Community discussions

MikroTik App
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

ZeroTier added to RouterOS v7.1rc2

Tue Aug 31, 2021 4:09 pm

We are happy to announce ZeroTier support for ARM architectures with enough space*.

RC2 package available here:
https://box.mikrotik.com/f/c9a303113884413bbdca/?dl=1

But from the next v7.1 release, it will be included in the release system (all packages ZIP archive).

To join a Zerotier network, it is as simple as this:
[normis@Home] /zerotier/interface> add network=YYYYYYYYY instance=zt1
[normis@Home] /zerotier>enable zt1
ZeroTier documentation can be found here: https://zerotier.atlassian.net/wiki/spa ... h+ZeroTier

Devices that support this feature:

RB4011
RB3011
RB1100AHx4
RB450Gx4
Audience
hAP ac³ (non LTE)
No answer to your question? How to write posts
 
aussetg
just joined
Posts: 18
Joined: Sat Jan 16, 2021 7:31 pm

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 4:19 pm

Wow, did not expect that! That's awesome thanks !
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 4:20 pm

Great Normis.
Sounds super but of course even reading the Wiki for zerotier, still lost.
I gather this is something of not much utility for the homeowner.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 4:24 pm

Why not, you can install iPhone Zerotier client and then join your home LAN with this.
No answer to your question? How to write posts
 
Cablenut9
Long time Member
Long time Member
Posts: 544
Joined: Fri Jan 08, 2021 5:30 am

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 4:40 pm

I like this strategy of having extra features available as packages if you want them.
Serial question asker
 
User avatar
Hexis
just joined
Posts: 10
Joined: Wed Aug 19, 2015 1:46 am

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 4:46 pm

I came here just to say how awesome this is!
 
usern
just joined
Posts: 6
Joined: Sat May 30, 2020 2:37 am

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 4:53 pm

Wow. This is huge.

Wonder if it will work without adding any firewall rules to accept ZeroTier master node IP addresses. AFAIK it should.
 
pqatsi
just joined
Posts: 5
Joined: Thu Jun 18, 2015 3:03 pm

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 5:24 pm

@noris

This release contains all fixes (Including Firmware fixes) of routeros-7.1beta7-arm.npk ?

Particularly regarding issue reported on SUP-44718

Thanks!
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 5:32 pm

big big big thanks guys. This is awesome.
 
mkx
Forum Guru
Forum Guru
Posts: 7697
Joined: Thu Mar 03, 2016 10:23 pm

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 5:32 pm

Sounds super but of course even reading the Wiki for zerotier, still lost.
I gather this is something of not much utility for the homeowner.
Think of ZeroTier as VPN with configuration on cloud.
BR,
Metod
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 5:51 pm

NP16 on rc2, enable zt1 and zerotier1 comes up briefly then vanishes, my zt IP address remains in IP list attached to an 'unknown' interface.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 5:52 pm

@noris

This release contains all fixes (Including Firmware fixes) of routeros-7.1beta7-arm.npk ?

Particularly regarding issue reported on SUP-44718

Thanks!
Yes, And more. RC 2 is a good version, so far, stable and all known showstoppers fixed
No answer to your question? How to write posts
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 5:52 pm

NP16 on rc2, enable zt1 and zerotier1 comes up briefly then vanishes, my zt IP address remains in IP list attached to an 'unknown' interface.
Winbox bug. Check console
No answer to your question? How to write posts
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 5:57 pm

Awesome job MikroTik - i'm super excited to see this one as i've been using ZeroTier for a long time and had to use Ubnt routers as ZT gateways ( i feel dirty :lol: )

This is great news...can't wait to test!
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
santyx32
Member Candidate
Member Candidate
Posts: 217
Joined: Fri Oct 25, 2019 2:17 am

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 6:14 pm

Wow, Mikrotik is back to game. We just need WiFi 6 hardware to complement.
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 6:23 pm

WOW, wonderful Job all.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3290
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 6:25 pm

So it can be used as an alternative to a VPN connection ?
 
sinisa
just joined
Posts: 11
Joined: Sun Apr 17, 2011 12:46 am

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 6:26 pm

NO THANKS!
I will manage my VPNs on my own, don't need and don't want any external service for that.
Wireguard is working perfectly, thank you for that. OpenVPN is still working as it used to for years (slow but reliable).

BTW, instead of adding random mostly useless stuff, why first don't make usefull packages that were in v6, like APC UPS?

Thank you!
 
User avatar
CTassisF
just joined
Posts: 20
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 6:36 pm

I will manage my VPNs on my own, don't need and don't want any external service for that.
It is possible (and fairly easy) to run your own ZeroTier One controllers and use that to manage your own ZeroTier networks.
There's even an open-source web interface (that mimics my.zerotier.com) somewhere on GitHub.
That way you don't have to rely on an "external service" and can still enjoy all (or at least most) ZeroTier awesome features.
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 6:38 pm

And OSPF works fine.
Screenshot 2021-08-31 at 16.37.29.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 6:59 pm

Why not, you can install iPhone Zerotier client and then join your home LAN with this.
Okay I am game, might have to send you some canadian bacon, okay probaby will go bad, how bout some hugs, if this works!

PS... Will this work with all version of beta firmware. I think I am on version six will check. Nope 7.1beta5?

Should I upgrade to a newer beta version or will I lose my wireguard connectivity...........
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
mkx
Forum Guru
Forum Guru
Posts: 7697
Joined: Thu Mar 03, 2016 10:23 pm

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 7:18 pm

Should I upgrade to a newer beta version or will I lose my wireguard connectivity...........

Well, it's beta VS release candidate. Being advanturistic (stewpid) enough to be on beta, why don't you try and then clean the mess you'll get before reporting back?
BR,
Metod
 
elbob2002
Member Candidate
Member Candidate
Posts: 148
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 9:00 pm

NO THANKS!
I will manage my VPNs on my own, don't need and don't want any external service for that.
Wireguard is working perfectly, thank you for that. OpenVPN is still working as it used to for years (slow but reliable).

BTW, instead of adding random mostly useless stuff, why first don't make usefull packages that were in v6, like APC UPS?

Thank you!
There's always one :roll:

Just because you don't want to use it doesn't mean that others don't want to.
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 9:06 pm

Should I upgrade to a newer beta version or will I lose my wireguard connectivity...........

Well, it's beta VS release candidate. Being advanturistic (stewpid) enough to be on beta, why don't you try and then clean the mess you'll get before reporting back?
Since I have no idea what that means I will wait till its mainstream. The RBG450Gx4 that is on beta is behind the CCR1009 and working great for wireguard, dont want to upset those using the connection is my concern.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
infabo
Member Candidate
Member Candidate
Posts: 295
Joined: Thu Nov 12, 2020 12:07 pm

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 10:15 pm

Dunno either. But Wireguard worked reliably for me throughout the last several 7.1 betas including RCs now. So I'd say: be adventuristic :D
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7rc2

Tue Aug 31, 2021 10:45 pm

You must be a Danish viking then as I am suddenly feeling brave LOL
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2841
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 12:03 am

What is the difference between 7rc2 and 7.1rc2?
 
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
 
 
User avatar
CTassisF
just joined
Posts: 20
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 12:11 am

Some minor bugs so far:

disabled=no disabled=no
[cesar@MikroTik] > /zerotier/export verbose 
/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" disabled=no disabled=no identity="xxx:0:xxx" interfaces=all name=zt1 port=9993

wireless-default queue by default?
[cesar@MikroTik] > /queue/interface/print where interface=zerotier1 
Columns: INTERFACE, QUEUE, ACTIVE-QUEUE
 #  INTERFACE  QUEUE             ACTIVE-QUEUE    
18  zerotier1  wireless-default  wireless-default
 
User avatar
dbmillar
Trainer
Trainer
Posts: 20
Joined: Thu Feb 18, 2010 11:00 pm
Location: New Zealand
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 12:26 am

This is awesome! Thanks!
 
wsftech
newbie
Posts: 27
Joined: Wed Jun 10, 2015 12:19 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 12:37 am

Performance isn't amazing — I'm getting about 14.5 Mbps (iperf3 tcp) with NAT to ZT hosts sharing a LAN interface with an RB3011 running RC2. Anyone getting better?

Regardless, this is super useful and cool.
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec  2.00 MBytes  16.8 Mbits/sec                  
[  5]   1.00-2.00   sec  1.67 MBytes  14.0 Mbits/sec                  
[  5]   2.00-3.00   sec  1.71 MBytes  14.3 Mbits/sec                  
[  5]   3.00-4.00   sec  1.71 MBytes  14.3 Mbits/sec                  
[  5]   4.00-5.00   sec  1.70 MBytes  14.2 Mbits/sec                  
[  5]   5.00-6.00   sec  1.64 MBytes  13.7 Mbits/sec                  
[  5]   6.00-7.00   sec  1.66 MBytes  13.9 Mbits/sec                  
[  5]   7.00-8.00   sec  1.69 MBytes  14.2 Mbits/sec                  
[  5]   8.00-9.00   sec  1.68 MBytes  14.1 Mbits/sec                  
[  5]   9.00-10.00  sec  1.72 MBytes  14.5 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec  17.2 MBytes  14.4 Mbits/sec                  sender
[  5]   0.00-10.00  sec  17.0 MBytes  14.3 Mbits/sec                  receiver
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 858
Joined: Fri Nov 10, 2017 8:19 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 12:42 am

NO THANKS!
There's always one :roll:

Just because you don't want to use it doesn't mean that others don't want to.
Count it as two.

I understand that some other people want to use it, but we need to look at it pragmatically - adding support for 3rd party services/code means, developers must spend extra effort to keep it updated. If 3rd party upgrades their software, Mikrotik developers must update it in RouterOS as well (otherwise the feature may stop working).

You can notice that this issue arised several times with Hotspot and its paypal support - it stopped working because paypal upgraded API and Mikrotik developers had to quickly bring a solution because there were real people losing money... (which means developers had to stop working on other tasks)

Similar point can be made against Let's Encrypt implemented in v7.1beta6 - AFAIK, it uses same webserver as webfig and supports only HTTP challenge - which means that your webfig has to be open to the whole world (at least once in a while to validate the domain) which is totally unacceptable in my opinion. Due to amount of possible extensions (DNS challenges) we will never see full support anyway. (e.g. forget wildcard certificates)

More 3rd party services mikrotik supports, more common this situation becomes. It can easily spiral out into stage, where developers spend most time upgrading and testing dependencies instead of developing RouterOS itself. Remember that manpower of developers and size of Routerboard's flash memory is limited. We can't have all features in a cheap small router - it simply fails the realitycheck. We have to face reality and use external devices intended for the task instead of attempting to make all-in-one superdevice.

Just to be clear - I have great use for both zerotier and letsencrypt in my work as well as home. It would simplify my job significantly. However, due to above-mentioned reasons, I actually don't want developers to waste time on it, even though I would benefit from it.
If you find me posting too many replies, I am either procrastinating on some really important task, or just drunk. Roll D20 to find out which one it is.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 2:09 am

Logical argument oh great pony.
If MT dedicated a third party support team to their OS then it would be feasible.
AKA hired more staff if the feature brings in more customers, revenue, then prices should remain stable.
Nothing is for free.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
CTassisF
just joined
Posts: 20
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 2:45 am

To me this looks more like a partnership between MikroTik and ZeroTier, Inc.

https://twitter.com/ZeroTier/status/1432716935024848908

So I guess this is good for both players. And this might "guarantee" this package should not be left unmaintained in the future.

