Hey @HorizonsCT, I’m also using Windows and trying to achieve the same thing. Did you ever manage to get those steps published? Cheers
I finally found a way to do this ! phew…
So did anybody ever find out how to do this ??
it’s bloody infuriating that when you try to enable bridging from the options menu it says further configuration will be necessary and to please look at the guys but then you can’t find anything in relation to the guide on Windows 10 !!! …
Any guides on how to enable this and get it working on Windows 10 ??
I’d love to know how to do this too.
@HorizonsCT any chance to document your setup to share with us other Windows users? Would be greatly appreciated.
Thanks in advance!
I was able to route between ZeroTier and my physical network using a Windows box as a bridge by following the KB article here:
Then for the “IP Forwarding” section (which only has Linux instructions) I did the Windows equivalent on my “router” machine, which is:
- Run regedit.exe
- Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
- Change the entry IPEnableRouter REG_DWORD to 1
- Reboot
At this point I was able to reach the physical LAN interface of the Windows “router” machine over ZeroTier. However, because this machine is not the default gateway for my LAN, I had to add a static route to each device on the LAN that I wanted to reach. Using the example networks from the KB article above, the route would look something like this:
route -p ADD 172.27.0.0 MASK 255.255.0.0 172.27.0.1
This enables traffic from the LAN devices to the ZeroTier network, and the reverse route was already added in the KB article (in ZT Managed Routes) so everything works! You could push this route out using DHCP option 121, but we only needed access to a few specific devices on the LAN so the manually added persistent route was fine.
1 Like
Revisiting this because I messed up the static route, it should be:
route -p ADD 172.27.0.0 MASK 255.255.0.0 192.168.100.2
Where 192.168.100.2 is the LAN IP of my Windows “router”.
This is amazing @jtm. Finally I’ve got this working!! That static route is vital because of the default gateway on each of the devices. Thank you!
1 Like
Hi @jtm
I’ve followed your instructions and it’s been very helpful, however I’ve problems reaching devices on my Windows “router” (which is a PC with ZeroTier installed on) physical LAN port.
I can ping the Windows “router” LAN port IP-address from the remote PC through ZeroTier after following your instructions.
My Windows “router” IP-address are 192.168.10.11, the device I would like to reach have IP-address 192.168.10.10.
I’m doing this right if I write “route -p ADD 192.168.10.10 MASK 255.255.0.0 192.168.192.11” in command prompt?
I’m a newbie when it comes to these kind of network setup so I’m a bit lost here…
Thanks in advanced!
Sounds like you’re nearly there! I probably didn’t explain this very well, but the route you need to add manually to LAN devices (192.168.10.10 in your case) is actually the route from the physical LAN to the ZeroTier network. Although you’re trying to reach 192.168.10.10 from the ZeroTier network, at this level the return route is required for a connection to be established in either direction.
If you let me know your ZeroTier network range I can give you the exact command you need to run on 192.168.10.10, but assuming ZT is 172.27.0.0/16, you would run:
route -p ADD 172.27.0.0 MASK 255.255.0.0 192.168.10.11
If the 192.168.10.10 device is not a Windows box, then you might need to work out how to add a static route to it and translate the above into whatever command line/GUI you use to administer it.
Hope this helps!
Hi @jtm,
I’ve tried your suggestion but still not able to reach the 192.168.10.10 device, I’m also connected with TeamViewer to the remote PC and I can ping the device from so it does exist.
I’ve attached a drawing showing how my setup looks like so we are at the same page.
Thanks for your time!
Thanks for the diagram 
So the route needs to be added to the “Device” on 192.168.10.10 and the Windows command to create it would be:
route -p ADD 192.168.194.0 MASK 255.255.255.0 192.168.10.11
However, I’m assuming “Device” isn’t a Windows box, so you will need to work out how to add a static route to it. For example, one of the devices I needed to access was a QNAP NAS, so I had to add the route through the QNAP QTS admin page:
Hi @jtm,
Yes you are correct, the “Device” is not a Windows device so that is my problem.
Then I have to figure out how to setup a static IP route on my device.
I’ve used Hamachi in the past and in this software you could on the remote PC, bridge the Hamachi virtual NIC to the LAN NIC, when doing this you were able to reach all the devices on the LAN NIC without doing anything else.
There is not some similar alternatives to this in the ZeroTier setup?
Thanks
I think the Hamachi client must do some sort of NAT, as with the instructions in the KB above which use iptables on Linux to NAT traffic as it passes through the “router” machine. On Windows we don’t have the same functionality unless we install the Routing and Remote Access role which is only available for Windows Server OS (if you were running Windows Server on the 192.168.10.11 box then installing RRAS would be a good solution).
Another option is to use DHCP to distribute the route to clients on the LAN - this will only work if the 192.168.10.10 device obtains its IP from DHCP, and you’ll need a DHCP server capable of configuring option 121. Is that an option for you?
I thought I got this to work, then it stopped working…will the “router” machine have issues if I assign multiple routes on this one machine or was I supposed to keep it at one?
EDIT: Decided I messed up and redid the whole thing…would I need to remove whatever the previous route was or leave it alone?
Hi,
You don’t actually need to configure any special routes on the “router” machine - this should have the ZeroTier client installed on it so it will already have the necessary routes. If you used the -p flag when adding the routes (as in my examples) then you should be able to see the ones you’ve added under persistent routes in the output from:
route PRINT
Then you can use route DELETE to get rid of them. A single route (for the ZT subnet using the “router” machine as gateway) needs to be added to each device on your local network that you want to be able to access the ZeroTier network (but can’t install a ZT client on).
If i’m not mistaken it should be enough to add static route on default gateway/router for your zerotier network (172.27.0.0) with your windows machine ip address as gateway. Then you don’t need to add route on every device in your network.
Hi. Im a noob. Can you help me to set this up
if it is not possible for you to add a route on the Device or it is not possible for you to install Zerotier directly on this Device here is what I did.
I transformed a linux machine (for example a rpi 4) into a router thanks to linux forwarding. Once done, you must define this linux router as the default gateway of your incompatible device. Once this is done, thanks to iptables rules, the requests from your incompatible device that will go through your linux router will go either to the zerotier interface of the linux router, or to the lan interface of the linux router. Your device will therefore have access to the internet and to zerotier via the linux router.
Moreover, if the device does not need to initiate a connection to zerotier but only to respond to requests from zerotier there is no need to change its default gateway.
if you don’t need full access to the device but just a port you can do ports forwarding.
If you need detail don’t hesitate and don’t be afraid of Linux, linux is cool
1 Like
Hi jtm,
It seems you found a solution to Zerotier accessing devices on a private lan. Would you be able to put together a step-by-step setup? I tried many vague suggestions but can’t seem to access to the device without Zeroteir installed. My setup is similar to upInTheNorth. I also have a Windows server 2008 running that I enabled RRAS but still no success.