I have a Pi, setup and connected to ZeroTier, as described in the link, I have then installed ZT on my linux Laptop, and authorised that on the same network, I can SSH into the pi, using the ZT IP address, but any attempt to connect to IPs on the network, fails. I’ve no idea where to start looking, other than I guess it’s a routing issue.
Any clues, on how to start diagnosing the problems would be appreciated.
pi@raspberrypi:~ $ ip route
default via 192.168.1.1 dev wlan0 proto dhcp src 192.168.1.54 metric 302
10.243.0.0/16 dev ztbtorrkxt proto kernel scope link src 10.243.26.180
192.168.1.0/24 dev wlan0 proto dhcp scope link src 192.168.1.54 metric 302
dave@dylan:~$ ip route
default via 192.168.43.1 dev wlp7s0 proto dhcp metric 600
10.243.0.0/16 dev ztbtorrkxt proto kernel scope link src 10.243.51.241
169.254.0.0/16 dev wlp7s0 scope link metric 1000
192.168.43.0/24 dev wlp7s0 proto kernel scope link src 192.168.43.30 metric 600
pi@raspberrypi:~ $ sudo iptables-save
Generated by xtables-save v1.8.2 on Wed Nov 18 18:07:40 2020
*nat
:PREROUTING ACCEPT [39:11486]
:INPUT ACCEPT [24:6174]
:POSTROUTING ACCEPT [2:165]
:OUTPUT ACCEPT [94:7625]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
Completed on Wed Nov 18 18:07:40 2020
Generated by xtables-save v1.8.2 on Wed Nov 18 18:07:40 2020
*filter
:INPUT ACCEPT [722:213114]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [708:89647]
-A FORWARD -i wlan0 -o 94d7ce9340 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i 94d7ce9340 -o wlan0 -j ACCEPT
COMMIT
Completed on Wed Nov 18 18:07:40 2020
My thinking is that the laptop doesn’t know how to route the network addresses through ZeroTier I guess I need to add a rule to the table for that?
It looks like there’s no route to 192.168.1.0/23 on your laptop. I see it in your zerotier network config though. Not sure why that would be getting applied. That’s weird.
Also in your iptables forward rules, it should be ztbtorrkxt, for the interface name (not 94d7ce9340)