But even if that happens (RouterOS stop providing updated versions of ZeroTier client for whatever reason), ZeroTier protocol is quite stable and works even with pretty old clients, only new features won't work in this case (for those using old client versions).
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 2:56 am

So I tested this on one of our ZT networks and connectivity works to any endpoint within the ZeroTier L2 subnet (100.125.130.0/24 in this case)

I'm having issues with routes injected from the controller - are those supported yet? The injected route below (10.255.128.0/19) is inactive. I've set allow global and this works on other non-MikroTik ZT endpoints. Any ideas?
zuul@sw-lab-02.jan1.us.ipa.net] > ip route/print
Flags: D - dynamic; X - disabled, I - inactive, A - active; c - connect, s - static, r - rip, b - bgp, o - ospf, d - dhcp, v - vpn, m - modem, y - copy; H - hw-offloaded; + - ecmp
 #       DST-ADDRESS        GATEWAY            DISTANCE
   DIv   10.255.128.0/19    100.125.130.1             1
 0  As   0.0.0.0/0          100.126.32.81             1
   DAc   10.255.34.0/24     vlan103                   0
   DAc   10.255.35.0/24     vlan104                   0
   DAc   100.125.130.0/24   zerotier1                 0
   DAc   100.126.32.80/29   sfp-sfpplus1              0
   DAc   100.127.32.5/32    lo0                       0
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
MikesellT
just joined
Posts: 5
Joined: Fri Nov 15, 2019 9:43 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 4:01 am

This is great news! And it is unexpected especially since it seems a partnership between ZT and Mikrotik. I will definitely try this out as soon as it is available in stable version. Great job listening to the community and working on this!

Having said that, a while ago I noticed my ZT connections would lose pings every few minutes (I was getting dropped from remote desktop sessions and started ping testing). This went on for a while until I decided to try Tailscale. Tailscale has been rock solid.

Tailscale is basically a similar SDWAN-style connection but based on WireGuard. Is there any possibility to get Tailscale support as well? I am not a developer and I assume the work on ZT was quite an undertaking, but it never hurts to ask about other options.

I will test ZT via Mikrotik and see how it goes. Truth be told I think ZT has more features and flexibility than Tailscale, but Tailscale so far has just been more reliable and consistent.

Thanks
 
giulianoz
just joined
Posts: 18
Joined: Sat Apr 08, 2017 6:44 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 5:21 am

Is this arm only ? I would love to have it on hex s :)
 
MikesellT
just joined
Posts: 5
Joined: Fri Nov 15, 2019 9:43 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 6:36 am

Somehow I missed the part about just being ARM. My routers are all MIPS :( . Any plans for future support?
 
mafiosa
Member Candidate
Member Candidate
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 7:21 am

Finally after crying for so long !!!
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.2
 
lazygeeknz
just joined
Posts: 2
Joined: Mon Jul 11, 2011 2:12 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 7:23 am

Yes, And more. RC 2 is a good version, so far, stable and all known showstoppers fixed
I would call VPLS not working a showstopper
 
Mplsguy
MikroTik Support
MikroTik Support
Posts: 227
Joined: Fri Jun 06, 2008 5:06 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 9:16 am

I'm having issues with routes injected from the controller - are those supported yet? The injected route below (10.255.128.0/19) is inactive. I've set allow global and this works on other non-MikroTik ZT endpoints. Any ideas?
You are right, this is already fixed an will be available in next release.
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 121
Joined: Mon Mar 15, 2021 9:10 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 9:25 am

hi,

also align winbox to accommodate this change whilst it's working in CLI it is pretty much welcome for not so technically savvy on CLI to make this available also in winbox 3.30 perhap? hehehe
 
eldblz
just joined
Posts: 5
Joined: Mon May 11, 2015 11:44 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 11:05 am

Thank you very much! I'm just here to say awesome work to the developers!
Wireguard and ZeroTier are great additions!
 
dragon2611
Member Candidate
Member Candidate
Posts: 172
Joined: Fri Sep 25, 2009 12:06 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 11:22 am

Will Zerotier be updated in line with their releases, also does its there a way to pass custom configuration to zerotier.
this has the potential to become very interesting if zerotier manage to make some improvements to their multipath code and merge it into the main branch (WAN bonding anyone?)
 
User avatar
sszbv
Trainer
Trainer
Posts: 6
Joined: Sun Oct 07, 2012 11:47 am
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 12:06 pm

This looks very promising!

How can I add the zerotier interface to a bridge?
If not possible now, will this be possible in the future?

edit:
nevermind, I just added it to a bridge via terminal :)
cool!!!
 
OlofL
Member Candidate
Member Candidate
Posts: 102
Joined: Mon Oct 12, 2015 2:37 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 12:53 pm

NO THANKS!
I will manage my VPNs on my own, don't need and don't want any external service for that.
Wireguard is working perfectly, thank you for that. OpenVPN is still working as it used to for years (slow but reliable).

BTW, instead of adding random mostly useless stuff, why first don't make usefull packages that were in v6, like APC UPS?

Thank you!
Agree! How about finishing networking basics, such as routing protocols, ipv6 etc before throwing in more little used completely new functionality?!
 
EduardNOV
just joined
Posts: 6
Joined: Wed Sep 01, 2021 1:57 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 2:00 pm

Hello Everyone,

Please post more benchmarks. 4011 platform especially. Anyone aware if ZeroTier for Mikrotik using hardware encryption or not?
Last edited by EduardNOV on Wed Sep 01, 2021 2:01 pm, edited 1 time in total.
 
User avatar
Joni
Member Candidate
Member Candidate
Posts: 134
Joined: Fri Mar 20, 2015 2:46 pm
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 3:13 pm

Of all the request to implement in RouterOS, why specifically ZeroTier?
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 121
Joined: Mon Mar 15, 2021 9:10 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 3:43 pm

hi,

I just reboot my router to my surprise my config was gone i track down the issue with zerotier, if i remove the zerotier part whenever i reboot the router the config stay. restoring also from backup with zerotier config present in the configuration won't work.



---edit

found the issue, there were part of my config wasn't able to convert to v7 once i sanitize everything restore is ok
Last edited by loloski on Wed Sep 01, 2021 5:28 pm, edited 1 time in total.
 
oreggin
Member Candidate
Member Candidate
Posts: 166
Joined: Fri Oct 16, 2009 9:21 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 4:17 pm

First of all I can't find ZT package in allpkg zip file:
$ unzip -l all_packages-arm-7.1rc2.zip 
Archive:  all_packages-arm-7.1rc2.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
 14053521  2021-08-31 11:30   wifiwave2-7.1rc2-arm.npk
    20625  2021-08-31 11:30   calea-7.1rc2-arm.npk
    24721  2021-08-31 11:30   gps-7.1rc2-arm.npk
    57489  2021-08-31 11:30   iot-7.1rc2-arm.npk
   131217  2021-08-31 11:30   tr069-client-7.1rc2-arm.npk
   364689  2021-08-31 11:30   user-manager-7.1rc2-arm.npk
---------                     -------
 14652262                     6 files
Press any key to continue...
It is only in the support provided pkg?

After that, it is a question to me what functions integrated into MTik ZT package? I mean it could be MOON Root, or it could be only node/client? I'm not yet familiar with ZT and don't understand all of the hysteria about it over here, but it could be good for something one day ;-)
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 121
Joined: Mon Mar 15, 2021 9:10 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 4:23 pm

First of all I can't find ZT package in allpkg zip file:
$ unzip -l all_packages-arm-7.1rc2.zip 
Archive:  all_packages-arm-7.1rc2.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
 14053521  2021-08-31 11:30   wifiwave2-7.1rc2-arm.npk
    20625  2021-08-31 11:30   calea-7.1rc2-arm.npk
    24721  2021-08-31 11:30   gps-7.1rc2-arm.npk
    57489  2021-08-31 11:30   iot-7.1rc2-arm.npk
   131217  2021-08-31 11:30   tr069-client-7.1rc2-arm.npk
   364689  2021-08-31 11:30   user-manager-7.1rc2-arm.npk
---------                     -------
 14652262                     6 files
Press any key to continue...
It is only in the support provided pkg?

After that, it is a question to me what functions integrated into MTik ZT package? I mean it could be MOON Root, or it could be only node/client? I'm not yet familiar with ZT and don't understand all of the hysteria about it over here, but it could be good for something one day ;-)
https://box.mikrotik.com/f/c9a303113884413bbdca/?dl=1

here is the link and it's for arm only
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 5:07 pm

Of all the request to implement in RouterOS, why specifically ZeroTier?

When you look at it from a business standpoint, it makes complete sense.

1) MikroTik needed an SDWAN solution to sell more boxes
2) ZeroTier needed a hardware solution to sell more licenses

It's a phenomenal protocol and far better than any other VPN i've used in the last 20 years. This is a great partnership.
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 5:13 pm

Of all the request to implement in RouterOS, why specifically ZeroTier?

When you look at it from a business standpoint, it makes complete sense.

1) MikroTik needed an SDWAN solution to sell more boxes
2) ZeroTier needed a hardware solution to sell more licenses

It's a phenomenal protocol and far better than any other VPN i've used in the last 20 years. This is a great partnership.
Good to know,
It seems though it seems ideal for configuring remotely MT boxes, vice lets say WIREGUARD where I want to let external users use my ISP connection for their needs.
Unless there is a way of using zerotier for that purpose???
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 5:24 pm



Good to know,
It seems though it seems ideal for configuring remotely MT boxes, vice lets say WIREGUARD where I want to let external users use my ISP connection for their needs.
Unless there is a way of using zerotier for that purpose???

ZeroTier is awesome for remote connectivity or if you want to join users into a LAN to use a different internet connection - but that's not what makes it special.

It's a *massively* scalable mesh VPN protocol that creates large L2 fabrics with some unique characteristics.

- You can use an MTU higher than 1500 over the internet (inside a ZT network) without fragmentation because zerotier does the fragmentation and reassembly behind the scenes at a lower layer.
- It will allow non IP based protocols over ethernet like IS-IS or Segment Routing with IS-IS
- Extremely large L2 domains are possible due to SDN controller management of ARP, broadcast and multicast. ZeroTeir has a public network called earth that's a single /7 L2 domain and thousands of hosts are joined to it.
- ZeroTier is not just for private networks - you can create a public VPN overlay that anyone can join without authentication if desired - all they need is the network id
- Because tunnel management is handled by a controller and not manually, an endpoint will follow the best path over the Internet to any other endpoint
- Tunnel transport can be IPv4 or IPv6 and it can change on the fly dynamically - you can then put IPv4 or IPv6 on top of the network.
- Security policies can be pushed to an endpoint via the controller, so if you have hundreds of endpoints that you only want to be able to get to 192.168.1.101 on port 443, you can write a rule in the controller and any endpoint that joins will inherit this security policy.

That's just the tip of the iceberg - like I said, It's a phenomenal protocol and we use it in the Service Provider world for OOB Mgmt and also building MPLS transport over the Internet.
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
oreggin
Member Candidate
Member Candidate
Posts: 166
Joined: Fri Oct 16, 2009 9:21 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 5:36 pm

So, if I understand correctly, ZT is building a huge L2 domain inside the "Network"? There is a P2P L2 solution? We hate L2 in ISP backbone as it is very dangerous and caused a lot of issues. This huge L2 domain works only in a perfect world where we isn't living. How can we defend against problematic hosts or BUM in the L2 domain in ZT "Network"?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 5:37 pm

I guess the final question, is throughput. Wireguard has been pretty decent, how does zerotier compare.
For example I have two computers on the same ISP 15km apart and both have 1gig connectivity.
IF wireguard gives me xxx speed, will zerotier be xxx PLUS or xxx MINUS??
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
Joni
Member Candidate
Member Candidate
Posts: 134
Joined: Fri Mar 20, 2015 2:46 pm
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 5:48 pm

Of all the request to implement in RouterOS, why specifically ZeroTier?

When you look at it from a business standpoint, it makes complete sense.

1) MikroTik needed an SDWAN solution to sell more boxes
2) ZeroTier needed a hardware solution to sell more licenses

It's a phenomenal protocol and far better than any other VPN i've used in the last 20 years. This is a great partnership.
But we're not the business, and we need to have it make sense for us clients. Remember, don't become the product.
Comparing VPN to SDWAN is basically like comparing lightbulbs to LED, plase don't.
Last edited by Joni on Wed Sep 01, 2021 5:50 pm, edited 1 time in total.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 5:50 pm




When you look at it from a business standpoint, it makes complete sense.

1) MikroTik needed an SDWAN solution to sell more boxes
2) ZeroTier needed a hardware solution to sell more licenses

It's a phenomenal protocol and far better than any other VPN i've used in the last 20 years. This is a great partnership.
But we're not the business, and we need to have it make sense for us clients. Remember, don't become the product.
Comparing VPN to SDWAN is basically like comparing lightbulbs to LEDs, plase don't.

