ZeroTier only works when directly connected, and TinyProxy refuses connections

GL.iNET folks. I have a tried and tested method of remote access to a location I administer using a Pi with ZeroTier, and TinyProxy to get on the remote LAN.

I’m trying to replicate that on my GL.iNet GL-AR300M16 which is planned to sit on a remote network as a double NAT to a client machine there.

I was able to get ZeroTier working in a staging environment, but it only allows me to SSH into the router via the ZeroTier IP, when on the GL.iNet WiFiLAN. i.e. not from another network.

(I had to install and config ZeroTier by CLI)

Secondly I can’t seem to get TinyProxy to accept connections, even when I allow my local machine ZeroTier IP - which is what works with my Pi equivalent. Logs show the very IP I have allowed, being blocked.

I’m guessing the router mode of the GL.iNet has some firewall things going on stopping comms between networkss/layers somehow.

About Zerotier:

You set up zerotier on the router and can only access the router. If you want to access the router’s LAN side, you need to do two things:

  1. Allow forwarding from the zerotier interface to lan. You can do this in luci.
  2. Set up routing to let the remote side knows the lan subnet is behind the zerotier. This may be done from the zeriotier management panel, but I am not sure.

About Tinyproxy:

You installed Tinyproxy on the mini router,
the mini router is connected to your main network, and
you want the devices on your main network to use tiny proxy?
How does this relate to your Zerotier setup?

The router’s wan blocks everything. You need to open ports (which the tinyproxy uses) on the wan side. Do this in the firewall settings.

@alzhao Thanks for the tips and yes that stands to reason regarding ZeroTier. Will have a play this weekend.

Regarding TinyProxy. the plan is to serve a proxy (reverse proxy?) to my admin client machine (home laptop) over ZeroTier.

So my laptop at home, connects to ZeroTier, and I connect via proxy to the remote gi.inet device ZeroTier IP, thus putting my browser on the local LAN at the far end location.

That’s a long way of saying, yes… TinyProxy will serve local devices. Just that due to my home laptop being “local”, by virtue of being on ZeroTier… it can connect too. Works right out of the box with my Pi. But I appreciate this is a router and not a Pi. I want router features too as I’m segregating a client behind it, which this setup is designed to configure and maintain from a different location. It’s an IoT device so I wanted to do it without a big expensive router/permanent VPN.

Basically I’m setting up a VPN, but without a VPN. It may just work once I forward the ZeroTier connection to the LAN side.

vpn and tiny proxy setup, seems too complicated for me.

For reverse proxy, maybe just try our solution.

Astro Relay looks interesting but I can’t see pricing without creating an account.

I do not work for and I do not have formal association with GL.iNet

1 Like

Thanks… what does the free tier give? I don’t have a fleet of IoT devices. I already purchased the mini router. Not super excited to get a sub when the tools I have should already do the job. Like I said the Pi with TinyProxy and ZeroTier works with minimal config and is up in running in less than 5mins. The gl.inet has all the capability. I just need to figure out the right firewall settings I suppose.

I do not work for and I do not have formal association with GL.iNet

1 Like