Connection to LAN behind Mikrotik LHGG LTE6 kit using Zerotier

RouterOS Beginner Basics
1

Hello,
I am looking for help with zerotier / mikrotek router configuration…

I am trying to get remote access from Windows PC (192.168.0.103 ; ZT: 192.168.195.245) to IP cameras (192.168.0.31-34) connected to Mikrotik LHGG LTE6 kit (192.168.0.1 ; ZT: 192.168.195.128) . I am attaching configuration on the picture.

conf1a.jpg
I have installed zerotier on my PC and on Mikrotek router.
Right now, I can connect from PC to router via web interface using ZT address and Winbox. I would like also to have possibility to access recorder and cameras using browser.
I tried it using port forwarding on Mikrotek but I failed – seems that my experience with simple home routers is far not enough…
What is the simplest way to do it? Using port forwarding or somehow getting Zerotier IP addresses for cameras to connect to them directly?

Thank you in advance.

2

Shouldn’t be too difficult but you got a potential problem which is not related to zerotier.
Your PC network and camera network have the same subnet definition.
So the router which serves your PC, doesn’t know it should go elsewhere for those devices.
And your ZT access runs on your PC, not on your router.

You might be able to solve it using port-mapping on LHGG kit.
E.g.
192.168.195.128:8030 gets translated locally to 192.168.0.30:80 (or whatever port is needed)
192.168.195.128:8031 gets translated locally to 192.168.0.31:80 (or whatever port is needed)

High-level view, let’s first see what others come up with.

3

@lotan; looks like you have the same subnet (192.168.0) on both sides which might be an issue if you haven’t already split the network in half. Besides that, all you need to do is:

  1. Add the ZeroTier interface on your LHGG to the “LAN” interface list. (WinBox: Interfaces->Interface List)
  2. In the ZeroTier control panel (my.zerotier.com), add the camera network’s subnet under Networks->Settings->Advanced->“Managed Routes”.
4

I have changed IP addresses in my LAN as follows:

conf2.jpg
Then have added ZeroTier interface on LHGG to the “LAN” interface list:

zt1.jpg
I have forwarded cameras and recorder to LHGG ports 8030-8034:

network.jpg
I am not sure about managed routes in Zerotier network… I have added following route (second one):

conf1.jpg
Then I tried to access recorded from my PC web browser using address 192.168.195.128:8030.
I still cannot connect.
What should I modify now?

5

Remove ‘192.168.195.0/24 via 192.168.195.245’ and then add ‘192.168.188.0/23 via 192.168.195.128’ to ‘Managed Routes’.

This basically tells all your Zerotier devices that if they want to reach anything in the 192.168.188.0 range, they should send their traffic to 192.168.195.128 (i.e. your LHGG). You can also add ‘192.168.0.0/23 via 192.168.195.245’ to 'Managed Routes if you want a site-to-site network. If you have ZeroTier installed between two routers, you’ll also need to add a route back to the other network or use source NAT (src-nat).

BTW, disable or remove all DST-NAT addresses (using the WAN address list) that would allow anyone on the internet access to your cameras. Use Zerotier instead.

You should be able to access the cameras using their actual 192.168.188.3x addresses. If you install Zerotier on your phone and laptop, you’ll be able to reach your cameras from anywhere.

6

Works flawlessly!!!
Thank you so much for help!

7

Glad to hear you figured it out, well done!