I’m trying to prove a simple POC for secure endpoint access of Zerotier nodes via a designated exit node. The exit node is running a minimal install of Ubunto 20.04 LTS and sits behind a nat. Firewall egress rules permit all stateful outbound access. Forwarding is enabled. Traffic originating from processes running on the node nat as expected to the assigned nat pool address. The node joins the ZT net successfully.
The ZT network is configured with the managed route for 0.0.0.0/0 to the exit node assigned address.
The test device is running iPadOS 15.4. The iPad joins the ZT net sucessfully and can ping the exit node by the exit node’s ZT address but cannot ping the node’s vnic address. Enable Default Route does not seem to be sending all traffic to the ZT controller.
On the exit node, neither ifconfig nor ip show link list the ZT vnic. tcpdump icmp does not show any traffic arriving at the exit node even when the remote’s pings show successful.
If there is a cookbook for this architecture, I’m happy to read it.