Hi, those are very good news!
Starting off from ground zero …
I’ve been toying with that, taking a safety-net backup, restore defaults but not restore the backup but redo it manually from notes. I’ve been putting it off because I would be left without internet for the duration (and I’m presently doing the tests remotely from work, via a zerotiered Windows PC at home that would get disconnected if I restore the router defaults)
I did it in JFFS so no USB needed…
I have forgotten that I could install Entware and ZT on internal JFFS, but I remember reading about flash storage getting worn-out with repeated writes, and I must have taken the removable USB route based on that (perhaps you might want to consider switching to a replaceable USB drive now that you have the wrinkles ironed-out). Unless forced, I think I’ll stick with the USB drive since it is already configured, mounted on /opt, with EW and ZT operational, and showing online on zerotier’s web admin page.
#Administration > Scripts > Init >
lsmod | grep -q “tun” || modprobe tun
zerotier-one -d
Was already done, but with more convoluted commands from one of the procedures I read.
I have [ $(lsmod | grep “tun” | wc -l) -eq 0 ] && modprobe tun
that gets the same result, but I like your syntax more and might replace mine with yours (but omit the zerotier-one -d
command because that gets me a second ZT process).
#Make sure TCP Forwarding is set to 1 not 0
My /proc/sys/net/ipv4/ip_forward alerady have a “1” after reboot, I guess some configuration from the GUI does that.
#Next to get pings working, SSH and type ip a if you see your ZT interface like this
zt6hfejwkf: <BROADCAST,MULTICAST,NOARP,ALLMULTI,NOTRAILERS,UP,LOWER_UP>
We need to change it to this
zt6hfejwkf: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP>
#Add to Administration > Scripts > Firewall
ifconfig zt6hfejwkf arp
ifconfig zt6hfejwkf trailers
I had
ztklh2unun: <BROADCAST,MULTICAST,NOARP,ALLMULTI,NOTRAILERS,UP,LOWER_UP>
followed your ifconfig arp
and ifconfig trailers
commands and now I have
ztklh2unun: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP>
Then I commented my two iptables
commands, added your ifconfig
with my ZT interface in my firewall script, rebooted… and lost access between any two LAN hosts, by name or by IP, including to the router web interface. Strangely enough, I stil can connect from work to my zerotiered devices on my LAN (except the router itself as before) and still had LAN access to the router but only via ssh (why ssh and not http?). I could do nvram unset script_fire
, nvram commit
, rebooted and recovered normal access.
Then I tried with only ifconfig ztklh2unun arp
, again lost accesses and again had to nvram unset script_fire
.
Then I tried with only ifconfig ztklh2unun trailers
, and did not lose access, but also did not answer pings from the ZT IP.
The rest of my “symptoms” remain unchanged: My router still shows online in zerotier’s web admin page and it and non-zerotiered devices behind it are still not accessible. ip tuntap
has always returned ztklh2unun: tap
.
I will proceed setting up the Debian VM as a router, unless I (or you) notice something missing from my setup.