IDPS for Zerotier Tunnel

Hello guys, I have a simple question.

Can OPNsense firewall filter and use Intrusion Detection and Prevention System (IDPS) for Zerotier tunnel?

I don’t see why it couldn’t. Each ZeroTier network gives you a virtual Ethernet device and you could probably attach it to the IDS. I’m not that familiar with OPNsense, though, so i couldn’t tell you how.

1 Like

I have tested it on OPNsense and it’s working. (btw, it’s a lab environment in Virtualbox).
The key is to route all the traffic (default route) to the OPNsense address.


For instance (at zerotier central):
0.0.0.0/0 viaOPNsense ZeroTier IP address

and then, other devices must allow default route (Full Tunelling)

Linux:
“sudo zerotier-cli join “network-id” allowDefault=1”

or if you’ve already joined a network, just type…

“sudo zerotier-cli set “network-id” allowDefault=1”

Android:
Tick the “Route Via ZeroTier” box.

Windows:
Tick “Allow Deafult Router Override” at your network-id


on OPNSense IDS (Suricata), select WAN interface.


Some useful articles for reference:

https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode

This topic was automatically closed after 30 days. New replies are no longer allowed.