I have a very simple configuration - ZeroTier running on a gl.inet MT3000 router with a NVR directly connected to it. I can access the router over the ZeroTier network from my computer or phone just fine, but cannot access the NVR. Zerotier managed routes are the following:
172.24.0.0/16 (LAN)
192.168.8.0/24 via 172.24.163.143
The router is at 192.168.8.1 The ZeroTier address for the router is indeed 172.24.163.143. The NVR is set to a static address 192.168.8.200
I can enter either 192.168.8.1 or 172.24.163.43 to access the router. How do I get to the NVR?
(The NVR is accessible when I connect locally to the router via Wifi)
Run tcpdump on the router and see what’s going on.
Make sure your NVR has a default route set to .1 and you have allow forward firewall rule for ZT traffic on your router. I don’t see any ZT related issue yet.
I will try tcpdump a little later today. What do you mean by setting a default route to .1 for the NVR? (I’m a novice at this) The router comes with a built-in ZT app so shouldn’t it forward automatically? I don’t see an option to turn that on or off.
Re: Tcpdump. This is way above my pay grade. I am not a network guy. There is no option in my router utilities to run tcpdump. I’m running Windows 11 on my client so I tried capturing to an ETL file using Windows netsh trace command. All I did was try pinging the NVR at it’s local IP of 192.168.8.200 while attempting to access over ZeroTier. The request timed out. I don’t have anything to read the file.
More information: I connected another PC which is not running ZeroTier to the router via Wifi. Ping to it fails over ZeroTier. So any device, not just the NVR, connected to the router is not reachable over Zerotier, unless it is running ZeroTier. By the way, it makes no difference with Windows firewall turned off.
I solved the problem - it was a routing issue by the router (gl.inet MT3000) In order for ZeroTier to properly access all managed addresses, you must enable both access and masquerading with LuCI under the advanced networking portion of the router’s software.