AR750S ZeroTier Setup Guide?


#1

anyone know how to setup Zero-tier on the ar750s I installed the pkg. but how do i configure it? i an trying to connect two Lans into one VLAN


#2

I was able to do it on my AR750S by doing the following.

  • install zerotier package
  • edit /etc/config/zerotier add zerotier network id and change enabled to 1
  • reboot
  • in luci create ZT0 interface, unmanaged and mapped phyical address custom ztqu3bvy4n (check your exact address for Zerotier with an ifconfig from CLI), save and apply
  • edit the interface and create new VPN zone Zerotier, save and apply
  • go to vpn zone, leave as accept, accept, reject
  • I turned on masquerading and MSS Clamping, and added lan and wan to both source and destination zones, save and apply.

After that I was able to ping to and from other devices in my zerotier network.

I then set one device as a bridge and added the route in the zerotier portal and could access my lan.


#3
  • Create an account in ZeroTier Central https://my.zerotier.com, then create a Network on it
  • Install ZeroTier on AR750S
  • Edit set enabled option to 1, and set join to your network ID in the configuration file /etc/config/zerotier
  • Start ZeroTier in AR750S via /etc/init.d/zerotier restart
  • Stop and remove MWAN3 package, which will change the route decision. The command you need to execute in AR70S ssh console: mwan3 stop && opkg remove mwan3 --force-depends
  • Configure the firewall, add those lines into /etc/config/firewall
config zone 'vpn_zone'
	option name 'zerotier'
	option input 'ACCEPT'
	option forward 'REJECT'
	option output 'ACCEPT'
	option device 'ztwdjh372k'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option dest 'zerotier'
	option src 'lan'

config forwarding
	option dest 'lan'
	option src 'zerotier'

Please note that the device name should match with your own interface name(you can check it via ifconfig). The ZeroTier interface is begin with “zt”, so you also can use regular expression, such as option device ‘zt+’ .

Finally, restart the firewall to put info effect. /etc/init.d/firewall restart


#4

I need to ssh into the router so i can enable zerotier to 1 correct?


#5

Can I bridge my Wireguard interface with a Lan port on my ar750s have have a client connect? with wireguard? or is there a better way of doing this?


#6

Above I write is in command line, so you have to ssh to the router.


#7

The WireGuard doesn’t support bridge.


Wireguard local network access
#8

Thanks I will do it the ssh way.

when I use wireguard i get a 10.0.0.x address and my glinet router address is 192.x.x.x does it matter if i am trying to connect clients. Do i need to be in the same IP range??


#9

can someone write a guide how to do this step by step I kind of suck at networking…


#10

You’re in the right way. The subnet of the router can’t be the same as WireGuard.

You have two routers. Using one of them as client, another as server, you can access server’s LAN from client’LAN by default.

But if you want to access client’s LAN from server’s LAN, you have to ssh to the router, add your client’s subnet to /etc/config/wireguard_server, it looks like:

image

Finally, you should restart WireGuard server in admin web page.

It should be simple to do.


#11

I can now login into both of my routers but i cant see any clients in my server side router tables does that matter???


#12

Maybe your client has enabled firewall? If you can access the router, and the configuration is correct, you can access the LAN device as well.