Routing all traffic for IPv4 and IPv6 through a Server in Oracle Cloud to use the Internet Connection of the Server

I set everything up according to the following instructions as follows:
https://harivemula.com/2021/09/18/routing-all-traffic-through-home-with-zerotier-on-travel/

I can connect to the server from my ZeroTier client on Windows 11 and also access the server in Oracle Cloud on which ZeroTier is installed with the above instructions.

However, I cannot route all traffic through the Oracle server so that I have the IP address of the server when browsing.

It is important to note that I do not have an IPv4 address from my mobile provider on my Windows 11 PC, but only an IPv6 address. This is due to the fact that I use an Alcatel data stick IK41VE1 for the Internet connection on my Windows 11 PC, which only forwards an IPv6 address to the Windows 11 PC.

In the web interface (https://my.zerotier.com) under Members => Physical IP there is also an IPv6 address from my Windows 11 PC instead of an IPv4 address.

How can I make it so that I can use the IP address of the server with my Windows 11 PC as with OpenVPN or other VPN servers?

Hi and welcome to the forum!

A few questions to clarify what you want:

However, I am unable to route all traffic through the Oracle server to obtain the server’s IP address while browsing.

Do you want to use the Oracle network as an exit (default gateway) to the internet for your ZeroTier network?

How can I configure my Windows 11 PC to use the server’s IP address like with OpenVPN or other VPN servers?

If you want to use to another VPN services on the network, you need to install and configure that service on a node in the Oracle network. However, if you already have ZeroTier, why not use that?

Hi and welcome to the forum!

Thank you for the welcoming.

Do you want to use the Oracle network as an exit (default gateway) to the internet for your ZeroTier network?

I am not sure. I’m not familiar with networks. I just want to be able to use the internet from the server at Oracle like Pritunl. So that my PC has the IP address of the Oracle server and use that connection.

If you want to use to another VPN services on the network, you need to install and configure that service on a node in the Oracle network. However, if you already have ZeroTier, why not use that?

Yes, I have installed ZeroTier and I want use ZeroTier instead of Pritunl or OpenVPN. But how do I do that? Glad about any help.

It’s perfectly fine to use ZeroTier as a complementary or alternative client for your Oracle network. This way, you can connect using either ZeroTier or Pritunl.

Do like this:

• On the Oracle Cloud instance where you installed ZeroTier, set up a static route, in both directions, between the ZeroTier and the Pritunl subnets.
• Using the ZeroTier Central, configure “Managed Routes” and point to the Pritunl subnet using the node’s local ZeroTier IP address. For example, “192.168.100.0/23 via 172.16.10.254” where 192.168.100 is the Pritunl subnet and 172.16.10.254 is the ZeroTier IP address of the Oracle Cloud instance where ZeroTier is installed.
• Do the same for Pritunl using Network Mapping and Routes

Question: I’m still not clear what you mean by “However, I cannot route all traffic through the Oracle server so that I have the IP address of the server when browsing.” ?

Hi @Boilerplate4U
Thank you for your answer.

Question: I’m still not clear what you mean by “However, I cannot route all traffic through the Oracle server so that I have the IP address of the server when browsing. ” ?

I meant that all network traffic of my Windows 11 PC is routed to my Server in the Oracle Cloud. So that I have the IP address of the server when ZeroTier connects to the server.

I do not want to use Pritunl. Everything should work with only ZeroTier.

Do you have an example for this?

Use “Route between ZeroTier and Physical Networks” as an example where “physical network” corresponds to your Oracle network.

@Boilerplate4U I have tried your link but with no luck.

My configuration at my.zerotier.com is as follows (see picture):

my.zerotier.com1731×6106 421 KB

Now I have tried this example without the IPv6 part as this is optional:
https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode

I can ping my Server by Oracle (192.168.192.195) but I have only the ip address from my ISP and not the public IP address of the server.

How can I make that? When I surf the internet after connecting to ZeroTier that I get the IP address of the server by oracle and all traffic goes over the oracle server with installed ZeroTier without any other software.

Here my config of “/etc/sysconfig/iptables”:

*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -s 10.6.4.0/22 -j SNAT --to-source 141.147.22.189
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
-A FORWARD -i ztly53qsrg -s 10.6.4.0/22 -d 0.0.0.0/0 -j ACCEPT
-A FORWARD -i eth0 -s 0.0.0.0/0 -d 10.6.4.0/0 -j ACCEPT
:OUTPUT ACCEPT [0:0]
COMMIT

Here my config of "/usr/lib/sysctl.d/50-default.conf ":

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.

