Hello all and good to be here.
I’ve set up ZT and can ping my machines by ZT IPs.
I’ve added Managed Routes as in https://zerotier.atlassian.net/wiki/spaces/SD/pages/224395274/Route+between+ZeroTier+and+Physical+Networks
But still, I can’t access any LAN’s IPs
Compared to TaleSclae all that I did added my LAN route and it worked and here I have no luck.
Any clues are appreciated.
Thx
Hi. I took a look at your network configuration. First thing that jumps out is that you’re routing the 3 subnets via 10.147.18.1, however you have no machines with that address in your ZeroTier network. Instead of 10.147.18.1, use the ZeroTier IP address of the one that is to be doing the routing to the physical LAN
My
Physical LAN subnet 192.168.90.0/24
ZeroTier 10.147.XX.0
So assuming ZeroTier IP Address of “Router” 10.147.XX.1 and it has to be used, yes?
Thx
The “Router” in the documentation is any machine on your ZeroTier network you chose to be the router. It does not have to be at X.X.X.1. And you have no machine on your ZeroTier network with 10.147.xx.1, so naturally the routes have nowhere to go.
OK
Changed that but still can’t even ping any IPs on 192.168.90.0/23
Did you follow the rest of the instructions to configure the machine to route packets? That must be done as well.
Yes I did with no love 
As I said on TailScale what I needed to list LANs and enable MagicDNS
I think ZT has to prove this !
It sounds like something isn’t configured quite correctly on your router in this case. Make sure the interface names you’re using match what’s available on your machine. Most modern Linux systems don’t use ethX anymore, and it looks more like enp5s0. These interface names may not be the same on every machine. ZeroTier adapter names are unique per network on Linux as well, so the one given in the example won’t be the same on your machine.
You can try using tcpdump on your router to see what’s happening to the packets and see that they’re flowing. Beyond that, I can’t see any errors from here
Here is what I have:
10.147.xx.0/24 (LAN)
iPhone 10.147.xx.51
Ubuntu box 10.147.xx.66
Managed route 192.168.90.0/23 via 10.147.xx.66
WiFi interface on the 10.147.xx.66 UP:
ip a show wlp82s0
3: wlp82s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
sudo zerotier-cli listnetworks
200 listnetworks
200 listnetworks XYZ XYZ ea:xx:e5:xx:56:xx OK PRIVATE ztuga36j4f 10.147.xx.66/24
Ran:
PHY_IFACE=wlp82s0; ZT_IFACE=ztuga36j4f;
sudo iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE;
sudo iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT;
sudo iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT
ping 192.168.90.1 from iPhone does not work!
What is the output of sysctl net.ipv4.ip_forward? If it is 0, then the kernel doesn’t have IP forwarding enabled and routing won’t work.
You can turn it on immediately with sudo sysctl -w net.ipv4.ip_forward=1. You’ll likely want to persist this between reboots, you’ll also need to either add, or uncomment the line net.ipv4.ip_forward = 1 in /etc/sysctl.conf.
Line is un-commented
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
I can try a different VM as gw, I guess
Can this be done on Windows 11?
All looks good from here, then. Could be that the app you’re using on iPhone doesn’t like pinging over a VPN connection, or that your Windows firewall is blocking pings (assuming you’re trying to ping the Windows machine), but it’s hard to say from here. Everything you’ve written seems correct.
While it may be possible to use Windows as a router, I have no idea how to configure that.
Update:
I moved my ZT “router” to a different Ubuntu VM, did all setup and I am good now 
My previous unsuccessful box is connected to a business VPN and I suspect it was the problem (not sure why)
@zt-grant thx for your help, could not do it without you!
Maybe I can ask you something else
Not all my machines on LAN get names resolved
I tried adding DNS as:
LAN DNS 192.168.XX.1
ZT 10.147.XX.7
But that did not help.
Any clues?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.