ZeroTier is absolutely an SDN product - go dig into it.
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 6:15 pm

I guess the final question, is throughput. Wireguard has been pretty decent, how does zerotier compare.
For example I have two computers on the same ISP 15km apart and both have 1gig connectivity.
IF wireguard gives me xxx speed, will zerotier be xxx PLUS or xxx MINUS??

I can't speak to the implementation on MikroTik yet, but I know custom ZT implementations that are getting 10+ Gbps over the Internet of real world throughput.
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
User avatar
doridian
newbie
Posts: 25
Joined: Mon Jan 20, 2014 3:08 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 7:12 pm

I have played around a bit on my RB4011 with this. It is working beautifully now.
However, I found I had to set
disable-running-check=yes
to make the interface come up. That parameter is not described anywhere, what does it do (I just found out it fixes my problems by experimenting around)?

My config is fairly simple (using ZT1)
/zerotier
set zt1 identity="*" name=zt1 port=9993
/zerotier interface
add disable-running-check=yes disabled=no instance=zt1 mac-address=* name=zt-foxden network=*
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 8:10 pm

Wow, this is a pleasant surprise! On a hAPac2, followed @normis directions, and it worked for me. I had my Mikrotik with USB MBIM LTE modem connect through the ZeroTier to my iPhone and Mac with the ZeroTierOne apps. Basically I had a secure version of a "cloud RoMON" using ZeroTier in minutes – very cool.

You do need to "authorize" the connection in ZeroTier UI, once the MT device registers with ZeroTier (eg running). To clarify the thread, you need a "ARM" MT for this now in v7rc2 AND to manually install a package (e.g. drag download from top of this thread to Files and reboot to get ZT) – my reading was future v7.1 versions will be including with the default package [ and hopefully wider amount of platforms like MIPSBE ;) ) ].

Be very curious if anyone tries to use the ZeroTier Multipath with it – that supports a "balance-aware" mode of bonding that might get bonded LTE working with only Mikrotik HW. See:
https://zerotier.atlassian.net/wiki/spa ... /Multipath
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 293
Joined: Thu Oct 19, 2017 12:50 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 8:34 pm

I gather this is something of not much utility for the homeowner.
I'd like to state quite the opposite opinion!
With ZT you do not have the needs to open ports to the outside, since everyone/each device is basically a client only.

When the connection is established, this is similar to a GRE/EOIP tunnel.
All you need to do is to "join" a network (known network ID) and the network admin then can enable your port/connection from within the seperate web-UI in ZT-central
No complex VPN setup for a Home User.... for a site-2-site scenario as a more advanced level, plain, old routing tables, if any, are needed

@Normis thank you and kudos for bringing this to life....time to fire up my CHR for testing, before I try to fry my RB4011 ;-)
 
elbob2002
Member Candidate
Member Candidate
Posts: 148
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 8:39 pm

@Normis thank you and kudos for bringing this to life....time to fire up my CHR for testing, before I try to fry my RB4011 ;-)

Get ready to fry your RB4011 because it's ARM only for the moment :)
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 8:56 pm

On a hAPac2, followed @normis directions, and it worked for me.
Note: The instructions don't include the hAP ac^2 – which is what I used – only "hAP ac³ (non LTE)" is listed. I thought it was hAP ac3 before I looked more carefully in winbox after upgrading ;). My device has 1.3Mb of flash disk to spare after installing the rc2 ZeroTier package it seems.

I used ZeroTier to remotely pull the hAP ac2, using an LTE modem connected to via USB:
[skyfi@hap94] /system/resource/cpu> print
Columns: CPU, LOAD, IRQ, DISK
#  CPU   LOAD  IRQ  DISK
0  cpu0  3%    0%   0%  
1  cpu1  1%    0%   0%  
2  cpu2  5%    0%   0%  
3  cpu3  7%    2%   0%  
[skyfi@hap94] /system/resource/cpu> /tool/profile 
Columns: NAME, USAGE
NAME          USAGE
ethernet      0.1% 
console       0.1% 
networking    0.2% 
winbox        0.2% 
management    0.7% 
profiling     0%   
telnet        0%   
unclassified  1.1% 
total         2.4% 
[skyfi@hap94] /system/health/settings> /system/resource/print 
                   uptime: 13h35m12s
                  version: 7.1rc2 (testing)
               build-time: Aug/31/2021 08:07:46
         factory-software: 6.43.10
              free-memory: 52.5MiB
             total-memory: 128.0MiB
                      cpu: ARMv7
                cpu-count: 4
            cpu-frequency: 448MHz
                 cpu-load: 1%
           free-hdd-space: 1292.0KiB
          total-hdd-space: 15.2MiB
  write-sect-since-reboot: 322
         write-sect-total: 11436
               bad-blocks: 0%
        architecture-name: arm
               board-name: hAP ac^2
                 platform: SkyFi-alpha1
                 
[skyfi@hap94] /system/resource/cpu> /interface/lte/monitor 0
            status: connected
             model: MC7455
          revision: SWI9X30C_02.32.11.00
  current-operator: AT&T
        data-class: LTE
    session-uptime: 13h39m16s
              imei: [redacted]
              imsi: [redacted]
              uicc: [redacted]
              rssi: -101dBm
Anyway ZeroTier seems to still, at least in limited testing, works well – I connect to the hAPac2's MAC address (found via network discovery) from Mac/winbox-mac (with ZeroTier Mac app installed and connected to same ZeroTier network ID). Really it all just seem to work, impressive!
Screen Shot 2021-09-01 at 10.26.14 AM.png
Screen Shot 2021-09-01 at 10.25.53 AM.png
Screen Shot 2021-09-01 at 10.25.35 AM copy.jpg
You do not have the required permissions to view the files attached to this post.
Last edited by Amm0 on Wed Sep 01, 2021 8:59 pm, edited 1 time in total.
 
User avatar
Hominidae
Member Candidate
Member Candidate
Posts: 293
Joined: Thu Oct 19, 2017 12:50 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 8:59 pm

Get ready to fry your RB4011 because it's ARM only for the moment :)
... :lol: totally missed that....too excited...OK, will have to take some time to consider how desperate I am ;-)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2841
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 9:17 pm

How does ZeroTier license works with Mikrotik?
https://www.zerotier.com/pricing/

Does it count all user on the inside, or only see the Nat traffic?
 
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
 
 
User avatar
doridian
newbie
Posts: 25
Joined: Mon Jan 20, 2014 3:08 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 9:20 pm

How does ZeroTier license works with Mikrotik?
https://www.zerotier.com/pricing/

Does it count all user on the inside, or only see the Nat traffic?
ZT only counts actual nodes connected to the network, as in, devices that run the ZT client/app/package.
You can forward as many devices through as you want, or even bridge them in.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2841
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 9:26 pm

So you need the ZT client/app/package on each device as well as ZeroTier enabled on the MT Router?
 
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
 
 
User avatar
doridian
newbie
Posts: 25
Joined: Mon Jan 20, 2014 3:08 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 9:28 pm

So you need the ZT client/app/package on each device as well as ZeroTier enabled on the MT Router?
You do not. You can use the router to forward packets to the ZT interface like any other interface.
You can even put the ZT interface on a bridge (don't know if ROS supports that, yet, but ZT does).

But as I said, you don't get billed for those things, you would only get a billable usage of "1 node", because only your router runs the package.
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 01, 2021 11:15 pm

So you need the ZT client/app/package on each device as well as ZeroTier enabled on the MT Router?
Yes, if you want them to part of the subnet (similar in concept to 'road warrior' style VPN)... Any device that use the same ZeroTier "network id" (10 hex digits) is part of the same subnet (unless you change the flow rules/routers in ZeroTier). If you using ZeroTier to route between two subnets you control, then you just need 2 ZT client/app/package (like a site-to-site VPN)

If you think that ZeroTier maintains an [virtual] ethernet switch in the cloud, you'd may be better off. So any device you want to connect the ZeroTier "virtual switch", needs a ZeroTier client. So on 7.1rc2 with ARM+package, that one. If you want your iPhone, Mac, or whatnot to be part of the same "virtual switch" (and get an ZeroTier-controlled private IP from same subnet connect the switch), that's be another.

I think you get 50 "virtual ethernet ports" (ZT call them 'addresses') for free, basically anything connected via ZT app (see https://www.zerotier.com/download/ ) or now RouterOS with ZT enabled would count. e.g. subnets/IP address that 'forward' via ZeroTier, don't count. There is some pretty sophisticated things you can do with subnetting and L2 stuff in flow rules – that what makes it different than Wireguard – but out-of-box it acts like a cloud-hosted dumb ethernet switch.

Anything that uses the same Network ID is "plugged into" the virtual ZeroTier switch.
 
User avatar
tutugreen
just joined
Posts: 8
Joined: Fri Oct 06, 2017 3:14 pm

Re: ZeroTier added to RouterOS v7rc2

Thu Sep 02, 2021 4:24 am

This is GREAT. :D
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 171
Joined: Wed Aug 09, 2017 1:15 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 9:48 am

How does encryption / key exchange work with zerotier? Are the keys / certificates kept locally on the devices, or are they stored in the Cloud, so the provider theoretically could look at the traffic routed through their network? Do you guys have any privacy concerns?
 
InterNAPs
just joined
Posts: 2
Joined: Thu Sep 02, 2021 10:15 am

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 10:18 am

Great!! Thank you!

Please make sure it continues to work with hapAC2 - great small endpoint box for connecting small remote endpoints/iot endpoints.

Also please stop making devices with 16mb space. Nand is cheap.
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 10:42 am

How does encryption / key exchange work with zerotier? Are the keys / certificates kept locally on the devices, or are they stored in the Cloud, so the provider theoretically could look at the traffic routed through their network? Do you guys have any privacy concerns?
From ZeroTier documentation:

Every VL1 packet is encrypted end to end using (as of the current version) 256-bit Salsa20 and authenticated using the Poly1305 message authentication (MAC) algorithm.
No answer to your question? How to write posts
 
vaka
just joined
Posts: 19
Joined: Fri Dec 04, 2020 4:08 pm
Location: Ukraine

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 12:14 pm


Devices that support this feature:

CCR2004
...
can not install zerotier-7.1rc2: it is not made for arm64, but for arm
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 12:28 pm

My mistake. Package for now is ARM only, ARM64 is not supported.
No answer to your question? How to write posts
 
caspat
newbie
Posts: 47
Joined: Wed Apr 28, 2010 3:55 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 3:01 pm

Big thank's!!
Any timeframe to port it to others platforms?
 
chrisfr
just joined
Posts: 4
Joined: Thu Sep 02, 2021 3:35 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 3:38 pm

I did a test on CRS305, and it work fine. It take about 800k on disk space.
Thank you for this new feature :)
 
rogierb
just joined
Posts: 10
Joined: Wed May 14, 2014 4:44 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 4:47 pm

Big thank's!!
Any timeframe to port it to others platforms?
yes please although it's a promising start
 
elbob2002
Member Candidate
Member Candidate
Posts: 148
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 02, 2021 10:39 pm

I'm testing on two routerboards. An RB3011 and a Chateau LTE 12 both joining to the same Zerotier network. The Zerotier network is not advertised internally.

The Chateau has connected over LTE with no issues and looks good on the Zerotier Network.

The RB3011 appears on line on my Zerotier Network Page however on the router itself I see the following in routes!
ZTMTIK3011.PNG
Removed, added it again. Tried it on a different Zerotier network. Same issue in that it's visible on the Zerotier control panel but not visible to any other hosts on the same zerotier network.

The only thing that's different is the RB3011 is connected via PPPoE to the internet. But my original Ubuntu Zerotier VM had no issues connecting through the same internet connection.

