IDPS for Zerotier Tunnel

irfanaffandys · August 23, 2022, 2:39pm

Hello guys, I have a simple question.

Can OPNsense firewall filter and use Intrusion Detection and Prevention System (IDPS) for Zerotier tunnel?

zt-grant · August 23, 2022, 5:13pm

I don’t see why it couldn’t. Each ZeroTier network gives you a virtual Ethernet device and you could probably attach it to the IDS. I’m not that familiar with OPNsense, though, so i couldn’t tell you how.

irfanaffandys · August 31, 2022, 11:32am

I have tested it on OPNsense and it’s working. (btw, it’s a lab environment in Virtualbox).
The key is to route all the traffic (default route) to the OPNsense address.

For instance (at zerotier central):
0.0.0.0/0 via “OPNsense ZeroTier IP address”

and then, other devices must allow default route (Full Tunelling)

Linux:
“sudo zerotier-cli join “network-id” allowDefault=1”

or if you’ve already joined a network, just type…

“sudo zerotier-cli set “network-id” allowDefault=1”

Android:
Tick the “Route Via ZeroTier” box.

Windows:
Tick “Allow Deafult Router Override” at your network-id

on OPNSense IDS (Suricata), select WAN interface.

Some useful articles for reference:

https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode

system · September 22, 2022, 2:40pm

This topic was automatically closed after 30 days. New replies are no longer allowed.