Hi folks,
I’ve searched but maybe my keywords are incorrect. Here’s the setup:
I have 4 physical networks, 192.168.9.0, 192.168.10.0, 192.168.11.0 and 192.168.12.0
These are mapped on ZT to 192.168.195.9, 192.168.195.10, 192.168.195.11 & 192.168.195.12
The local computer running ZT on each physical network is *.3
All physical networks and ping their respective virtual endpoint and can ping all other virtual endpoints, however only *.9.3 can be pinged from any other network.
I can’t ping *.10.3 from .9., .11. or .12..
I’ve checked and double checked my settings and all managed route entries match. What is confusing is one is working but none of the others are and it seems to be within ZT since it’s the connection between the virtual endpoint (192.168.195.10) and its respective physical endpoint (192.168.10.3) [repeat for *.195.11 and *.11.3 // *.195.12 and *.12.3]
What am I missing? What have I failed to do? It works for one but not for the others and I’m at a loss.
Any guidance/suggestions greatly appreciated.
Thanks in advance!
How do computers on a physical segment get the route to other physical segments?
What does “mapped on ZT” mean here? Are you bridging, forwarding, or doing something else? – Try to use the same jargon as your host platform or ZeroTier itself.
On physical computers, requisite persistent forwarding with
net.inet.ip.forwarding=1
for the outbound and
nat on en0 from *****:network to any → (en0)
for the inbound. This is set up on all and works fine on the one device that is receiving traffic from its ZT endpoint.
On ZT, no bridging, just the basic routing:
192.168.9.0/24 via 192.168.195.9
192.168.10.0/24 via 192.168.195.10
192.168.11.0/24 via 192.168.195.11
192.168.12.0/24 via 192.168.195.12
Mapped on ZT refers to the relationship between the local device and the ZT managed IP so
192.168.9.3 physical goes to 192.168.195.9 managed IP on ZT
192.168.10.3 physical goes to 192.168.195.10 managed IP on ZT
192.168.11.3 physical goes to 192.168.195.11 managed IP on ZT
192.168.12.3 physical goes to 192.168.195.12managed IP on ZT
If you are using NAT because you cannot change the configuration of machines on the physical network segments, then ZeroTier alone is not the best solution. Try things like:
Softether VPN Bridge instead, which can transparently join remote network segments.
Dante Proxy, which good for one-way management or limited scope applications, like remote desktop access or streaming from security cameras.
If you actually need broad two-way communication between LANs, then an internal NAT will be frustrating and the next person to maintain it (maybe your future self) will curse the decision.
A better solution than NAT would be adding static routes to the default gateway and/or DHCP leases of each physical network:
For example, if the 192.168.9.0/24 network had a Linux router, then putting something like this on it would be robust:
Many thanks for the response. Yes, the router for each network (*.1) already has static routes to redirect traffic for the other networks to *.3 - that isn’t the puzzle here. The puzzle is that the connection seems to be breaking down within ZT - from another network I can ping 192.168.195.10 which is the ZT node but not 192.168.10.3 which is the computer running ZT with the aforementioned node. It’s like the left hand and the right hand of the same machine aren’t talking with each other.