I am trying to create a site2site powered by zerotier between 2 opnsense firewalls. One is hosted on a vps with a static ip and the other is my local firewall on my lan, behind a comcast dynamic ip. By setting 10.70.0.0/24 (subnet with vms with services) as a managed route through 10.22.0.2 (local firewall’s zerotier ip), I am able to get 10.22.0.1 (static ip firewall) to ping and access services on 10.70.0.0/24. However, when I try to actually forward a port to 10.70.0.0/24, it times out because (as far as I can tell) public ips get lost en route between the two firewalls. What should I do?
what I can tell:
local firewall correctly routes public ip addresses to the remote firewall
remote firewall can receive pings from 10.70.0.0/24
anything with a public ip destination never gets to the remote firewall because nothing is getting logged as blocked or otherwise
