Zerotier Ras Pi Bridge, How-to


I have been struggling with a Raspberry Pi VPN bridged (layer 2) gateway solution for some time now. I have a Road Warrior requirement, to access resources on my home network when working remotely. My Road Warrior devices are all Windows 10 based so layer 2 is a must. I have a domain name pointing to my WAN IP and there are no constraints on incoming ports or services imposed by my ISP. I already run a PiVPN Wireguard VPN layer 3 gateway for iOS devices and all works perfectly.

I used PiVPN OpenVPN in a bridged confirguration for a couple of years but when Debian 10 (Buster) came along something changed in the Raspberry Pi OS or in the PiVPN build that caused it to fail. I have never found out a way to fix it.

ZeroTier looked like the way forward and I have the network set up and ready with a couple of devices on it which are working properly across the SDN. It’s a great product (service!) but I’m missing the final piece. I have read a number of articles on how to use a Raspberry Pi to provide a layer 2 bridge but failed with every attempt to build one. I have a Raspberry Pi Model B Rev 2 which should be sufficient for the job.

As a second step it would be great to force all Internet traffic from remote machines through the VPN gateway and out through my home network. I use Pi-Hole DNS , then DoH to Cloudflare and would like to have the same when connected remotely. But this is a secondary requirement.

Has anyone an up to date and working ‘How-to’ that they might share?

Thanks in advance

OK. Sorted it. Now working perfectly, tested on mobile tether, wi-fi and Ethernet broadband connections. Windows 10 Road Warrior PC fully functional.

Second step is a work in progress.

Maybe this will help?

Thanks, RSagittarius. Your suggested article takes a different approach to the ZeroTier Knowledgebase. Very informative. I followed the turotial here and customised to suit my LAN. The gateway is working correctly, I can access devices and resource on my LAN from a Road Warrior PC. Networking on the gateway is all configured using systemd.

(I was unable to make it work using the latest Raspberry Pi OS Buster build, no network interface could be found. Building it with ‘2020-02-13-raspbian-buster-lite’ worked. I then updated and upgraded once it was working and everything is now fine.)

I would think, as a non-savvy user, that forcing DNS queries is something to be configured on the Road Warrior device itself rather than on the ZeroTier platform of the gateway device. Inserting the values into the adaptor settings for ZeroTier in Windows does not do the trick.

I will investigate further.

See my update here. The ZeroTier iOS and Android client apps allow DNS to be set. This all works well and the devices benefit from the control my own DNS servers give (ad blocking and DNS over https to Cloudflare).

Why no option to set custom DNS on the ZeroTier Windows client?

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.