ZEROTIER basics

Rox169 · November 22, 2021, 7:45pm

Hello,

I have conected Rasberry pi4 in my home network behind double NAT and my mobile phone on another netwotk work, both devices are coneced into Zeroter. In Zerotier I can see both devices online, but I can not reach on mobile phone the network on Rasberry pi.

What should I do to connect rasberry and mobile into one netword thorough Zerotier?

Hominidae · November 22, 2021, 9:21pm

…this not in any case MT related, isn’t it?
zt is a SDN, so every device will be on the same ZT-LAN…that’s the main purpose.
Should you desire to use zt as a transfer network, enable routing…on both sides of each connection…zt-central allows to configure routes

Rox169 · November 22, 2021, 10:36pm

it is MK related…behin rasberry pi is my HAP AC2, should I allow any routes in firewall?¨

How should I enable routing…on both sides of each connection…?? In android APP there is no such a option…and on rasberry pi I do not know…

The rasberry pi is on the same network as Hap AC2, and I would like to connect thorrough rasberry to my router behind NAT…

krafg · November 22, 2021, 11:06pm

It’s not a Mikrotik related, sometimes after some time ZeroTier shows the computer as connected but it can’t stablish any kind of connections. If it is your case you need reinstall ZeroTier completely removing %ProgramData%\ZeroTier folder in case of Windows machines and /var/lib/zerotier-one folder in case of Linux machines.

And of course use ZeroTier with mobile data, not your Wi-Fi on your phone.

On MikroTik you not need declare any firewall rules to get ZeroTier working on any device.

Regards.

Rox169 · November 22, 2021, 11:13pm

The rasberry pi is on the same network as Hap AC2, and I would like to connect thorrough rasberry to my router behind NAT…

Hominidae · November 22, 2021, 11:37pm

Ehhmmm, that statement is totally different that the one you gave in your first post.
Unclear how your setup looks like, where the zt-clients are (rPi or MT-hap^2, phone/App) …and what you want to achieve…pls create a diagram of your setup.

krafg · November 23, 2021, 4:21am

If you want connect to your router (assuming that is your hAP AC2 running ROS7 with ZeroTier support) I not know the capabilities of ZeroTier under ROS7.

Regards.

Rox169 · November 23, 2021, 1:51pm

One side:
ISP - no public IP, NAT
HAP AC2 - NAT
Rasberry Pi - zerotier

Second side:
Mobile phone Zerotier - no public IP behing NAT

Is it possible to create one network where I will connect from mobile phone to the HAP AC2 via Mikrotik app on the mobile phone?

Thank you

krafg · November 23, 2021, 6:30pm

If your hAP AC2 it’s running ROS 7.1rc2 and have ZeroTier configured and it’s activated on ZeroTier Central, I assume that it should works.

Regards.

Rox169 · November 23, 2021, 6:38pm

Sorry but did you read what I wote? Do you see any mention about zerotier on HAP AC2? The zerotier is on the Rasberry pi…

zandhaas · November 23, 2021, 7:41pm

On the ZeroTier Central you need to create " Managed Routes" under the TAB Advanced.

For Example the network behind your raspberry is 192.168.0.0/24 you need to create the following route

Destination: 192.168.0.0/24
Via: “ZeroTier address of the raspberry-PI”

Rox169 · November 23, 2021, 7:58pm

Zandas you do understand the problem. I have already this settings but its not working…

zandhaas · November 23, 2021, 8:13pm

I have installed ZT on my RB4011 and beside the orut in ZeroTier Central I also have a route back from the RB4011 to the Zerotier network via the zerotier interface.
I think you have to do that on your RPI also.
And I think also on your HAPac2. Add a route to the ZeroTier network with the rapsberry (internal IP) as the gateway.

Rox169 · November 23, 2021, 8:27pm

I think I should set in Zerotien on Rasberry ethernet bridging, but i dont know how…

Could you please help me wtih setting of firewall? What shoul I set? Input and forward?

Rox169 · November 23, 2021, 9:22pm

And I think also on your HAPac2. Add a route to the ZeroTier network with the rapsberry (internal IP) as the gateway.

This is not working, as soon as I set route in zerotier I can not reach the HAP AC2, so something is going on, but I have to disable the route in Zerotier to be able login into ROS on HAP AC2

Any ideas?

krafg · November 24, 2021, 1:04am

If you want manage your router using MikroTik APP with ZeroTier network, the only way is installing directly ZeroTier on your Mikrotik router.

Regards.

zandhaas · November 24, 2021, 8:22am

Have you restricted access via winbox to you local network?
If so you are not allowed to access you rrouter via the ZT network

Hominidae · November 24, 2021, 8:10pm

that respective chain for that connection is the input chain in the hap^2 firewall.
Access to others is the forward chain.
Pretty sure you did not include zt-network into LAN interface list, when running the standard firewall rules set.

Rox169 · November 24, 2021, 8:11pm

I have add some rull in firewall to accept the network from zerotier but no luck a have even added the routes as was suggested here but no luck. I have even created the same network in zerotier as is my local.. 193.168.3. but no luck

Hominidae · November 24, 2021, 9:46pm

…it is said, that a picture is worth a thousand words..pls. draw us a pic: https://app.diagrams.net/ including all IPs used, routes deployed for all relevant components, that are to be connected/reached.