Any ideas?
You do not have the required permissions to view the files attached to this post.
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: ZeroTier added to RouterOS v7rc2

Fri Sep 03, 2021 3:40 am

That's just the tip of the iceberg - like I said, It's a phenomenal protocol and we use it in the Service Provider world for OOB Mgmt and also building MPLS transport over the Internet.
I'm very interested in this MPLS transport option. Currently we use EoIP for this - we have many locations added to our MPLS cloud via EoIP tunnels. Can you elaborate a bit on this? My main concern would be handling MPLS QoS with this - I understand that ZeroTier has some built in QoS stuff (or is at least implementing it), but I'm a bit unclear as to how this handles MPLS traffic. We currently successfully do MPLS QoS with EoIP and I want to be sure that this is possible with ZeroTier.
 
teleport
just joined
Posts: 12
Joined: Mon Sep 07, 2020 11:51 pm

Re: ZeroTier added to RouterOS v7rc2

Fri Sep 03, 2021 8:21 am

Why not, you can install iPhone Zerotier client and then join your home LAN with this.
Home network with Mikrotik ethernet router rb450gx4:
tried to access the webfig URL using the zerotier IP from a windows box(zerotier enabled/connected) with not much success.(zerotier is running and connected to the network on mikrotik RB450GX4)
Question:1. are there additional settings /firewall rules etc needed?
2. any details on how to make home LAN devices accessible with just rb450gx4 router zerotier configuration.

thanks
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 8:41 am

Teleport, start with Zerotier tutorial on their webpage. Did you get a connection to their network, and then went and approved this Windows PC in the zerotier portal? You have to approve every device there.
No answer to your question? How to write posts
 
mducharme
Trainer
Trainer
Posts: 1740
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 8:47 am

I found the official MikroTik docs really helpful for getting ZeroTier going: https://help.mikrotik.com/docs/display/ROS/ZeroTier
 
mafiosa
Member Candidate
Member Candidate
Posts: 234
Joined: Fri Dec 09, 2016 8:10 pm
Location: Kolkata, India
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 9:16 am

Teleport, start with Zerotier tutorial on their webpage. Did you get a connection to their network, and then went and approved this Windows PC in the zerotier portal? You have to approve every device there.
I am wanting to join a zt network that has IPv6 only. Is that an issue? I have set allowed global= true yet I cannot ping other clients on the ZT network. Already approved on the control panel.
Running Bugtik v7.2.3 on RB3011-UiAS-RM HAP AC^2 & RB5009, VyOS 1.3.1 on Proxmox VE 7.2
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 9:18 am

to ping other clients, you must allow access in the firewall, and you might need to set up routing. these things are outlined in the zerotier manual too.
No answer to your question? How to write posts
 
elbob2002
Member Candidate
Member Candidate
Posts: 148
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 9:30 am

I found the official MikroTik docs really helpful for getting ZeroTier going: https://help.mikrotik.com/docs/display/ROS/ZeroTier
I tried adding the firewall entries but no luck unfortunately. Maybe it's a bug?
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 9:37 am

1) In the zerotier cloud console, add neeeded routes to your internal networks.
2) Enable AUTH for all connected and trusted devices
You do not have the required permissions to view the files attached to this post.
No answer to your question? How to write posts
 
elbob2002
Member Candidate
Member Candidate
Posts: 148
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 10:00 am

That's all done. The Zerotier network I'm connecting to has been in use for about 3 years. It's just bizarre that the Chateau over LTE can connect and ping the Zerotier Network and the RB3011 with a PPPoE VDSL connection can't.

I just disabled Zerotier on the RB3011 and change the Chateau's default route through the RB3011 and that was fine. I also tested once more by changing the default route through an RB750Gr3 connected to Starlink and no issue.

Firewall rules on the RB3011 are fairly standard. No connection marking or the like.
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 11:08 am

If you do have accept rules from zerotier1 interface

[normis@Home] /ip firewall filter> add action=accept chain=forward in-interface=zerotier1 place-before=0
[normis@Home] /ip firewall filter> add action=accept chain=input in-interface=zerotier1 place-before=0

then just make a new topic and post some more info about your setup
No answer to your question? How to write posts
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 171
Joined: Wed Aug 09, 2017 1:15 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 11:32 am

also make sure the network you try to ping is not used in an ipsec policy
 
kowal
just joined
Posts: 22
Joined: Sun Jul 06, 2014 2:23 am

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 3:14 pm

I'm waiting for ordered hAP ac^3 and installed package in lab 450gx4 but maybe someone already tested - what's actual performace using ZeroTier?
 
elbob2002
Member Candidate
Member Candidate
Posts: 148
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 3:25 pm

also make sure the network you try to ping is not used in an ipsec policy
No IPsec policies on the network. They are used on two tunnels however.

As Normis suggested I have created a new thread on it here.

Edit - Issue resolved. See thread below for details.

viewtopic.php?f=1&t=178172
Last edited by elbob2002 on Fri Sep 03, 2021 4:30 pm, edited 1 time in total.
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12
 
User avatar
krafg
Forum Veteran
Forum Veteran
Posts: 854
Joined: Sun Jun 28, 2015 7:36 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 4:21 pm

Thanks a lot!!! In my case, I not have any of these devices on my personal network, BUT, is the first step.

My congratulations for listening to those of us who want ZeroTier implemented!!!

Regards.
If you want to know my network, you can find it here.

Telegram: @krafgrgi

Image
 
User avatar
nithinkumar2000
Member Candidate
Member Candidate
Posts: 145
Joined: Wed Sep 11, 2019 7:42 am
Location: Coimbatore
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 03, 2021 9:41 pm

Nice to see more and More Addons in V7... Thank You So much Mikrotik Team for Hard Work and Effort.

Please also do the needful for IPv6 Radius Attributes for Delegated Prefix over PPPOE
MTCNA | MTCRE | MTCINE | MTCTCE

Mikrotik Consultant - Specialized in ISP OPERATIONS | ROUTING | QOS | FIREWALL | MPLS | SCRIPTING | IPv6
 
paintballer4lfe
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Tue Dec 06, 2016 5:10 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 04, 2021 12:47 am

We are happy to announce ZeroTier support for ARM architectures with enough space*.

RC2 package available here:
https://box.mikrotik.com/f/c9a303113884413bbdca/?dl=1

But from the next v7.1 release, it will be included in the release system (all packages ZIP archive).

To join a Zerotier network, it is as simple as this:
[normis@Home] /zerotier/interface> add network=YYYYYYYYY instance=zt1
[normis@Home] /zerotier>enable zt1
ZeroTier documentation can be found here: https://zerotier.atlassian.net/wiki/spa ... h+ZeroTier

Devices that support this feature:

RB4011
RB3011
RB1100AHx4
RB450Gx4
Audience
hAP ac³ (non LTE)
You missed a step bud
[normis@Home] /zerotier/interface> add network=YYYYYYYYY instance=zt1
[normis@Home] /zerotier/interface> enable zerotier1
[normis@Home] /zerotier>enable zt1
or of course you can just
[normis@Home] /zerotier/interface> add network=YYYYYYYYY instance=zt1 disabled=no
[normis@Home] /zerotier>enable zt1
Mikrotik Honeypot brute force live IP feed ->viewtopic.php?p=901638
"We cannot recreate it on our end"
MCTA, MCTRE. and MTCINE certified at birth.
CCNA >>>>>>>>> Mikrotik Certs
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 171
Joined: Wed Aug 09, 2017 1:15 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 04, 2021 3:04 pm

After installing the zerotier npk on my HAP AC2, my Firewall Filter Rules are all mixed up, and wireless caps settings are gone. I also lost my Loopback Bridge, it's address was still present in /ip/address.
One unplanned reboot since I installed the package, nothing in the log, but an autosupout was generated.
Not sure if this is because of the zerotier npk or a bug in ROS 7.1rc2.
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 04, 2021 5:16 pm

After installing the zerotier npk on my HAP AC2, my Firewall Filter Rules are all mixed up, and wireless caps settings are gone. I also lost my Loopback Bridge, it's address was still present in /ip/address.
One unplanned reboot since I installed the package, nothing in the log, but an autosupout was generated.
Not sure if this is because of the zerotier npk or a bug in ROS 7.1rc2.
In fairness, @normis didn't say the hAP ac^2 is supported for ZeroTier... That being said, it worked on the couple hAPac2 I've been using to test v7, but there may be a reason this platform isn't listed as supported (even though it is ARM, and does load the package) ;).

I've been using ZeroTier on hAPac2 for a few days now, but network is simple: I have single external LTE USB modem for internet - no cap2man – firewall/config are based on QuickSet "Home AP" defaults with minor tweaks.

One note, I read somewhere one bug in v7.1 is "lost configuration", so probably may want to report this to Mikrotik support@mikrotik.com.
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 04, 2021 5:46 pm

Converted one of our office ZT gateways from UBNT to MikroTik - it's working great!

Using a test build of rc3 to test the bug fix for injected routes going inactive - which is now working.

Image
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
User avatar
CTassisF
just joined
Posts: 20
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 04, 2021 6:04 pm

Please add support for ZeroTier Multipath and its various configuration options and policies: https://zerotier.atlassian.net/wiki/spa ... /Multipath
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 04, 2021 6:09 pm

Please add support for ZeroTier Multipath and its various configuration options and policies: https://zerotier.atlassian.net/wiki/spa ... /Multipath
+1 - assuming the "balance-aware" mode works, that be a interesting way to bond LTE, without external hardware/software, directly on the Mikrotik...
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 04, 2021 6:16 pm

Please add support for ZeroTier Multipath and its various configuration options and policies: https://zerotier.atlassian.net/wiki/spa ... /Multipath


https://twitter.com/ZeroTier/status/143 ... 04065?s=20

Image
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
jult
newbie
Posts: 36
Joined: Sat Dec 26, 2020 1:16 am

Re: ZeroTier added to RouterOS v7rc2

Sat Sep 04, 2021 9:52 pm

Why not, you can install iPhone Zerotier client and then join your home LAN with this.
People keep stating how 'simple' and 'easy' it should be to setup a zerotier link, but I can assure you: It's not. And everytime I tried it, and by now that's about 5 times over the last 5 years, it did not work, as in, I could *not* actually use it as a VPN replacement, I could not access LAN IPs through CGNAT, etc. The docs and UI are not very user-friendly at all. They should look at how OpenVPN write docs, that one was easy and works, as long as you're not behind a CGNAT.
RB4011iGS+5HacQ2HnD / RBMetalG-52SHPacn / RB850Gx2 / CSS106-1G-4P-1S
 
teleport
just joined
Posts: 12
Joined: Mon Sep 07, 2020 11:51 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 04, 2021 11:21 pm

Teleport, start with Zerotier tutorial on their webpage. Did you get a connection to their network, and then went and approved this Windows PC in the zerotier portal? You have to approve every device there.
thanks for response. those were all setup correctly. i have the setup working now after the 2 firewall rules were added (input and forward to zerotier1 interface).

my only issue is that: i have unifi controller on one of the LAN box(controller runs inside docker container of LAN box). accessing the url: https://<lanboxip>:8443 (from a zerotier authorized laptop) does not seem to work (i can reach other devices on the LAN like my mikrotik switch/ATA adapter etc)

from Inside the LAN,( laptop ) controller access works just fine. (not sure if it has got to do with page redirects and firewall rules)
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 1:36 am

@IPANetEngineer, maybe you know but there isn't a way to edit the "local.conf" on the Mikrotik side, and that's where bonding would need to be setup?


The ZeroTier docs suggest to enable "multipath/bonding" using in local.conf (but obviously there isn't one on a Mikrotik):
{
    "settings": {
        "allowTcpFallbackRelay": false,
        "portMappingEnabled": false,
        "defaultBondingPolicy": "balance-aware"
    }
}

which is why @CTassisF asks:
Please add support for ZeroTier Multipath and its various configuration options and policies: https://zerotier.atlassian.net/wiki/spa ... /Multipath

Imagine Mikrotik will get to adding "proper" ROS attributes to set this stuff under /zerotier (or whatnot) in future – but AFAIK you can't try Zerotier Multipath using Mikrotik today – be happy if I'm wrong however...maybe you can do this from the Flow Rules side, but didn't look that way... :? ...Twitter was a little unclear on these details ;)
 
rasimoes
just joined
Posts: 11
Joined: Wed Nov 14, 2012 10:06 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 7:53 am

First of all, great work on bringing ZT to the platform!

A question about encryption: what about the hardware acceleration? All models that supports IPsec HW will offload ZT’s encryption?
 
User avatar
CTassisF
just joined
Posts: 20
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 8:36 am

A question about encryption: what about the hardware acceleration? All models that supports IPsec HW will offload ZT’s encryption?

ZeroTier uses Salsa20 to encrypt and Poly1305 to authenticate packets.
As far as I know these are (very fast but) software-only algorithms and can't be offloaded to the hardware for acceleration.
 