# See sysctl.d(5) and core(5) for documentation.

# To override settings in this file, create a local file in /etc
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.

# System Request functionality of the kernel (SYNC)
#
# Use kernel.sysrq = 1 to allow all keys.
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list
# of values and keys.
kernel.sysrq = 16

# Append the PID to the core filename
kernel.core_uses_pid = 1

# https://bugzilla.redhat.com/show_bug.cgi?id=1689346
kernel.kptr_restrict = 1

# Source route verification
net.ipv4.conf.all.rp_filter = 2

# Do not accept source routing
net.ipv4.conf.all.accept_source_route = 0

# Promote secondary addresses when the primary address is removed
net.ipv4.conf.all.promote_secondaries = 1

net.ipv4.ip_forward = 1

# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
# The upper limit is set to 2^31-1. Values greater than that get rejected by
# the kernel because of this definition in linux/include/net/ping.h:
#   #define GID_T_MAX (((gid_t)~0U) >> 1)
# That's not so bad because values between 2^31 and 2^32-1 are reserved on
# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
-net.ipv4.ping_group_range = 0 2147483647

# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel

# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1

Here my IP config “command: ip a”:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
    link/ether 02:00:17:0a:46:90 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
    inet 10.0.0.67/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
       valid_lft 84690sec preferred_lft 84690sec
    inet6 fe80::17ff:fe0a:4690/64 scope link 
       valid_lft forever preferred_lft forever
3: ztly53qsrg: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether d2:23:99:37:df:f6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.192.195/24 brd 192.168.192.255 scope global ztly53qsrg
       valid_lft forever preferred_lft forever
    inet6 fe80::d023:99ff:fe37:dff6/64 scope link 
       valid_lft forever preferred_lft forever

I would be happy if someone could help me. Since I have no more idea how I can run the internet traffic completely over ZeroTier over my Oracle Server (OS: AlmaLinux 8). So that the IP address of the Oracle server is only visible for others (another Servers/Webservers/Websites) and just not my IP from my ISP.

Some sugesstions:

• Start by fixing your “Managed Routes” like this: 10.0.0.67/24 via 192.168.192.195
• If that shouldn’t work, login to your oracle server and try pinging some of the neighbours. If it succeeds you likely have a routing problem ie the ZeroTier subnet (192.168.192/24) doesn’t reach the oracle subnet (10.0.0/24) or the other way around.
• What du you get using “netstat -rn” on the oracle server?

Here is my newest config in the portal of ZeroTier:

my.zerotier.com conifg from 29.04.20223755×1619 124 KB

If that shouldn’t work, login to your oracle server and try pinging some of the neighbours. If it succeeds you likely have a routing problem ie the ZeroTier subnet (192.168.192/24) doesn’t reach the oracle subnet (10.0.0/24) or the other way around.

The ping from my Server at Oracle to my Windows 11 PC is success as follows:

