing zerotier and physical network in linux , but do not know how to do that in mikrotik .

Plz Help

Hello,
thanks for writing.
I’m not sure what to do on the mikrotik side. In general, you need to allow ip forwarding on the “router” device. Maybe someone will chime in, or you can check on the mikrotik forum or docs.

On the zerotier network, you can add a managed route 192.168.1.0/23 via 10.147.20.133 so that your zerotier devices will know the route to that LAN.

thanks ZT for replay

Actually i know how to deal with zerotier web console and work great with linux debian ,my problem is with mikrotik .
i arelady asked my need on mikrotik website but waiting my Question to be approved first then will be posted .
the mikrotik it self is confusing that’s why i do not know where to start and how to work with ethernet ports etc…

This is new since I last looked

https://help.mikrotik.com/docs/display/ROS/ZeroTier

thanks man i followed the steps in the link u gave but still not solving the problem .

anyway i really appreciate and respect your effort with me. you are helpful .

I’ve similar problem, have you found a solution?

If you have your routes correct in the Tik… adding routes to the Zerotier interface has gotten me all over networks.

You have to tell the MikroTik there is a network behind 10.147.20.133. This can be done with dynamic routing or static routing.

Static Routing

/ip route add dst-address=10.147.20.0/23 gateway=10.147.20.133

I’m not sure what firewall rules your running but you will need to allow traffic from each side and place those rules above your block rules.

@taqwarami , I’ve been able to add the lan ports to the ZT network, so that a physical device connected in the Mikrotik will be reachable to the rest of the ZT devices.
The use case I’m pursuing is to have VoiP phones connected to the MK reaching a PBX that has a ZT address. The problem I found so far is that the physical devices need to be configured with static IP to work, as I couldn’t manage the ZT network to provide DHCP addresses just yet. Maybe posting this here will allow someone to respond with a solution.

This is what I’ve done:

1. Powerup Mikrotik switch
   Connect ethernet cable to port1. This will give the Mikrotik an IP on the network. Then connect to the device using WinBox via IP 192.168.88.1

2. Install the ZeroTier package if not there already by downloading package from mikrotik.com and uploading to router using files command on the router (drag and drop file)
   [admin@mikrotik] > zerotier/enable zt1
   [admin@mikrotik] zerotier/interface/add network=zt-network-id instance=zt1

Check configuration with:
[admin@MikroTik] > zerotier/interface/print

Enable forwarding of packets
[admin@mikrotik] /ip firewall filter> add action=accept chain=forward in-interface=zerotier1 place-before=0
[admin@mikrotik] /ip firewall filter> add action=accept chain=input in-interface=zerotier1 place-before=0

3. Remove physical interface from the default bridge
   The 5 ethernet interfaces are joined in a bridge called ‘bridge’. You need to remove them first, before enabling them in a new bridge. In Winbox, remove the interfaces using the Bridges menu

4. Create a new bridge called ztbridge

5. Add physical interface and zerotier one

[admin@MikroTik] /interface/bridge/port
[admin@MikroTik] /interface/bridge/port> add bridge=ztbridge interface=zerotier1 trusted=yes
[admin@MikroTik] /interface/bridge/port> add bridge=ztbridge interface=ether4 trusted=yes

The trusted=yes allows DHCP packets to transverse that network.

Now your ether4 port is part of the ZT network. Assign a static IP on your computer with gateway on your zt network IP but ending on xx.yy.zz.1 and connect to the Ether4 port. You should be able to ping the other zt devices.

Again, this works for static IP on the physical network. I don’t know how to make it work with ZT provide DHCP ranges. Maybe I need to add a new DHCP server on the Mikrotik with a DHCP range outside of the ZT DHCP range, but in the same subnet? Just a thought as I’m writing this up.

Try this:

From my prior post, just add the zerotier1 interface to the ethernet bridge and see if this resolves your issue:

[admin@MikroTik] /interface/bridge/port
[admin@MikroTik] /interface/bridge/port> add bridge=bridge interface=zerotier1

Then, to route from the ZT to the Tik, add a managed route on ZT:
add a managed route 192.168.1.0/23 via 10.147.20.133 as noted by @zt-travis

To route from the Tik to ZT, add a route on the Tik as noted by @NatTek,
/ip route add dst-address=10.147.20.0/23 gateway=10.147.20.133

but I believe the gateway should be either the port on the Tik router (10.147.20.135) or the ZT default gateway (10.147.20.1), not the PC ip.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.