Slate AR750S Route OpenVPN traffic through ZeroTier

gousasin · January 24, 2023, 5:23pm

Hello

I’m trying to route OpenVPN through ZeroTier.

I have successfully configured ZeroTier on the Slate and have a remote OpenVPN server that is accessible via its ZeroTier IP. I want to connect to it via the Slate’s OpenVPN client. I can connect to it and successfully initialize the OpenVPN connection on the Slate but as soon as it is established the Slate tries to route all traffic through OpenVPN including the ZeroTier traffic which of course breaks the connection as ZeroTier can then no longer connect because its traffic is routed through OpenVPN and OpenVPN can therefore no longer connect as it relies on ZeroTier for its own connection to the remote OpenVPN server.

Is there a way to excempt all ZeroTier traffic from the OpenVPN connection so that no matter what all ZeroTier traffic is never routed through OpenVPN and the OpenVPN traffic is still routed through ZeroTIer after the VPN connection is established? All other traffic should still be routed through OpenVPN though and all the Slate’s network clients should still use the OpenVPN connection.

Thanks!

David · January 24, 2023, 9:34pm

Hello.

Quite the same problem here.

I tried to do it myself but with WireGuard and since we don’t have public IP here in my country I also have ZeroTier for my network to reach different devices outside my country

I have a router that I set up as a WG client in Europe and connect to the Zerotier IP of my WG server router.

So when I try to connect to the router in Europe as a WG client, the result is that it connects but quickly disconnects… and when I click disconnect on the client router, it connects to the server for a few seconds… but you’ve already click on disconnect button ahahah,

Anybody can help us?

Thank you

gousasin · February 2, 2023, 10:30pm

bump

Is there nobody who can help?

gousasin · February 22, 2023, 4:18pm

second bump

I’m grateful for any input

hansome · February 25, 2023, 2:08pm

# mark incoming and outgoing zeriotier traffic via wan(eg. eth0, port 12345)
iptables -t mangle -A PREROUTING -i eth0 -p udp -m udp --sport 12345 -m comment --comment "zerotier packet" -j CONNMARK --set-xmark 0x80000/0x80000
iptables -t mangle -A OUTPUT -o eth0 -p udp -m udp --dport 12345 -m comment --comment "zerotier packet" -j CONNMARK --set-xmark 0x80000/0x80000
iptables -t mangle -A OUTPUT -m connmark --mark 0x80000/0x80000 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff

Then add IP rule to route fwmark 0x80000 traffic to an alternate route table. That’s just a scratch clue.
I’ll check this when I get device to test.

gousasin · February 26, 2023, 3:28pm

Thank you for the input Appreciate it!

I need to run the iptables command with Zerotier’s UDP port (9993) instead of 12345 I guess?

For the IP rule I would be very happy if you could post instructions after you’ve been able to test it.