EduardNOV
just joined
Posts: 6
Joined: Wed Sep 01, 2021 1:57 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 2:21 pm

A question about encryption: what about the hardware acceleration? All models that supports IPsec HW will offload ZT’s encryption?

ZeroTier uses Salsa20 to encrypt and Poly1305 to authenticate packets.
As far as I know these are (very fast but) software-only algorithms and can't be offloaded to the hardware for acceleration.

Since version 1.6.0 ZT has new AES-GMAC-SIV encryption mode, which is supported in hardware accelerated engines. So the question is still open. This is what they say in Release Notes:

New features and improvements:
AES-GMAC-SIV encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.
 
User avatar
loloski
Member Candidate
Member Candidate
Posts: 121
Joined: Mon Mar 15, 2021 9:10 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 2:47 pm

hi,

since the support ticketing system of mikrotik still under maintenance at this point, can someone share the rc3 early build i'm also interested and need the fix for the route insertion fix in the controller because route don't propagate in mikrotik but in normal client it's working properly, thanks in advance :)
 
rasimoes
just joined
Posts: 11
Joined: Wed Nov 14, 2012 10:06 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 3:56 pm




ZeroTier uses Salsa20 to encrypt and Poly1305 to authenticate packets.
As far as I know these are (very fast but) software-only algorithms and can't be offloaded to the hardware for acceleration.

Since version 1.6.0 ZT has new AES-GMAC-SIV encryption mode, which is supported in hardware accelerated engines. So the question is still open. This is what they say in Release Notes:

New features and improvements:
AES-GMAC-SIV encryption mode, which is both somewhat more secure and significantly faster than the old Salsa20/12-Poly1305 mode on hardware that supports AES acceleration. This includes virtually all X86-64 chips and most ARM64. This mode is based on AES-SIV and has been audited by Trail of Bits to ensure that it is equivalent security-wise.
hmmmm...sounds interesting!
The AES-GMAC is a "variant" from AES-GCM, which is already supported from some RBs. This means that, in theory, some ARM based RBs (RB1100AHx4, RB4011 and CCR2004) will have ZT hardware acceleration.
 
rjow2021
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Nov 19, 2020 6:26 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 5:00 pm

Like this feature a lot!

I have the RB4011 non wireless on version v6.48.4. Apart from backing up the current config, is there anything else I need to do before going to 7.1rc2?
 
teleport
just joined
Posts: 12
Joined: Mon Sep 07, 2020 11:51 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 9:24 pm

Like this feature a lot!

I have the RB4011 non wireless on version v6.48.4. Apart from backing up the current config, is there anything else I need to do before going to 7.1rc2?
i did it on routerboard rb450gx4 and all i had to do was drop the rc2 into 'files' and reboot twice. also take the zerotier .npk and drop in files and reboot. you are all set.
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 05, 2021 9:34 pm

Would be great if we can specify the Distance for the routes as by default add it to the route table with Distance of 1 and if you are using it as a backup then you end up with Issue.

love to see zerotier/interface/ add network=xxxx instance=zt1 route-distance=xxx

Thanks all
 
User avatar
CTassisF
just joined
Posts: 20
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 06, 2021 4:57 pm

ZeroTier uses Salsa20 to encrypt and Poly1305 to authenticate packets.
As far as I know these are (very fast but) software-only algorithms and can't be offloaded to the hardware for acceleration.
Since version 1.6.0 ZT has new AES-GMAC-SIV encryption mode, which is supported in hardware accelerated engines. So the question is still open. This is what they say in Release Notes:

Oh, I missed that in the 1.6.0 changelog. Nice!
They still need to support the Salsa20/Poly1305 option in code, both to keep backwards compatibility to versions pre-1.6.0 and to be able to talk to other ZT peers that do not support the new AES encryption. But it is great having AES because it can be hardware accelerated!
Hope to see ZT offloading AES to the hardware on Routerboards :) (if not done already)
 
rasimoes
just joined
Posts: 11
Joined: Wed Nov 14, 2012 10:06 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 06, 2021 4:59 pm


Since version 1.6.0 ZT has new AES-GMAC-SIV encryption mode, which is supported in hardware accelerated engines. So the question is still open. This is what they say in Release Notes:

Oh, I missed that in the 1.6.0 changelog. Nice!
They still need to support the Salsa20/Poly1305 option in code, both to keep backwards compatibility to versions pre-1.6.0 and to be able to talk to other ZT peers that do not support the new AES encryption. But it is great having AES because it can be hardware accelerated!
Hope to see ZT offloading AES to the hardware on Routerboards :) (if not done already)
🙏
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 06, 2021 6:45 pm

Hope to see ZT offloading AES to the hardware on Routerboards :) (if not done already)

Same. This would be phenomenal. 8)
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
rjow2021
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Thu Nov 19, 2020 6:26 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 06, 2021 9:07 pm

It's definitely something I'm doing wrong.

My phone is auth'd with an IP, as is the router (RB4011), in the ZeroTier interface.
zerotier interface print
shows it's set up.

But I cannot get access to LAN from WAN.

Is there firewall rules I need to apply?
 
EduardNOV
just joined
Posts: 6
Joined: Wed Sep 01, 2021 1:57 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Sep 07, 2021 1:07 pm

I finally got my RB4011. So I did some Iperf3 benchmarks via ZeroTire link. As you can see on screenshots I got around 90Mbits. CPU load is around 40%. I think it's not bad.
I was testing via 1Gb link. I also found out that ZeroTire supports AES hardware offload only on ARM64. So I think we have to wait until ZeroTire start to support hardware offload on ARM, then maybe we will get it on Mikrotik (since Mikrotik supports ZeroTire only on ARM based devices). This is from ZeroTire Relase notes:
Known remaining issues:

AES hardware acceleration is not yet supported on 32-bit ARM, PowerPC (32 or 64), or MIPS (32 or 64) systems. Currently supported are X86-64 and ARM64/AARCH64 with crypto extensions.
You do not have the required permissions to view the files attached to this post.
 
Adrianlulu
just joined
Posts: 2
Joined: Sat May 08, 2021 6:40 am

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 08, 2021 1:13 am

Quiero saber si ya está disponible para RB 750 GR3
 
EduardNOV
just joined
Posts: 6
Joined: Wed Sep 01, 2021 1:57 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 08, 2021 10:12 am

For those who interested in encryption hardware offload on ZT.
I've asked on ZeroTire forum about support of ARM 32bit platforms and especially Mikrotik. And that's what they answered:

For one, we do not maintain the port to Mikrotik devices. Mikrotik is doing that themselves. Secondly, no ARM32 platforms that we’re aware of support the full set of hardware instructions for the AES-GMAC-SIV algorithm. ARM64 is the only ARM platform with full hardware support for all the instructions.

So as I can see we will not get any hardware accelerated encryption of ZeroTire on 32bit ARM platforms.
I hope that it is possible to get it on new RB5009 as it's ARM64, and has some AES hardware engine in CPU, though I'm not sure if it is compatible with AES-GMAC-SIV algo.
 
emptysands
just joined
Posts: 1
Joined: Thu Sep 02, 2021 11:41 am

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 08, 2021 12:23 pm

RB4011iGS+5HacQ2HnD to RB4011GS+ via the same switch. Wireguard vs ZeroTier.

Wireguard about 450/430 Mbps with 80-90% CPU.
Screenshot from 2021-09-08 21-07-29.png
ZeroTier about 106/109 Mbps with 55% CPU.
Screenshot from 2021-09-08 21-12-24.png
Direct bandwidth test is 950/950 Mbps with 75% CPU.

I've got a hAP ac3 that I'll test at a later stage.
You do not have the required permissions to view the files attached to this post.
 
rasimoes
just joined
Posts: 11
Joined: Wed Nov 14, 2012 10:06 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 08, 2021 4:43 pm

For those who interested in encryption hardware offload on ZT.
I've asked on ZeroTire forum about support of ARM 32bit platforms and especially Mikrotik. And that's what they answered:

For one, we do not maintain the port to Mikrotik devices. Mikrotik is doing that themselves. Secondly, no ARM32 platforms that we’re aware of support the full set of hardware instructions for the AES-GMAC-SIV algorithm. ARM64 is the only ARM platform with full hardware support for all the instructions.

So as I can see we will not get any hardware accelerated encryption of ZeroTire on 32bit ARM platforms.
I hope that it is possible to get it on new RB5009 as it's ARM64, and has some AES hardware engine in CPU, though I'm not sure if it is compatible with AES-GMAC-SIV algo.
I still believe (and hope) that MikroTiks's team will figure out a way for implementing HW accel. on (at least) ARM/ARM64 platforms. The AES-GMAC-SIV uses auth from AES-GCM and cipher from AES-CTR, both fully supported by ARM/ARM64 platforms.
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 08, 2021 5:55 pm

zerotier should be faster than this, I expect this is just early implementation issues.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8678
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 08, 2021 6:20 pm

Are we going to have ZeroTier for CHR?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 08, 2021 6:25 pm

they said moving forward it will be for all, so I presume so.
 
User avatar
rodyeo
newbie
Posts: 44
Joined: Thu Nov 09, 2006 10:53 am
Location: Malaysia
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 09, 2021 5:07 am

Dear Normis,

A big thank you for granting my long awaited wish for ZeroTierOne to be made available on MikroTik RouterOS hardware. I just wish RB750Gr3 and hAPac2 to be made available too if possible.

Else MikroTik could develope own version of similar function like ZeroTier or Reversed SSH function to enable remote access to MikroTik devices behind the NAT firewall.

Again many thanks genie for granting my wishes ... :)

Thanks.
Rodney Yeo (9W2YJ)
Ham Radio Operator
Malaysia
http://rodyeo.dyndns.org
Air Traffic Radar Station
 
User avatar
osc86
Member Candidate
Member Candidate
Posts: 171
Joined: Wed Aug 09, 2017 1:15 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 09, 2021 11:31 am

@rodyeo I have zerotier running on my hapac2, it's already working. The device is rebooting 5-6 times/day, but I think this is because of ROS7 and not the zerotier-addon package.
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 09, 2021 5:04 pm

My hAPAC2 isn’t rebooting with zerotier. It does reboot for fq_codel or cake queues though, do you have those enabled?
 
parham
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Feb 15, 2015 11:35 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 09, 2021 11:05 pm

FYI:
For people have route setup in ZT and also have OSPF or BGP running and don't want to have the Route coming from ZT.

Step 1: disable ZT
zerotier/disable zt1

Step 2: disable the push route and IP:
zerotier/interface/set allow-managed=no zerotier1

Step 3: set the interface IP should be the same as set in ZT portal:
ip/address/add address=x.x.x.x/x interface=zerotier1

Step 4: enable the ZT:
zerotier/enable zt1

Now you can run your OSPF or BGP without
getting the route from ZT as when the ZT pushes the route the distance is set to 1.

Enjoy and Thanks to Mikrotik for adding ZT.
Parham
 
evince
Member
Member
Posts: 353
Joined: Thu Jul 05, 2012 12:11 pm
Location: Weiswampach - Luxemburg
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 10, 2021 2:48 pm

Hi all,

I have installed zerotier package, configured it and all is running.

By the way I cannot see the "zerotier interface" under intercace list, only by cli.

If I check the address list, it is displayed "unknow" as interface but I do have an IP address and the tunnel is working.

Now I'm running v7.1rc3 release.

What's wrong?

Thank you in advance,
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 10, 2021 2:59 pm

Zerotier is only in Command Line for now!
No answer to your question? How to write posts
 
evince
Member
Member
Posts: 353
Joined: Thu Jul 05, 2012 12:11 pm
Location: Weiswampach - Luxemburg
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 10, 2021 3:44 pm

OK tank you Normis, but why under adresse liste it il showed unknow as interface ?
 
icsterm
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Sun Mar 11, 2018 11:11 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 11, 2021 5:38 am

Is there any way we can set the interface MTU for ZeroTier?

At first glance everything looks to work fine, but I would like to avoid all packet fragmentation if possible.

No CLI command looks to fit this purpose so far.
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Sat Sep 11, 2021 6:08 am

Is there any way we can set the interface MTU for ZeroTier?

