I may be the only one here to use this but if anyone is interested in a quick how-to on how to bridge a Zerotier NIC to a physical NIC for a VPN solution on awindows machine(with VLAN support on the edge devices!!, I use this for bridging two building together with a guest network) . I use it at my current place of work. I have about 45 odd devices all attached via zerotier so everyone can use active directory and our local resources on and off campus with any user intervention. I’m not linux versed so using windows was my only way.
Ive been using it for 6 months and its been rock solid! Thank you guys for this awesome piece of software.
Hey @HorizonsCT! Since it seems you’ve figured out how to make bridging on windows work, we’d absolutely love it if you wrote up a post for the Tips and Guides section of the forum here. Everything in there is subject to moderator approval, but if you write something up on this topic we’ll make sure it gets up in there! It’s a pretty common question.
Did not realize bridging would be an issue. All my sites are brushed. Can access all resources from 13 different locations on the same network. I’ve bridged the router, so the endpoints do not require the windows installation. All sites can communicate via local ip
So did anybody ever find out how to do this ??
it’s bloody infuriating that when you try to enable bridging from the options menu it says further configuration will be necessary and to please look at the guys but then you can’t find anything in relation to the guide on Windows 10 !!! …
Any guides on how to enable this and get it working on Windows 10 ??
Then for the “IP Forwarding” section (which only has Linux instructions) I did the Windows equivalent on my “router” machine, which is:
Run regedit.exe
Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
Change the entry IPEnableRouter REG_DWORD to 1
Reboot
At this point I was able to reach the physical LAN interface of the Windows “router” machine over ZeroTier. However, because this machine is not the default gateway for my LAN, I had to add a static route to each device on the LAN that I wanted to reach. Using the example networks from the KB article above, the route would look something like this:
This enables traffic from the LAN devices to the ZeroTier network, and the reverse route was already added in the KB article (in ZT Managed Routes) so everything works! You could push this route out using DHCP option 121, but we only needed access to a few specific devices on the LAN so the manually added persistent route was fine.
I’ve followed your instructions and it’s been very helpful, however I’ve problems reaching devices on my Windows “router” (which is a PC with ZeroTier installed on) physical LAN port.
I can ping the Windows “router” LAN port IP-address from the remote PC through ZeroTier after following your instructions.
My Windows “router” IP-address are 192.168.10.11, the device I would like to reach have IP-address 192.168.10.10.
I’m doing this right if I write “route -p ADD 192.168.10.10 MASK 255.255.0.0 192.168.192.11” in command prompt?
I’m a newbie when it comes to these kind of network setup so I’m a bit lost here…
Sounds like you’re nearly there! I probably didn’t explain this very well, but the route you need to add manually to LAN devices (192.168.10.10 in your case) is actually the route from the physical LAN to the ZeroTier network. Although you’re trying to reach 192.168.10.10 from the ZeroTier network, at this level the return route is required for a connection to be established in either direction.
If you let me know your ZeroTier network range I can give you the exact command you need to run on 192.168.10.10, but assuming ZT is 172.27.0.0/16, you would run:
If the 192.168.10.10 device is not a Windows box, then you might need to work out how to add a static route to it and translate the above into whatever command line/GUI you use to administer it.
I’ve tried your suggestion but still not able to reach the 192.168.10.10 device, I’m also connected with TeamViewer to the remote PC and I can ping the device from so it does exist.
I’ve attached a drawing showing how my setup looks like so we are at the same page.
However, I’m assuming “Device” isn’t a Windows box, so you will need to work out how to add a static route to it. For example, one of the devices I needed to access was a QNAP NAS, so I had to add the route through the QNAP QTS admin page:
Yes you are correct, the “Device” is not a Windows device so that is my problem.
Then I have to figure out how to setup a static IP route on my device.
I’ve used Hamachi in the past and in this software you could on the remote PC, bridge the Hamachi virtual NIC to the LAN NIC, when doing this you were able to reach all the devices on the LAN NIC without doing anything else.
There is not some similar alternatives to this in the ZeroTier setup?
I think the Hamachi client must do some sort of NAT, as with the instructions in the KB above which use iptables on Linux to NAT traffic as it passes through the “router” machine. On Windows we don’t have the same functionality unless we install the Routing and Remote Access role which is only available for Windows Server OS (if you were running Windows Server on the 192.168.10.11 box then installing RRAS would be a good solution).
Another option is to use DHCP to distribute the route to clients on the LAN - this will only work if the 192.168.10.10 device obtains its IP from DHCP, and you’ll need a DHCP server capable of configuring option 121. Is that an option for you?
I thought I got this to work, then it stopped working…will the “router” machine have issues if I assign multiple routes on this one machine or was I supposed to keep it at one?
EDIT: Decided I messed up and redid the whole thing…would I need to remove whatever the previous route was or leave it alone?
So the route needs to be added to the “Device” on 192.168.10.10 and the Windows command to create it would be: