1. Sources
- ZeroTier on a Ubiquiti EdgeRouter | kruyt.org
- https://community.ui.com/questions/How-to-bridge-two-network-interface/b74f4c6e-dbea-4587-bd53-3ce8acdf9b6b
2. Introduction
Based on the 2 articles, I have created a consolidated guide on how to connect a EdgeRouter to ZeroTier and provide it as VLAN. If there are any mistakes or additions needed, please let me know. I hope that this guide will help some people.
Tested with EdgeRouter X (v2.0.9-hotfix.4) and EdgeRouter 10X (v2.0.9-hotfix.4)
3. Example Information
3.1 ZeroTier Network
- Id =
c7c8172af19 - Name =
mynetworkname - Network =
10.203.0.0/24 - Range Start =
10.203.0.2 - Range End =
10.203.0.254
3.2 EdgeRouter Local Network
- EdgeRouter IP (eth0) =
192.168.2.75
3.3 EdgeRouter ZeroTier Network
- Name =
eth203 - Description =
eth.mynetworkname - EdgeRouter IP (eth203) =
10.203.0.123
3.4 EdgeRouter VLAN
- Id =
203 - Description =
vlan.mynetworkname - Network =
10.203.1.0/24 - Range Start =
10.203.1.2 - Range End =
10.203.1.254 - Router =
10.203.1.1 - Router =
1.1.1.1
4. Guide
4.1 ZeroTier | Web UI | Create Network
- Navigate to “Basics”
- Note the “Network ID” for later use →
c7c8172af19 - Set “Name” to
mynetworkname - Navigate to “Advanced”
- Define your network at “Managed Routes” → “Destination” to
10.203.0.0/24 - Click “Submit”
- Set “IPv4 Auto-Assign” → “Range Start” to
10.203.0.2 - Set “IPv4 Auto-Assign” → “Range End” to
10.203.0.254 - Click “Submit”
4.2 EdgeRouter | SSH | Install or Update ZeroTier
Note: Only needed once
sudo -icurl -s https://install.zerotier.com | sudo bash
4.3 EdgeRouter | SSH | Create firmware upgrade persistence
Note: Only needed once
cd /var/libmv /var/lib/zerotier-one /config/scripts/ln -s /config/scripts/zerotier-one
4.4 EdgeRouter | SSH | Join ZeroTier network
zerotier-cli join c7c8172af19
4.5 EdgeRouter | SSH | Map your ZeroTier interface
vi /var/lib/zerotier-one/devicemap- Add
c7c8172af19=eth203 - Press
- Press
: - Enter the following
wq - Press
- Restart ZeroTier
/etc/init.d/zerotier-one restart
4.6 EdgeRouter | SSH | Enable new eth203 interface in EdgeOS
configureset interfaces ethernet eth203 description "eth.mynetworkname"commitsave
4.7 ZeroTier | Web UI | Allow EdgeRouter as member and bridge
- Navigate to “Members”
- Find your EdgeRouter
- Enable the “Auth?”-Checkbox
- Click on the settings icon
- Enable the “Allow Ethernet Bridging”-Checkbox
- Optional: Change the EdgeRouter IP
- Note the EdgeRouter IP for later use →
10.203.0.123
4.8 ZeroTier | Web UI | Add Managed Route
- Navigate to “Advanced”
- Set “Managed Routes” → “Destination” to
10.203.1.0/24 - Set “Managed Routes” → “Via” to
10.203.0.123 - Click “Submit”
4.9 EdgeRouter | Web UI | Create VLAN Interface
- Navigate to “Dashboard” → “Add Interface” → “Add VLAN”
- Set “VLAN ID” to
203 - Set “Interface” to
switch0 - Set “Description” to
vlan.mynetworkname - Set “Address” to
Manually define IP address→10.203.1.1/24 - Click “Save”
4.10 EdgeRouter | Web UI | Create DHCP Server for VLAN
- Navigate to “Services” → “Add DHCP Server”
- Set “DHCP Name” to
vlan.mynetworkname - Set “Subnet” to
10.203.1.0/24 - Set “Range Start” to
10.203.1.2 - Set “Range Stop” to
10.203.1.254 - Set “Router” to
10.203.1.1 - Set “DNS 1” to
1.1.1.1or anyone you like - Click"Save"
4.11 EdgeRouter | Web UI | Add Source NAT Rule
- Navigate to “Firewall/NAT” → “NAT” → “Add Source NAT Rule”
- Set “Description” to
snat.mynetworkname - Set “Outbound Interface” to
eth203 - Set “Translation” to
Specify address and/or port→10.203.0.123 - Set “Protocol” to
All protocols - Set “Src Address Group” → “Interface Addr” to
switch0.203 - Click “Save”
4.12 EdgeRouter | Web UI | Add Destination NAT Rule
- Navigate to “Firewall/NAT” → “NAT” → “Add Destination NAT Rule”
- Set “Description” to
dnat.mynetworkname - Set “Inbound Interface” to
eth203 - Set “Translations” → “Address” to
192.168.2.75 - Set “Protocol” to
All protocols - Set “Dest Address Group” → “Interface Addr” to
switch0.203 - Click “Save”
- That’s it!