Hello,
I have network infrustructrure like
192.168.2.1 Modem Zyxel (internet cgnat) connected to wan1 on ubiquity USG,
192.168.1.1 USG Router gives local network with dhcp 192.168.1.2 - 192.168.1.254 .
192.168.1.15 Raspberry pi 4 with debian 12 using as unify controller and home assistant also on that device is the zero tier with succesfully conection.
So i want a solution to have access on my hole local network from device (raspberry) that gives access to zero tier because now if i connect to zero tier from my mobile i can see only the rasperry,
Look the screenshot: https://tinyurl.com/ysr64e75
Also i want if it possible to have my real local ips, for example posibility to enter 192.168.1.15:8123 because i notice that Managed IPs doesnt work properly i can enter only on auto generated ip not the custom ,.
For the managed IP issue, you need to assign an IP from a LAN subnet under your managed routes. It looks like you have 192.168.191.0/24 as your ZT LAN subnet, so the IP you want to add would need to be within that range. If you input an IP outside of those ranges, it’ll accept it, but it’ll never get assigned to an interface on the node. Think of this like getting an IP from DHCP or statically assigning an IP to a node.
For your main question, there’s 2 primary ways to solve this; routing or bridging. I’d recommend trying to solve this with routing.
For this, you’ll need to first add a managed route within ZeroTier. It will be: 192.168.1.0/24 via 192.168.191.141. This tells your ZeroTier devices like the S21 you have configured how to get to the 192.168.1.0/24 subnet (via your Raspberry Pi in this case). Here’s an example:
Next, on the Pi, you need to enable IP forwarding. This will allow a packet received on the Pi to be forwarded to the rest of your network:
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
To make that change persistent, either add or uncomment this line in /etc/sysctl.conf:
net.ipv4.ip_forward = 1
Now you need to make sure that your physical network knows how to get back to your ZeroTier network. You can add a static route in your USG to 192.168.191.0/24 with a next hop of 192.168.1.15.
The USG uses a stateful firewall, so you’ll also likely need to add a rule allowing traffic between 192.168.1.0/24 and 192.168.191.0/24 since the traffic will be slightly asymmetric.
Thank you very very much! everything works!!!
I skipped the firewall step and also working perfectly,
Im really happy with that, with that solution ill avoid to pay extra sim (without cgnat) subscription about 30euro per month!!!
