How do you add both a VM and the host to a ZeroTier network with a default route, while not routing all ZeroTier traffic from the VM through the default route?

I have a laptop running Windows 11, with a QEMU VM running Arch Linux. I also have an Amazon EC2 instance running Arch Linux on my ZeroTier network, set up as the destination for a default route using IPv4 NAT with Iptables. My VM has a Virtio network adapter whose backend is a TAP device (I installed the OpenVPN TAP driver). I bridged this TAP device to my WiFi adapter in the Windows Control Panel under Network and Internet > Network and Sharing Center > Change Adapter Settings. I have ZeroTier One installed on both the host and the VM, and with the default route disabled, both can access the internet and other Zerotier devices, including each other. However, when I enable the default route on the host, the VM loses all connectivity. DHCP still gives it an IP address on my WiFi network, but it cannot reach the internet or other ZeroTier devices. I have been trying to bridge the TAP device to the ZeroTier network instead of my WiFi adapter, so that the VM can be on my ZeroTier network without its own client and access the internet through the default route, but when I do that, the VM cannot connect to other ZeroTier devices or the internet. I added a static IP address on the VM using “ip addr add” that is within my ZeroTier subnet, and enabled network bridging for the host in ZeroTier control panel. I tried disabling managed IP addresses for the host but that did not fix anything. I know I could change the QEMU network backend to user mode networking, but then all ZeroTier traffic from the VM would go through the managed route, so for example the ZeroTier traffic from my VM to my ChromeBook would leave my local network, go through my EC2 instance, then re-enter my local network instead of just staying on my local network. If NAT traversal fails, it would go through a relay as well. I would like to have my VM on my ZeroTier network as a separate device so I can access services such as SSH and Syncthing running on the VM from other ZeroTier devices.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.