At first glance everything looks to work fine, but I would like to avoid all packet fragmentation if possible.

No CLI command looks to fit this purpose so far.
No need or point doing this in zerotier because routeros can already do MTU, mru, and Mss clamping so you can already force Packet sizes down if you want. Changing the zt MTU wouldn’t actually help because MTU path discover would already pass or fail so you only need to handle situations that discovery fails. Zt itself already does it’s own MTU testing and already does a lot to encourage MTU discovery to work well.
 
bermudawardrobe
just joined
Posts: 2
Joined: Wed Sep 15, 2021 9:16 pm

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 15, 2021 9:18 pm

So, if I understand correctly, ZT is building a huge L2 domain inside the "Network"? There is a P2P L2 solution? We hate L2 in ISP backbone as it is very dangerous and caused a lot of issues. This huge L2 domain works only in a perfect world where we isn't living. How can we defend against problematic hosts or BUM in the L2 domain in ZT "Network"?
You can block broadcast, multicast, and whatever else you want with the rules engine.
https://docs.zerotier.com/zerotier/rules
 
bermudawardrobe
just joined
Posts: 2
Joined: Wed Sep 15, 2021 9:16 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 15, 2021 9:26 pm

Is there any way we can set the interface MTU for ZeroTier?

At first glance everything looks to work fine, but I would like to avoid all packet fragmentation if possible.

No CLI command looks to fit this purpose so far.
No need or point doing this in zerotier because routeros can already do MTU, mru, and Mss clamping so you can already force Packet sizes down if you want. Changing the zt MTU wouldn’t actually help because MTU path discover would already pass or fail so you only need to handle situations that discovery fails. Zt itself already does it’s own MTU testing and already does a lot to encourage MTU discovery to work well.
It is possible via the my.zerotier.com API or self-hosted controller API. It's a controller/network setting. It's not exposed in the my.zerotier UI. You might have to restart your clients or rejoin your networks. It's almost never needed to change the MTU.
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7rc2

Wed Sep 15, 2021 10:59 pm

So, if I understand correctly, ZT is building a huge L2 domain inside the "Network"? There is a P2P L2 solution? We hate L2 in ISP backbone as it is very dangerous and caused a lot of issues. This huge L2 domain works only in a perfect world where we isn't living. How can we defend against problematic hosts or BUM in the L2 domain in ZT "Network"?
As was said above, this can all be filtered. The filter engine can match input and output on MAC, IP, or zerotier ID. ie, you can say "allow anything that is behind zt id 12345 to anything behind id 54321 on TCP port 80, deny everything else. That effectively blocks all layer2 from those two ID's and allows only the TCP port. It's a very flexable rules engine and it's awesome to be able to filter on traditional MAC and IP but also on the zt 'id' as well.
 
User avatar
slackR
newbie
Posts: 43
Joined: Sat May 23, 2009 1:46 pm
Location: Buffalo, New York, USA
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 16, 2021 4:17 pm

Are we going to have ZeroTier for CHR?
I second this! When will it be available for CHR?
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 17, 2021 12:39 am

When will it be available for CHR?
In ZeroTime no doubt. But that be a better place to test this than in hardware/ARM.
 
fissureneil
just joined
Posts: 2
Joined: Sun Sep 19, 2021 6:17 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Sep 19, 2021 6:25 pm

Hi there, fairly new to Mikrotik, brand new to zerotier

interested in bridging between two 2 x mikrotik, across the Internet, with Zerotier (to temporarily bridge an existing IP network to a single device which has been moved elsewhere, but needs to remain on the same IP range, and able to communicate with its old LAN)

I updated 2 x RB450Gx4 to v7.1rc3, installed the zerotier npk

added:
/zerotier/interface> add network=xxxxxxxxx instance=zt1
/zerotier>enable zt1

to both

(I'm not sure if I should use something in place of zt1, on the 2nd device, eg zt2?)

both show online in the zerotier central web site

ticked the 'bridge' option on the zerotier central web site, and the 2 x mikrotik now see each other in: ip neighbor/ print

but I don't think general IP traffic is being bridged across

what now?

I saw @sszbv say:
" How can I add the zerotier interface to a bridge?"
" nevermind, I just added it to a bridge via terminal :)"

but I don't quite follow

thanks, Neil
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8678
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 20, 2021 12:10 am

/interface/bridge/port/add bridge=your_bridge interface=zt1
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
fissureneil
just joined
Posts: 2
Joined: Sun Sep 19, 2021 6:17 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 20, 2021 1:46 pm

/interface/bridge/port/add bridge=your_bridge interface=zt1
thanks Chupaka, I've now got:

/interface bridge
add mtu=1508 name=your_bridge

/zerotier
set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" identity="xxxxxxx" name=zt1 port=9993

/zerotier interface
add instance=zt1 mac-address=3E:FE:B0:4E:xx:xx name=zerotier1 network=xxxxxxxx

/interface bridge port
add bridge=your_bridge interface=ether1
add bridge=your_bridge interface=zerotier1

and 'Allow Ethernet Bridging' is ticked for both in my.zerotier.com, but, I don't yet have L2 end to end...

(same configuration at both ends)

before doing the 'bridge' stuff, the Mikrotiks saw each other, via zerotier, in:
ip neighbor/ print

but now they don't

appreciate any tips, Neil
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8678
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 20, 2021 7:01 pm

before doing the 'bridge' stuff, the Mikrotiks saw each other, via zerotier, in:
ip neighbor/ print

but now they don't
Make sure you have Neighbor Discovery enabled for your_bridge interface.

If you pull zerotier1 out of bridges - do they start seeing each other again?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Joni
Member Candidate
Member Candidate
Posts: 134
Joined: Fri Mar 20, 2015 2:46 pm
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Sep 21, 2021 8:59 am

 
User avatar
deadkat
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sun Nov 15, 2020 11:14 pm
Location: Alabama, USA

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 23, 2021 6:13 pm

from the article linked:
Practical exploitation of this vulnerability would require an attacker to have knowledge of the target private network address and the addresses for at least two existing clients connected to the private network. This advisory demonstrates a proof-of-concept exploit that injects a packet into a private network.

Zerotier promptly addressed the root server identity verification issues. This attack is still possible (as of 20/09/2021); however, an attacker is required to invest significant compute time (many many years with a single RTX2070) to generate a valid identity that collides with an intended target. Zerotier client’s still accept any identity learned via WHOIS packet as implicitly valid.
looks like unnecessary FUD to me. The Zerotier team is patching and good security practices and firewall rules still solve this.
MTCNA, MTCRE
 
sbr
just joined
Posts: 12
Joined: Thu Dec 03, 2009 10:38 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 23, 2021 7:53 pm

Hi
I'm trying to connect L2TP over IP SEC over ZeroTier network but its not working.

Have anybody got i working?


/Sten
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 23, 2021 7:57 pm

Hi
I'm trying to connect L2TP over IP SEC over ZeroTier network but its not working.

Have anybody got i working?


/Sten
really no idea why you would do this, but it's almost certainly an MTU issue.
 
aanset
just joined
Posts: 3
Joined: Tue Dec 05, 2017 6:16 am

Re: ZeroTier added to RouterOS v7.1rc2

Fri Sep 24, 2021 11:15 am

We are happy to announce ZeroTier support for ARM architectures with enough space*.

RC2 package available here:
https://box.mikrotik.com/f/c9a303113884413bbdca/?dl=1

But from the next v7.1 release, it will be included in the release system (all packages ZIP archive).

To join a Zerotier network, it is as simple as this:
[normis@Home] /zerotier/interface> add network=YYYYYYYYY instance=zt1
[normis@Home] /zerotier>enable zt1
ZeroTier documentation can be found here: https://zerotier.atlassian.net/wiki/spa ... h+ZeroTier

Devices that support this feature:

RB4011
RB3011
RB1100AHx4
RB450Gx4
Audience
hAP ac³ (non LTE)
Just came in to say. Awesome. Can't wait to release on the stable version and more arch supported.
 
nbctcp
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Tue Sep 16, 2014 7:32 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 27, 2021 5:10 pm

1. let say my office has fast ISP1, but my home has slow ISP2. I want all my home traffic routed thru office ISP1. is that possible
2. what I understand every devices need to install zerotier client. Since Mikrotik has zerotier app.
Is that possible every client behind Mikrotik gateway at home could connect to every device behind Mikrotik gateway at office. So that no need to install zerotier client on every devices
tq
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 27, 2021 5:38 pm

1. let say my office has fast ISP1, but my home has slow ISP2. I want all my home traffic routed thru office ISP1. is that possible
2. what I understand every devices need to install zerotier client. Since Mikrotik has zerotier app.
Is that possible every client behind Mikrotik gateway at home could connect to every device behind Mikrotik gateway at office. So that no need to install zerotier client on every devices
tq
1) yes but you need to handle routing that through the zt tunnel manually

2) zerotier can be installed just on the routers and then standard routes added over it manually, or you can distribute routes within zerotier to do split routing. very flexible.
 
strasharo
just joined
Posts: 2
Joined: Fri Dec 08, 2017 7:56 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 27, 2021 6:30 pm

Will this work on hAP ac lite in the future?
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Mon Sep 27, 2021 6:32 pm

Will this work on hAP ac lite in the future?
They said it would be on all architectures, and it's a small package so I'd say chances are good.
 
fredgr
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Sat Jun 11, 2011 12:48 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 29, 2021 7:22 pm

I have successfully linked two remote LANs via Zerotier on both Mikrotik routers.

I can ping MacBooks over the link.

However Apple's Bonjour mDNS does not show remote MacBooks in the list of my network devices in Finder.

Do I need to add special configuration for it ?

If I install ZeroTier on each MacBook instead of on the routers, then Bonjour mDNS functions perfectly, and I see other computers and their shared directories.
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 29, 2021 7:34 pm

I have successfully linked two remote LANs via Zerotier on both Mikrotik routers.

I can ping MacBooks over the link.

However Apple's Bonjour mDNS does not show remote MacBooks in the list of my network devices in Finder.

Do I need to add special configuration for it ?

If I install ZeroTier on each MacBook instead of on the routers, then Bonjour mDNS functions perfectly, and I see other computers and their shared directories.
Bonjour only works on a Layer2 domain, you'd have to bridge the zt and lan ports on the mikrotiks.
 
fredgr
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Sat Jun 11, 2011 12:48 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Sep 29, 2021 7:37 pm

thanks any hints for doing that ? on WinBox i do not see any zt interface to link on the main bridge thanks
 
User avatar
satman1w
Member Candidate
Member Candidate
Posts: 210
Joined: Mon Oct 02, 2006 11:47 am

Re: ZeroTier added to RouterOS v7rc2

Thu Sep 30, 2021 11:09 am

NO THANKS!
I will manage my VPNs on my own, don't need and don't want any external service for that.
Wireguard is working perfectly, thank you for that. OpenVPN is still working as it used to for years (slow but reliable).

BTW, instead of adding random mostly useless stuff, why first don't make usefull packages that were in v6, like APC UPS?

Thank you!
Siniša, "svaka ti dala"! Potpuno si u pravu!

Osim što cijela stvar ide preko posrednika još je i sporo do beskraja, tako da.... besmislica..

