Firstly my apologies to @mlavelle42 - I didn’t mean to not answer your question; I never received any notification of it.
@higgssinglet - IIRC (and I’ll post again in the next couple of days once I’ve confirmed; I no longer have a test lab for ZT) once the GL.iNet router is connected to ZT and has an IP address you need to do the following on the router:
Change the GL.iNet FW in LuCI (advanced settings) to allow traffic to flow. I think here I simply added the ZT interface to the LAN Zone.
I also added in / changed specific firewall rules to allow at least an IPv4 Ping (ICMP echo) to traverse the GL.iNet router. This is mostly for testing and can be reverted afterwards.
Note you don’t want the ZT interface on the GL.iNet to have NAT (Mascarade). If you do it will appear to work but it things will only work in one direction - from GL.iNet to ZT devices.
For the network add your GL.iNet IP address range (so 192.168.8.0/24 by default) in the box marked Network/Bits and then add in the routers ZT interface IP address into the (LAN) box. This (LAN) IP can be found as Managed IP in the Members section of the Network Page for your GL.iNet device (about 1/2 way down). For the avoidance of doubt this is not the physical IP.
So if your GL.iNet router is assigned 10.147.0.53 by ZT and your router’s still at the default it will look like this:
192.168.8.0/24 10.147.0.53
And that’s it, all the devices that are then attached to the LAN of your GL.iNet (i.e those that have a 192.168.8. prefix to their IP address) will be able to communicate with any other ZT device. All your really doing is adding a static route to ZT’s routing table.
David
(and yes I agree that ZT should have used standard networking terminology for things like managed router and managed IP as well as keeping the naming conventions consistent!)
I’ve just Googled for a screen grab and helpfully something similar has been answered on ZT’s issue tracker. The image is in this post, which is the last (closing) post of the thread (laduke 29 August 2018)
(N.B For a default GL.iNet device the network would be 192.168.8.0/24 not 192.168.11.0/24 as shown in the picture.)
My interest and goal is trying to setup the Slate as a hotspot VPN when on vacation with the family and be able to surf the net safely and access some home devices.
Thanks for @Davidjw’s reply and also referenced these two documents.
For tests, I have setup two VPS servers, one in the US and the other in Japan VPN servers. Then I setup two iMAC, an iPhone and an Android phone installing Zerotier clients. They all worked well, they all able to access the web via these two VPS servers. However, when I try to setup the Slate as the portable hotspot, right after Zerotier is installed and joined the network, IP address were assigned, I was not able to ping any device on the network. Not the servers, iMac nor the phones. I did not have this problem with the other device. Just wondering if anyone have any clues and advise will be greatly appreciated.
May be i do not understand what this " * I also added in / changed specific firewall rules to allow at least an IPv4 Ping (ICMP echo) to traverse the GL.iNet router. This is mostly for testing and can be reverted afterwards." means
It took a bit of fiddling but the instructions from @davidjw were very helpful.
Follow his instructions on the my.zerotier portal configuration.
For the firewall on the AR750 I wasn’t able to get it working by adding it to the lan firewall but here is how I did it.
First create an interface using luci, I used zt0. I mapped it to the phyical interface, custom ( ztqu3bvy4n) this was what zerotier was using by default on my device when I did an ifconfig.
Then on firewall settings I created an new firewall zone Zerotier and added forwarding to and from my LAN and WAN (I may need to forward to all zones but it got it working for now).
That should allow you to access devices on the destination LAN. I think if you want all traffic to traverse that network you would need to add the route 0.0.0.0/0 in the zerotier portal.
Thanks, did you add the zerotier into the lan zone as well? Do you need to set allDefault=1 (I want all my internet traffic routed through my Zerotier server in the cloud)? My LEDE system works, just my AR-750s did not work. Will give that a try
Just tired it, still not working. What happens is that when I set allowDefault=1 on my LEDE router, my ip address will become my Zerotier Server on the cloud, all traffic routed through the cloud. However, when I did this on the R750S, my ipaddress is still the local ISP assigned ip.
Ok so I just went through the process again on my Slate this is what I did. I would try to get it connected to another device and pining each other before worrying about the bridge and routing from the my.zerotier portal.
install zerotier package
edit /etc/config/zerotier add network id and change enabled to 1
reboot
in luci create ZT0 interface, unmanaged and phyical address custom ztqu3bvy4n, save and apply
edit the interface and create new VPN zone Zerotier, save and apply
go to vpn zone, leave as accept, accept, reject
I turned on masquerading and MSS Clamping, and added lan and wan to both source and destination zones, save and apply.
After that I was able to ping to and from other devices in my zerotier network.
I then set one device as a bridge and added the route in the portal and could access my lan (with the exception being my mobile device which doesn’t appear to work correctly). I didn’t need to add it to LAN firewall zones. The Slate will still get WAN IP from the ISP, local ip is the default but the zt0 interface is my cloud address.
Thanks, did very much similar steps except in the interface, an ztrxxxxx interface already exist after joining the network so I just assigned it to that. Did you install zerotier from the apps under the admin panel or did you install zerotier using opkg install zerotier under terminal or putty. My version is 1.2.8. I I still not able to ping other zerotier devices. I must be doing something really dumb
I tried connecting an android phone with an android tablet using a netgear lb2120 4g modem/ar750 using zerotier. I’ve installed zerotier just fine on the ar750. I’ve done everything talked about in this topic but when I connect through ssh locally on tablet and ping devices, i can’t see anything connected other than the tablet that is connected to the ar750 router. I tried running an ftp server on both the phone and tablet trying to connect to either or using zt ips but I cant connect. I’ve opened/and forwarded ports but I cant ever get it to connect. Now if I load the zerotier app onto the phone and tablet. I can connect to either servers just fine being on cellular networks and using the zt ips. I’m testing this to connect remotely to a cctv system that is in a garage. Anyone have success on a cellular network?
