I’ve been using zerotier successfully for about a year to connect to my home servers, and get through the network firewall at my work which stops other vpn solutions like wireguard. I’m very happy with it, I would like to be able to access my servers at their same ip addresses as on the local network. I understand I need to set up a bridge, but having trouble understanding the existing walkthrus.
Example config:
Local network 192.168.1.0/24
Server static 192.168.1.25
Local DHCP range 192.168.1.50-199
Preferred zerotier range: 192.168.1.200-230
My zt range currently is 192.168.191.x. If I change the managed route to 192.168.0.0/23 and zt range to 192.168.1.200-230, then set the ip addresses of my clients within that range, all the sudden I can no longer reach the clients, even though they are still showing connected, with active external ip addresses updating in the ZT console.
I haven’t even gotten to the point of setting up bridge yet, but even this step of ‘overlapping’ the ranges is giving me trouble and I don’t have confidence to start messing with the network config of my server yet.
You cannot have overlapping IPs, it causes the experienced outcome, no communication at all.
You don’t necessarily need a bridge. If one of your servers is Linux, you can install Zerotier there, enabled port forwarding and add a managed route on the Zerotier console for the lan pointing at the linux server. I’ve done this hundreds of times for clients and it works perfectly.
Wow, awesome! I was totally overcomplicating this.
For anyone else’s benefit, I found that port forwarding was enabled by default on my ubuntu server. Check:
# sysctl net.ipv4.ip_forward
If it returns 1, it means port forwarding is enabled.
Then in the ZeroTier Central panel under Add Routes:
Destination: 192.168.1.0/24 (home network subnet)
Via: 192.168.191.25 (zerotier ip address of linux server)
Now I could ping 192.168.1.25 from other devices on the ZT network. However, I still could not ping other devices on the home network. I had to enable ufw and change the DEFAULT_FORWARD_POLICY=“ACCEPT”
Now I could ping other devices on the home network, solved!
FWIW use at your own risk as far as the security implications of changing these settings.
Update to previous update, ufw didn’t have the proper rules and started blocking other services I had running, so I disabled it. But something changed because I can still reach other devices on the home network through zerotier. Not sure what did it, maybe you can illuminate @grendon?
I’ve been having continued difficulty setting this up, and I think it comes down to the overlapping networks on devices that sometimes are mobile and sometimes on site. Most tutorials I’ve found reference the longest prefix match rule, and recommend setting the managed route as 192.168.0.0/23 while the local network is 192.168.1.0/24. But this does not seem to be working for me, when I have this configured I can’t reach the servers when on the local network.
I did find this thread
But I’m not understanding how I’d implement it - I don’t think they are saying I’d need to change my local subnet, but apparently I need the managed route on a /16 network. I don’t know much about 172.x networks, but apparently they are virtual IP’s? So is there some sort of subnet ‘layer’ I can use so the zerotier devices can reach the local ip’s remotely, and then not conflict when the devices are on local wifi?
Got it, that makes sense…
So I wouldn’t need to change my managed route to 192.168.0.0/23 to avoid conflicts when the laptops connect to the local network?
I’m referring to issues brought up in this post:
It seems to be working now, but to answer your question and provide a record for others:
I have 2 servers installed at home that I care to connect to from my laptop & phone remotely. My setup so far has been to run ZT on all 4 devices and use the zerotier generated subnet to connect. But then I have to run two dashboards with different IP’s to point to the services running on the 2 servers, and there are other inconsistencies in the setup.
My goal is to be able to access the servers from the same addresses whether remotely through zt, and then seamlessly connect directly when I log on to local wifi without having to switch off zt.
Now with IPv4 auto assign: 10.144..
Managed Routes:
10.144.0.0/16 (LAN)
192.168.1.0/23 via 10.144.0.25
And I got the below result from traceroute. I ran the first test on local wifi, then switched to my mobile hotspot to trace the next two. It’s clearly using one ZT client to reach both ip’s, so I don’t need to run it on the second server. And I was streaming from my plex server from my laptop seamlessly while switching networks
