What I want:
PIA and Zerotier to both work on the same machine via PIA’s ‘Split Tunneling’ feature.
What I have:
I run Fedora 36. PIA supports a ‘Split Tunnel’ option which allows permitting specific traffic not to be put behind the PIA VPN. Without Split Tunneling, connecting to PIA prevents zerotier from working, which is not unexpected.
What I have tried:
- When I run PIA it seems to block zerotier, which is not unexpected.
- I enabled split tunneling and whitelisting the Zerotier’s root IPs; now zerotier was able to give me an IP address but the P2P connections between clients were still blocked.
- I whitelisted the binary
/usr/sbin/zerotier-one
which is whatsystemd
runs. I assumed that, at least in OpenVPN mode, all traffic would proxy through this service. This did not work, zerotier P2P was still blocked.
The final question:
What exactly should I add to the Split Tunneling whitelist to permit PIA VPN and Zerotier to play nice? Is there some proxy app that zerotier-one
uses or something? Split Tunneling
allows filtering based off IPs and which App, but does not allow port-based filtering sadly.