Using ZeroTier to create a "Site to Site" connection

ismurdegus · January 8, 2021, 10:05am

Hi guys
I am new on Zerotier so I need a little help on how to setup a “Site to Site” connection.

Office 1 - 192.168.3.0/24
#OPNSense Firewall/Router 192.168.3.1/24

Office 2 - 192.168.2.0/24
#OPNSense Firewall/Router 192.168.2.1/24

On each site I have installed the ZeroTier app and joined then network.
I need have that every client on Office1 is able to PING and connect any client or resources on Office 2 by using the internal network IP and vice-versa.

There is any guide that I can follow or maybe some one can help please?

Thanks

zt-travis · January 12, 2021, 7:00pm

Hello,
You can add Managed Routes to the my.zerotier.com network settings to push routes to your physical subnets.
(Your zerotier subnet should NOT overlap the physical subnets)

Managed Routes should look something like
10.147.20.0/24 (zerotier subnet)
192.168.2.0/24 via 10.147.20.2
192.168.3.0/24 via 10.147.20.3

I don’t know about the specifics of configuring opnsense.

ismurdegus · January 12, 2021, 10:38am

Thanks for your replay
I will try your suggestion and let you know.

Ciao!

ismurdegus · January 12, 2021, 11:26am

Unfortunately is not working…
I can’t ping any of the host on Site2 from Site1 and vice versa…

tiernano · January 13, 2021, 11:16pm

what happens when you traceroute to the other site? opensense might be blocking at a firewall level… its been a while since i used it, so cant help either, but check opensense logs…

ismurdegus · January 16, 2021, 9:54pm

In the mean time I did some more testing and I want share these with you.

I installed ZT on my laptop and connect it to the ZT network via 4G.

So now I have the follow:

Office 1 - 192.168.3.0/24
#OPNSense Firewall/Router [192.168.3.1/24] (ZeroTier static IP 192.168.193.3)

No firewall rules add to OPNSense

Office 2 - 192.168.2.0/24
#OPNSense Firewall/Router [192.168.2.1/24] (ZeroTier static IP [192.168.193.2]

No firewall rules add to OPNSense

Laptop - 4G connection

#(ZeroTier static IP [192.168.193.30]

Right now I can do the follow:

Laptop -> can ping Office1 and Office2 clients by using the internal private IP [192.168.2.0/24] & [192.168.3.0/24]

Office 1 -> can ping Laptop on ZT IP but can’t ping Office 2

Office 2 -> can ping Laptop on ZT IP but can’t ping Office 1

What I should do now?

zt-travis · January 19, 2021, 7:50pm

My guess is you need to add the routes to your opnsense routers.

ismurdegus · February 23, 2021, 4:51am

You probably right but I don’t know how!
Anyone with OPNSense skills that can help me?

Thanks