I am using ZeroTier on all my MikroTik devices. I also want to bing it to CHR version. However, using docker on RouterOS is the only way.
RouterOS’ Docker is a little different. For example, on the official zerotier docker instruction, ```
–cap-add NET_ADMIN --device /dev/net/tun
I followed the MikroTik's container instruction, and used official zerotier docker in a slightly different way.
1. Create veth for docker.
2. Add veth to docker bridge.
3. Add {NETWORK-ID} in Cmd:
After the container is running, the [my.zerotier.com](http://my.zerotier.com/) successfully recognized it.
I could ping it from a different zerotier network node. But nothing beyond that.
My CHR is in a LAN network 192.168.1.0/24
I created the docker bridge with network 192.168.2.0/24
My zerotier docker has IP 192.168.2.2/24
zerotier network is 192.168.3.0/24
My zerotier docker has IP 192.168.3.3/24
My laptop has IP 192.168.3.2/24.
My expectation is ping start from Laptop
192.168.3.2/24 -> 192.168.3.3/24(zerotier docker on zerotier network IP) -> 192.168.2.2/24(zerotier docker on docker bridge IP) -> 192.168.2.1/24(CHR router on docker bridge IP) -> 192.168.1.1/24(CHR router on LAN IP) -> 192.168.1.0/24(Anything on LAN)
The reality is
192.168.3.2/24 -> 192.168.3.3/24(zerotier docker on zerotier network IP) -> 192.168.2.2/24(zerotier docker on docker bridge IP) works. But anything after this is failed.
I could successfully replicate my expectation using another Docker image utilize snell protocol. Which means my RouterOS config probably is fine. But the difference is snell docker will masq all traffic. I don't know how the official zerotier docker image will handle it.
My guess is
1. Maybe I should have more modify on zerotier image before I could use it in this way.
2. Maybe I should do something on RouterOS if I want to run a zerotier docker in this way.