Živio
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8678
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 30, 2021 12:57 pm

any hints for doing that ? on WinBox i do not see any zt interface to link on the main bridge thanks
Use Terminal
/interface bridge port add bridge=your_bridge interface=zerotier1
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
fredgr
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Sat Jun 11, 2011 12:48 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Sep 30, 2021 12:58 pm

Thanks a lot, but the moment i add these rules on both routers, the pinging of PC's between LANs stop working !
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8678
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 01, 2021 1:31 am

Probably because now you're bridging, not routing?..
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
fredgr
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Sat Jun 11, 2011 12:48 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 01, 2021 1:39 am

I am bridging all the interfaces and the zerotier :
/interface/bridge/port/print 
Flags: I - INACTIVE; H - HW-OFFLOAD
Columns: INTERFACE, BRIDGE, HW, PVID, PRIORITY, PATH-COST, INTERNAL-PATH-COST, H>
 #    INTERFACE  BRIDGE  HW   PVID  PRIORITY  PATH-COST  IN  HORIZON
;;; defconf
 0  H ether2     bridge  yes     1  0x80             10  10  none   
;;; defconf
 1  H ether3     bridge  yes     1  0x80             10  10  none   
;;; defconf
 2  H ether4     bridge  yes     1  0x80             10  10  none   
;;; defconf
 3  H ether5     bridge  yes     1  0x80             10  10  none   
;;; defconf
 4  H ether6     bridge  yes     1  0x80             10  10  none   
;;; defconf
 5  H ether7     bridge  yes     1  0x80             10  10  none   
;;; defconf
 6  H ether8     bridge  yes     1  0x80             10  10  none   
;;; defconf
 7  H ether9     bridge  yes     1  0x80             10  10  none   
;;; defconf
 8 IH ether10    bridge  yes     1  0x80             10  10  none   
;;; defconf
 9 I  sfp1       bridge  yes     1  0x80             10  10  none   
10    zerotier1  bridge          1  0x80             10  10  none   
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8678
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 01, 2021 6:43 pm

And what do you call "LANs"?
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
fredgr
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Sat Jun 11, 2011 12:48 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 01, 2021 6:47 pm

my MT routers manage: LAN 10.1.0.0/16 and the other one 10.2.0.0/16

With Zerotier on both routers, i ping all the machines from all LANs to all LANs

But Bonjour protocol does not work over the ZT link as i do not see the remote machines in the Network section of Finder

If i bridge the zerotier1 interface to the bridge on both MT, it becomes erratic. The ping over ZT work on and off, and then off, and Bonjour is definitely not showing.
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 01, 2021 7:21 pm

my MT routers manage: LAN 10.1.0.0/16 and the other one 10.2.0.0/16

With Zerotier on both routers, i ping all the machines from all LANs to all LANs

But Bonjour protocol does not work over the ZT link as i do not see the remote machines in the Network section of Finder

If i bridge the zerotier1 interface to the bridge on both MT, it becomes erratic. The ping over ZT work on and off, and then off, and Bonjour is definitely not showing.
This is exactly what should happen. If you bridge, you're not routing any more.

You cannot do Bonjour over two separate networks like this, only on a single broadcast domain. You can EITHER router with two separate networks, OR bridge the two sites together. Not both.
 
fredgr
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Sat Jun 11, 2011 12:48 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 01, 2021 7:51 pm

Fine, thanks, so how would you configure the two remote LANS so that Bonjour protocol works over ZT ? 😊
 
syadnom
Long time Member
Long time Member
Posts: 638
Joined: Thu Jan 27, 2011 7:29 am

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 01, 2021 8:45 pm

Fine, thanks, so how would you configure the two remote LANS so that Bonjour protocol works over ZT ? 😊
You wouldn't.... This isn't what bonjour was made for so it's something that just doesn't work well. Put zt on individual machines connecting to a network if that's what you want to do.

If you insist, it's a mess. You need to fully bridge the networks and then block DHCP requests and do ARP proxy and other messy things. It's a bad idea.
 
fredgr
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Sat Jun 11, 2011 12:48 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 01, 2021 8:47 pm

yes that is what i thought. indeed installing ZT on each machine works like a charm with bonjour

so i give up about my idea to install it over LANs. 😊
 
ovidiuvio
just joined
Posts: 1
Joined: Sat Oct 02, 2021 2:44 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sat Oct 02, 2021 2:45 pm

Hi,

I am looking to buy 2x CCR2004-1G-12S+2XS to use with ZeroTier.

Does anyone know if ZeroTier is available on those ?

Thank you
 
sbr
just joined
Posts: 12
Joined: Thu Dec 03, 2009 10:38 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Oct 04, 2021 8:46 pm

Hi
I'm trying to connect L2TP over IP SEC over ZeroTier network but its not working.

Have anybody got i working?


/Sten
really no idea why you would do this, but it's almost certainly an MTU issue.
I wanna run vpn to a double nated mikrotik
 
embarkadero
just joined
Posts: 1
Joined: Fri Oct 08, 2021 3:26 am

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 08, 2021 3:28 am

Does RB5009UG new router supports zerotier??
Thanks
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Oct 08, 2021 5:35 am

Not willing to put 7.x Router OS on my router...

I do have that Audience I tried running the new WiFi drivers on...

Defaulted the unit.
Updated to 7.1rc4
Bridged all interfaces.
Added a DHCP-CLIENT
Added the Zeroteir package.

Set Zeroteir to match the same subnet as my main network. Added the Zeroteir interface to the bridge... Resulted in 2 IPs in the same subnet on the bridge.

After a few tries I got the laptop and the Audience to both show up.

Removed laptop from the wifi and put it on a cellular hotspot.

Activated Zeroteir... Waited for it to show as online in the dashboard...

Opened the Sonos APP.

Connected right away.

Wow. For 10 years I have not been able to discover things when in Mikrotik VPNs. Suddenly I am connected to a device behind a router... And I have full view of the network.

Have to do some more work to make sure I get the settings the best I can.

But wow!
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
kehrlein
newbie
Posts: 32
Joined: Tue Jul 09, 2019 1:35 am
Location: Munich, Germany
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sat Oct 09, 2021 3:58 pm

Does RB5009UG new router supports zerotier??
Yes. RB5009UG needs RouterOS v7.x and since v7.1rc2 ZeroTier ist available.
 
User avatar
kehrlein
newbie
Posts: 32
Joined: Tue Jul 09, 2019 1:35 am
Location: Munich, Germany
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sat Oct 09, 2021 4:00 pm

I am looking to buy 2x CCR2004-1G-12S+2XS to use with ZeroTier.

Does anyone know if ZeroTier is available on those ?
Yes, if you're installing RouterOS v7.1rc2 or newer.
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sat Oct 09, 2021 6:04 pm

Has anyone been able to get ZeroTier provisioned IPv6 addressing to work? I have tried with both my own controller and the ZT cloud controller. It appears to not work yet, but I don't want to assume I am doing it correctly since it is still RC.


[buraglio@rb450Gx4v7] /ipv6/address> /system/package/print
Columns: NAME, VERSION
# NAME          VERSION
0 calea         7.1rc4
1 container     7.1rc4
2 user-manager  7.1rc4
3 zerotier      7.1rc4
4 routeros      7.1rc4

[buraglio@rb450Gx4v7] /ipv6/address> /system/routerboard/print
       routerboard: yes
             model: RB450Gx4
     ...
     firmware-type: ipq4000
  factory-firmware: 6.46.8
  current-firmware: 7.1rc4
  upgrade-firmware: 7.1rc4
ForwardingPlane, LLC
https://www.forwardingplane.net
 
upower3
Member
Member
Posts: 418
Joined: Thu May 07, 2015 11:46 am

Re: ZeroTier added to RouterOS v7.1rc2

Sat Oct 09, 2021 11:52 pm

Am I get that right, no support in CHRs, right?
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Oct 10, 2021 12:36 am

Am I get that right, no support in CHRs, right?
As of now... Correct.

Check extra packages.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Hvalencia
just joined
Posts: 1
Joined: Fri Sep 15, 2017 8:05 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Oct 12, 2021 10:35 pm

Hello Guys,

What is the procedure for connect to ZeroTier custom controller?

Regards,
Humberto Valencia Toxqui
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sun Oct 17, 2021 7:30 pm

Hello Guys,

What is the procedure for connect to ZeroTier custom controller?

Regards,
Humberto Valencia Toxqui
The procedure is no different. Once you build a cuustom controller it operates like any other. I have my test Mikrotik connected to ZeroTier networks from both the ZT cloud service as well as a private on-prem controller.
This is a really easy start for running your own or a good base to build your own custom ZT controller https://key-networks.com/ztncui/
ForwardingPlane, LLC
https://www.forwardingplane.net
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Oct 20, 2021 3:44 pm

So far:
Has worked on the primary router behind Starlink.
Has worked on a CAP at an install.
Has worked on a hap AC2 configured as a DHCP-Client and bridge.

Pretty impressed.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
laurinkus
Member Candidate
Member Candidate
Posts: 105
Joined: Thu Aug 31, 2006 5:05 pm
Location: Europe

Re: ZeroTier added to RouterOS v7.1rc2

Sun Oct 24, 2021 9:27 am

Does it work on HEx S?

Can it be used behind NAT?

Do you have plans building/publishing X86 Zerotier package? I'd like to run it on RouterOS CHR.


Thanks!
 
rutman286
newbie
Posts: 27
Joined: Sat Oct 29, 2011 9:18 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sat Oct 30, 2021 7:21 pm

I registered and came on here just to say thank you for this! This is a very helpful remote management scenario. Easy setup, rock solid and stable.
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sat Oct 30, 2021 7:35 pm

Has anyone seen the behavior where the networks are stuck in status="REQUESTING_CONFIGURATION"? This worked for me for a while on 7.1RC4, but seems to be totally stuck now for whatever reason. I have not upgraded to RC5 and verified that the ZT networks do actually work.
ForwardingPlane, LLC
https://www.forwardingplane.net
 
buraglio
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Mon Aug 10, 2015 5:59 pm
Location: +1 (217)
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sat Oct 30, 2021 7:48 pm

Has anyone seen the behavior where the networks are stuck in status="REQUESTING_CONFIGURATION"? This worked for me for a while on 7.1RC4, but seems to be totally stuck now for whatever reason. I have not upgraded to RC5 and verified that the ZT networks do actually work.
Upgrading to RC5 seems to have resolved this stuck in REQUESTING_CONFIGURATION state. FWIW, Assigned v6 addresses still missing. Happy to keep testing - having ZeroTier is game changing, thanks!
ForwardingPlane, LLC
https://www.forwardingplane.net
 
deanfourie
just joined
Posts: 2
Joined: Tue Dec 03, 2019 1:37 am

Re: ZeroTier added to RouterOS v7.1rc2

Mon Nov 01, 2021 12:53 pm

Any chance of me getting this on my trusty old RB951-2n?
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Nov 01, 2021 3:39 pm

Any chance of me getting this on my trusty old RB951-2n?
Arm Only For now.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 1571
Joined: Fri Aug 10, 2012 6:46 am
Location: Denver, CO USA
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Mon Nov 01, 2021 3:44 pm

FWIW, Assigned v6 addresses still missing. Happy to keep testing - having ZeroTier is game changing, thanks!
I'm anxiously waiting for controller assigned IPv6 addressing as well :)
Global - MikroTik Support & Consulting - English | Español | Serbian | Danish +1 855-645-7684
https://iparchitechs.com/ecosystem/mikr ... consulting mikrotiksupport@iparchitechs.com
 
gam2046
just joined
Posts: 4
Joined: Mon Nov 02, 2020 12:34 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 02, 2021 3:15 am

This is very exciting. Are there any plans to support CHR version of RouterOS
 
bruins0437
newbie
Posts: 28
Joined: Thu Jul 13, 2017 4:30 am
Location: New Hampshire

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 02, 2021 3:54 am

Looking forward to this on Cloud Core routers!
 
leonismac
just joined
Posts: 3
Joined: Mon Sep 17, 2018 9:27 am

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 02, 2021 2:54 pm

Hello ,
I am trying to install the package and I get the following error:

Image

I am trying to install this on a RB4011 with 6.49 version.

Thanks in advance
 
mkx
Forum Guru
Forum Guru
Posts: 7697
Joined: Thu Mar 03, 2016 10:23 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 02, 2021 3:33 pm

zerotier package did not exist before 7.1rc2 ... if you want to use zerotier, then you have to upgrade your device at least to ROS v7.1rc2 ... beware it's an experimental (release-candidate) version and things may break.
BR,
Metod
 
g1ftb4sk3t
just joined
Posts: 4
Joined: Thu Feb 07, 2019 10:48 pm

Re: ZeroTier added to RouterOS v7rc2

Tue Nov 02, 2021 6:26 pm



... :lol: totally missed that....too excited...OK, will have to take some time to consider how desperate I am ;-)
My Rb4011s have an Arm32 inside though? are some not this way? Mine has the Cortex A-15 tbc
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Nov 03, 2021 12:21 am

Hello ,
I am trying to install the package and I get the following error:

Image

I am trying to install this on a RB4011 with 6.49 version.