ping 192.168.192.111
PING 192.168.192.111 (192.168.192.111) 56(84) bytes of data.
64 bytes from 192.168.192.111: icmp_seq=1 ttl=128 time=190 ms
64 bytes from 192.168.192.111: icmp_seq=2 ttl=128 time=63.3 ms
64 bytes from 192.168.192.111: icmp_seq=3 ttl=128 time=174 ms
64 bytes from 192.168.192.111: icmp_seq=4 ttl=128 time=41.2 ms
64 bytes from 192.168.192.111: icmp_seq=5 ttl=128 time=161 ms
64 bytes from 192.168.192.111: icmp_seq=6 ttl=128 time=58.7 ms
64 bytes from 192.168.192.111: icmp_seq=7 ttl=128 time=117 ms
64 bytes from 192.168.192.111: icmp_seq=8 ttl=128 time=108 ms
64 bytes from 192.168.192.111: icmp_seq=9 ttl=128 time=187 ms
64 bytes from 192.168.192.111: icmp_seq=10 ttl=128 time=72.7 ms
64 bytes from 192.168.192.111: icmp_seq=11 ttl=128 time=163 ms
64 bytes from 192.168.192.111: icmp_seq=12 ttl=128 time=90.1 ms
64 bytes from 192.168.192.111: icmp_seq=13 ttl=128 time=57.2 ms
64 bytes from 192.168.192.111: icmp_seq=14 ttl=128 time=67.7 ms
64 bytes from 192.168.192.111: icmp_seq=15 ttl=128 time=66.6 ms
64 bytes from 192.168.192.111: icmp_seq=16 ttl=128 time=73.0 ms
64 bytes from 192.168.192.111: icmp_seq=17 ttl=128 time=44.8 ms
64 bytes from 192.168.192.111: icmp_seq=18 ttl=128 time=62.1 ms
64 bytes from 192.168.192.111: icmp_seq=19 ttl=128 time=40.9 ms
64 bytes from 192.168.192.111: icmp_seq=20 ttl=128 time=58.8 ms
64 bytes from 192.168.192.111: icmp_seq=21 ttl=128 time=57.1 ms
64 bytes from 192.168.192.111: icmp_seq=22 ttl=128 time=76.2 ms
64 bytes from 192.168.192.111: icmp_seq=23 ttl=128 time=135 ms
64 bytes from 192.168.192.111: icmp_seq=24 ttl=128 time=93.1 ms
64 bytes from 192.168.192.111: icmp_seq=25 ttl=128 time=91.5 ms
64 bytes from 192.168.192.111: icmp_seq=26 ttl=128 time=41.9 ms
64 bytes from 192.168.192.111: icmp_seq=27 ttl=128 time=128 ms
64 bytes from 192.168.192.111: icmp_seq=28 ttl=128 time=78.10 ms
^C
--- 192.168.192.111 ping statistics ---
28 packets transmitted, 28 received, 0% packet loss, time 27039ms
rtt min/avg/max/mdev = 40.920/92.791/189.833/45.403 ms

What du you get using “netstat -rn” on the oracle server?

Result of command: “netstat -rn”:

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG        0 0          0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
192.168.192.0   0.0.0.0         255.255.255.0   U         0 0          0 ztly53qsrg

I meant, while logged into the linux machine on the Oracle network (10.0.0.67 or 192.168.192.195), try pinging some other nodes on the same Oracle network using their 10.x.x.x address just to make sure they are pingable. Then try pinging the same ip addresses again, but this time from any node on the ZeroTier network.

Btw, in “Managed Routes” you’ve set default route (ie “0.0.0.0 via 192.168.192.195”) for the entire ZeroTier subnet to the Oracle node. Is that intentional? And secondly, the detault-gw of the 10-subnet is 10.0.0.1. Where is this exit connected to?

Edit:
according to your ip-tables it looks like your default gateway to the internet is 141.147.22.189. Right? Is 10.0.0.1 routed to that address behind the scenes somehow?

@Boilerplate4U Sorry for my late reply.

I meant, while logged into the linux machine on the Oracle network (10.0.0.67 or 192.168.192.195), try pinging some other nodes on the same Oracle network using their 10.x.x.x address just to make sure they are pingable. Then try pinging the same ip addresses again, but this time from any node on the ZeroTier network.

I can ping the gateway on 10.0.0.1 from my Oracle Server:

PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.162 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.164 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.178 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.197 ms
^C
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3107ms
rtt min/avg/max/mdev = 0.162/0.175/0.197/0.016 ms

Here the Ping from my Windows 11 PC to 10.0.0.67 (Sever by Oracle):

Pinging 10.0.0.67 with 32 bytes of data:
Reply from 10.0.0.67: bytes=32 time=211ms TTL=64
Reply from 10.0.0.67: bytes=32 time=186ms TTL=64
Reply from 10.0.0.67: bytes=32 time=204ms TTL=64
Reply from 10.0.0.67: bytes=32 time=192ms TTL=64
Ping statistics for 10.0.0.67:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 186ms, Maximum = 211ms, Average = 198ms

Btw, in “Managed Routes” you’ve set default route (ie “0.0.0.0 via 192.168.192.195”) for the entire ZeroTier subnet to the Oracle node. Is that intentional? And secondly, the detault-gw of the 10-subnet is 10.0.0.1. Where is this exit connected to?

I was thinking this is what I need to use to route everything through ZeroTier’s tunnel. Please help me to configure ZeroTier correctly.

Edit:
according to your ip-tables it looks like your default gateway to the internet is 141.147.22.189. Right? Is 10.0.0.1 routed to that address behind the scenes somehow?

I don’t know. It is so that the 10.0.0.0 network is already defined in Oracle Cloud. I hope you can still help me.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.