I’d like to replicate my existing OpenVPN implementation with Zerotier. Right now I’m hosting and OpenVPN server via FreshTomato on my rourter and using DDNS to map my assigned IP address to a public URL. We’re moving to Starlink (if it ever ships) and apparently their CGNAT won’t support hosting an OpenVPN server. I thought this would be a good time to explorer Zerotier and see if it would fit my needs.
Currently, when I connect to the open OpenVPN server on a remote client, I’m effectively “on” my lan. I can access any network resource by name, not just IP address. This makes it easy to use SAMBA shares, RDP to several virtual machines, access media servers, and check my security cameras.
To replicate this with ZeroTier I read Route between ZeroTier and Physical Networks, and I think that’s what I need. It seems to be the closest to the way the OpenVPN is set up anyway. I also read “Bridge your ZeroTier and local network with a RaspberryPi” and I can’t discern the pros and cons of the two approaches. I know the routing is Layer 3 and bridging is Layer 2, but I can’t determine why one would work better than the other. I do have a Raspberry PI available. It’s running Pi-hole now and could be used to implement either the routing or bridging approach.
I spun up an Ubuntu VM to test out the routing and I got it to almost work. From the remote client, I could ping a local lan machine by IP address but I couldn’t get it to work using DNS. I see in the that ZeroTier supports pushing DNS information to clients but I don’t understand what to put in the “Search Domain” box. Currently, in my router’s configuration I have the domain name set to “home”. I also use reserved DHCP entries for all my devices. That let’s me access my devices with names like “nas.home” or “camera.home” for example. It looks like the ZeroTier “Search Domain” is expecting “something.something” though. I can’t get it to accept just “home”.
Is what I’m trying to do reasonable/possible? I see in the documentation that "This still doesn’t let you simply address hosts by their name as configured at the controller, but we’re aware of this. We plan on adding a feature to allow the controller itself to be a DNS server too if one desires in a future ZeroTier version (likely post-2.0). ". Is that what being referred to here? I feel like I know just enough to be dangerous but don’t understand all this completely. Any advise or suggestions?