I’m a complete newbie about networking and ZeroTier, to the point that I’m still grasping some concepts, so I would appreciate a bit of a dumbed down info on this :).
My employer doesn’t let me go out of the country (Germany) while I work, even if I have a remote position. That’s alright by me, but at this moment, a medical emergency of a family member forces me to go to Austria for a month or so and I have no vacation days left. There’s no one else who can take care of them, as we’re the only two in my family in Europe.
I have a Brume 2 connected to my router that I intend to use as a traditional VPN server, directing all traffic on ZeroTier to the Brume. I have a travel router (Slate AX by GL.Inet) that I will take with me to Austria.
Setting up a traditional VPN with OpenVPN or Wire Guard isn’t an option for my particular case due to ISP restrictions.
From firmware 4.2, GL.Inet devices support ZeroTier natively. I followed some tutorials, I set up my Brume 2, my Slate AX and my phone in my ZeroTier network, and I’ve added The following route:
[0.0.0.0/0] via (My brume’s ZeroTier IP)
Is that enough, or am I missing something? I read about Default Route Override, and it seems that I have to enable that. I’m not sure how to do this, and the documentation on it is too complicated for me to follow. Maybe someone can dumb it down for me?
You forgot to explain your main objective but I guess it’s connecting a remote computer to you job, right?
Question, don’t you have some kind of VPN already inplace at work and secondly is ZeroTier a completelty new solution for them? You also forgott to inform about where the diffrent routers are located ie at work or home, etc.
Anyway, generally you just need a ZeroTier node on the job’s default gateway with the necessary routing to the part of the corporate network that you need to access. If ZeroTier is not on the default gateway, you need to add routing from it to the ZeroTier’s network or as an alternativ use src-nat.
Please notice: be absolutely sure to check with your employer (in writings!) that you are not breaching any security policies when adding ZeroTier to acccess the coroporate network.
The objective is to connect my work computer to my home network, i.e, my location shows as me being at home instead of showing that I’m in Austria.
So my Brume which would be the server is connected to my home internet. My Slate will travel with me and will be my router, being used as a repeater in Austria.
I talked with IT, and they said it’s alright. The thing is everyone at work is 100% fine with me working from Austria for this emergency, it’s just that I’m not supposed to do it due to German law.
Here are some suggestions. Point 1 and 2 utilize visible addresses on the work network exclusively.
This is absolutely the easiest way and requires the least amount of work. It is also the most flexible since you can securely connect your laptop anywhere as long as you have internet access
1.A) Install ZeroTier on your work computer and enable Windows Remote Desktop: Start->Settings->System->Remote Desktop->Enable Remote Desktop.
2.B) As the ZeroTier network interface profile is set to “public” by default, change the firewall access for RDP accordingly (ie enable RDP access for the ZeroTier subnet or just “public”)
1.C) Install ZeroTier on the laptop you are bringing with you.
1.D).Connect to your work computer using Remote Desktop Connection from the laptop.
Moderately difficult and requires knowledge of routing, packet forwarding, etc
2.A) Install ZeroTier on a standalone node (router) on the work network and use src-nat and “Managed Routes” to route ZeroTier to the work network.
2.B). Connect using 1b+1c or alternative use direct network access to respective services on the work network (this requires possible legacy and enterprise software to be installed on your laptop)
Site-to-site VPN. Most complicated, least flexible and least secure. Not recommended in your case.
3.A) Install ZeroTier on a standalone node (router) on the work network.
3.B) Install ZeroTier on a travel router.
3.C) Use “Managed Routes” to route ZeroTier between the work network and the travel router.
3.D) Make sure both networks are routed through ZeroTier on their respective default gateways.
3.E) Note that without filters, this gives full access in both directions, i.e all devices on your local network have full access to the work network and the other way around.
3.F) Same requirements as 2b.
–
There are some possible variations but most requires good knowledge of networking like protocols, routing and so forth.
To test these solutions, connect your laptop to the internet through your smartphone. If you happen to lose your laptop or something similar, immediately remove (or revoke) that node using ZeroTier Central.