IDPS for Zerotier Tunnel

Hello guys, I have a simple question.

Can OPNsense firewall filter and use Intrusion Detection and Prevention System (IDPS) for Zerotier tunnel?

I don’t see why it couldn’t. Each ZeroTier network gives you a virtual Ethernet device and you could probably attach it to the IDS. I’m not that familiar with OPNsense, though, so i couldn’t tell you how.

1 Like

I have tested it on OPNsense and it’s working. (btw, it’s a lab environment in Virtualbox).
The key is to route all the traffic (default route) to the OPNsense address.

For instance (at zerotier central): viaOPNsense ZeroTier IP address

and then, other devices must allow default route (Full Tunelling)

“sudo zerotier-cli join “network-id” allowDefault=1”

or if you’ve already joined a network, just type…

“sudo zerotier-cli set “network-id” allowDefault=1”

Tick the “Route Via ZeroTier” box.

Tick “Allow Deafult Router Override” at your network-id

on OPNSense IDS (Suricata), select WAN interface.

Some useful articles for reference:

This topic was automatically closed after 30 days. New replies are no longer allowed.