I was able to route between ZeroTier and my physical network using a Windows box as a bridge by following the KB article here:
Then for the “IP Forwarding” section (which only has Linux instructions) I did the Windows equivalent on my “router” machine, which is:
- Run regedit.exe
- Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- Change the entry IPEnableRouter REG_DWORD to 1
- Reboot
At this point I was able to reach the physical LAN interface of the Windows “router” machine over ZeroTier. However, because this machine is not the default gateway for my LAN, I had to add a static route to each device on the LAN that I wanted to reach. Using the example networks from the KB article above, the route would look something like this:
route -p ADD 172.27.0.0 MASK 255.255.0.0 172.27.0.1
This enables traffic from the LAN devices to the ZeroTier network, and the reverse route was already added in the KB article (in ZT Managed Routes) so everything works! You could push this route out using DHCP option 121, but we only needed access to a few specific devices on the LAN so the manually added persistent route was fine.