Thanks in advance
Gotta go up to 7.x Router OS
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
proximer
just joined
Posts: 1
Joined: Thu Nov 04, 2021 2:04 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Nov 04, 2021 2:11 pm

Hi, I've got hAP ac3 with ZeroTier package installed OK and online.
I'm now trying to create port forwarding rule. What I need is:
- Be able to forward incomming traffic on UDP port 47808 (#BAC0) to a BACnet controller on IP 192.168.88.253

So my MikroTik router's DHCP Client IP is 192.168.8.45/24
the ZeroTier IP for that router is 192.168.196.231
The BACnet controller behind my router is 192.168.88.253

Could someone shed some light on how to achieve this or maybe direct me to some resources that will explain further please?
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Nov 04, 2021 3:50 pm

Upgraded from RouterOS v7.1rc4 to 7.1rc5 via winbox packages. Zerotier upgraded to 1.6.6.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
artie11
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sun Feb 20, 2011 12:08 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Nov 07, 2021 3:20 am

Would be really useful to get the CHR version for testing... Don't have an ARM device spare to use.
Just want to play with ZeroTier on Mikrotik.
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Nov 07, 2021 3:08 pm

Is the fact, that i can see zerotier1 interface only in CLI and not in Winbox and that adding firewall rules shows "unknown" under In.Interface normal? The device is Ac2 and apparently acess to device through zerotier works.
 
User avatar
boxybh
just joined
Posts: 22
Joined: Sat Jul 29, 2017 11:16 am

Re: ZeroTier added to RouterOS v7.1rc2

Sun Nov 07, 2021 5:38 pm

I can see mipps ubiquity already has this , why not Mikrotik

i had a router lying around 1043nd of tplink did openwrt and installed zerotier. this was a year ago.


https://zerotier.atlassian.net/wiki/spa ... ti+Routers
We are happy to announce ZeroTier support for ARM architectures with enough space*.

RC2 package available here:
https://box.mikrotik.com/f/c9a303113884413bbdca/?dl=1

But from the next v7.1 release, it will be included in the release system (all packages ZIP archive).

To join a Zerotier network, it is as simple as this:
[normis@Home] /zerotier/interface> add network=YYYYYYYYY instance=zt1
[normis@Home] /zerotier>enable zt1
ZeroTier documentation can be found here: https://zerotier.atlassian.net/wiki/spa ... h+ZeroTier

Devices that support this feature:

RB4011
RB3011
RB1100AHx4
RB450Gx4
Audience
hAP ac³ (non LTE)
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Nov 07, 2021 10:49 pm

Is the fact, that i can see zerotier1 interface only in CLI and not in Winbox and that adding firewall rules shows "unknown" under In.Interface normal? The device is Ac2 and apparently acess to device through zerotier works.
Yup... That's been my experience.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
benoitc
Frequent Visitor
Frequent Visitor
Posts: 97
Joined: Wed Jul 08, 2020 12:33 am

Re: ZeroTier added to RouterOS v7rc2

Sun Nov 21, 2021 1:41 pm

I will manage my VPNs on my own, don't need and don't want any external service for that.
It is possible (and fairly easy) to run your own ZeroTier One controllers and use that to manage your own ZeroTier networks.
There's even an open-source web interface (that mimics my.zerotier.com) somewhere on GitHub.
That way you don't have to rely on an "external service" and can still enjoy all (or at least most) ZeroTier awesome features.
but how to point zerotier local conf ro it in the mikrotik router?
 
User avatar
CTassisF
just joined
Posts: 20
Joined: Thu Jun 11, 2020 10:26 pm
Location: São Paulo, Brazil
Contact:

Re: ZeroTier added to RouterOS v7rc2

Sun Nov 21, 2021 4:01 pm

but how to point zerotier local conf ro it in the mikrotik router?

You don't have to change local.conf to be able to run your own controllers.

When you create a network in a controller, the network ID already contains the ZeroTier address of controller[1]. That way your peers can find the controller in the ZeroTier world using the already provided ZeroTier root servers for peer discovery[2].

If you don't want to rely entirely on ZeroTier's root servers you can run your own Private Root Servers (aka Moons)[3]. This step is optional even if you're running your own ZeroTier controllers, but may be necessary in some cases. In any case it is not possible to "orbit moons" using ZeroTier for MikroTik yet.

[1] https://docs.zerotier.com/zerotier/manu ... name2_2_1a
[2] https://docs.zerotier.com/zerotier/manu ... name2_1_1a
[3] https://docs.zerotier.com/zerotier/moons
 
rami344
just joined
Posts: 8
Joined: Sun Nov 21, 2021 8:20 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Nov 22, 2021 10:18 pm

I have got hAP mikrotik model , but i am confusing about the configuration with zerotier and lan network .

network A
laptop -zerotier client IP : 10.147.20.133
-------
network B
modem 192.168.1.1
i did quick setup in mikrotik as following :
mikrotik Wan 192.168.1.10 (with zerotier client installed on it : 10.147.20.135)
mikrotik Lan 192.168.2.10
(switch in the middle)
PC 1 Lan : 192.168.1.20 ( no internet should be available only local and no zerotier client)
PC 2 Lan : 192.168.1.30 ( no internet should be available only local and no zerotier client )
PC 3 Lan : 192.168.1.40 ( no internet should be available only local and no zerotier client )

-----------------------------------

what i need now is this :
from the laptop in network A i want to access files or RDP of any PC in network B
i dont want mikrotik to give internet to the PCs ,just acting as switch to allow me to access any device in the network B
i can manage zerotier routing in the zerotier console portal no problem ,it is working fine with linux debian .
but with mikrotik i am new to this OS i dont know what to do : ???

to make it clear for you : i need to :

setup ether 1 to be internet connection for only zerotier client (to be online ) then
setup ether 2 to be as switch port connected directly (by cable ) to the main switch of the office to reach all devices in LAN network with the same ip range 192.168.1.0/24
then setup zerotier interface to route traffic through ether 2 port to be able to reach any device in Lan network within range 192.168.1.0/24

confusing ??? right ? sorry guys
Last edited by rami344 on Tue Nov 23, 2021 7:33 pm, edited 2 times in total.
 
artie11
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sun Feb 20, 2011 12:08 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 23, 2021 1:08 am

Finally found a device we had that supported it, Tried it and had a working VPN->Private network bridge in less than 10 minutes!
Amazing and very fast.

Any word on Progress for other architectures?
I'd really love to see this on CHRs for VPN to Private Infrastructure, Sick of opening ports up to make a new target for hackers
 
rami344
just joined
Posts: 8
Joined: Sun Nov 21, 2021 8:20 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 23, 2021 7:13 pm

Finally found a device we had that supported it, Tried it and had a working VPN->Private network bridge in less than 10 minutes!
Amazing and very fast.

Any word on Progress for other architectures?
I'd really love to see this on CHRs for VPN to Private Infrastructure, Sick of opening ports up to make a new target for hackers
well done and congratulation !!

can you plz help me to do that by reading my post above to know what i need .I have been working with zerotier for 5 years on linux distros ,but planning to move to mikrotik they say faster and easier but i am new to mikrotik os and i already got my own mikrotik router.
 
plisken
Forum Guru
Forum Guru
Posts: 2523
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: ZeroTier added to RouterOS v7rc2

Fri Nov 26, 2021 1:29 pm

Why not, you can install iPhone Zerotier client and then join your home LAN with this.
Is zerotier safe? how works zerotier?
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Nov 26, 2021 1:48 pm

You should realy start here: https://www.zerotier.com/

It work's ok and it's safe.
 
cmartin
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Wed Nov 07, 2007 7:04 pm
Location: Plzeň, Czech Republic

Re: ZeroTier added to RouterOS v7.1rc2

Mon Nov 29, 2021 11:17 am

Hello,
I would like to appeal to RouterOS developers: gentlemen, please make zerotierX interface to appear in winbox between interfaces, it would be more comfortable to have it there.
More and more I use this feature, I like it. Good choice to include it to RouterOS!
 
nikc
Member Candidate
Member Candidate
Posts: 204
Joined: Wed Jul 13, 2016 6:05 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 30, 2021 7:41 pm

Is it possible to use the ZT instance on the MT device as a bridge between the local LAN and ZT ?

Like you can with a linux device for example.
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 30, 2021 8:00 pm

I'm using it like that if i understood you correctly. I have ZT instance running on one of the acess points in the network and this gives me acces to my whole ZT network through it.
 
nikc
Member Candidate
Member Candidate
Posts: 204
Joined: Wed Jul 13, 2016 6:05 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 30, 2021 9:52 pm

Did you have to add any specific routes or firewall/NAT rules to make it work ?

I have a route into a site and i can ping the not ZT ip of the device running ZT, but any other device on the LAN is not available.
 
m782
just joined
Posts: 1
Joined: Thu Apr 08, 2021 6:15 pm
Location: Jakarta

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 30, 2021 11:23 pm

is the extra package zerotier on CHR or x86 V7.1rc7 not available yet?
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Nov 30, 2021 11:41 pm

I'm using it to get to zerotier network from my home network. You would probably like exactly the opposite, to get to internal network from the zerotier? I don't know exactly how to set this up.
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 01, 2021 3:37 pm

Did you have to add any specific routes or firewall/NAT rules to make it work ?

I have a route into a site and i can ping the not ZT ip of the device running ZT, but any other device on the LAN is not available.
You need to set up routes AT ZEROTIER.

For example...
I have zerotier running on the router our field tech uses. When he plugs it into a customer's network... it shows up as online. I connect with Winbox and can see what sort of network the hap AC has been placed in. Like a typical 192.168.1.0/24.

I then log into my zerotier account and add a route to that subnet using my routers IP as the gateway.

I can then reach into that network.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
artie11
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sun Feb 20, 2011 12:08 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 02, 2021 2:02 am

what i need now is this :
from the laptop in network A i want to access files or RDP of any PC in network B
i dont want mikrotik to give internet to the PCs ,just acting as switch to allow me to access any device in the network B
i can manage zerotier routing in the zerotier console portal no problem ,it is working fine with linux debian .
You need to add a NAT Masquerade on the Mikrotik
SrcAddr = 10.147.20.0/24 -> DstAddr = 192.168.2.0/24, Masquerade

Which will turn your 10.147 Packets into a local IP that the devices can understand, They will then reply back to the tik who is using it's IP for the Masquerade

You need to put in the 192.168.2.0/24 Route on ZeroTier to your Mikrotik Device... But that's it...
 
usern
just joined
Posts: 6
Joined: Sat May 30, 2020 2:37 am

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 03, 2021 7:10 pm

I was having difficulty installing zerotier package. I downloaded it from mikrotik.com and uploaded .npk file to RouterOS 7.1 device, but there is no clear instructions how to install it. Turns out only reboot is necessary.
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 03, 2021 11:43 pm

I was having difficulty installing zerotier package. I downloaded it from mikrotik.com and uploaded .npk file to RouterOS 7.1 device, but there is no clear instructions how to install it. Turns out only reboot is necessary.
Put it in files.
Reboot.
Locate it in packages.
Enable
Reboot
Then it should be installed
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
KrzysztofJ
just joined
Posts: 1
Joined: Sun Dec 05, 2021 10:13 am

Re: ZeroTier added to RouterOS v7.1rc2

Sun Dec 05, 2021 10:37 am

Hi, I've a problem with access to device in LAN network behind router with ZeroTier.

Scenario:
[Internet] --------- (ether1/DHCP client) [ MikrotTik with ZeroTier ] (ether3 172.16.20.20/24) ------- (172.16.20.21/24)[LAN device]
|
[PC with ZeroTier]

What I do:
1. Reset configuration of router
2. Set DHCP client on ether1
2. Set IP address of LAN network on ether3 (172.16.20.20/24)
3. Add ZeroTier to my network an enable zt1 and zeroteir1
4. Set routing on ZeroTier web page

Now from PC I can ping 172.16.20.20 but can't ping 172.16.20.21

I've set the bridge between zerotier1 and ether3 but then I can't ping 172.16.20.20 and 172.16.20.21.
If I set a bridge with ehter1 Zerotier lost connection with internet.

How is right way to get access to devices in LAN network behind router with zerotier?
 
Jarek9008
just joined
Posts: 12
Joined: Sun Dec 05, 2021 12:38 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Dec 05, 2021 12:53 pm

Hi all,

I want to ask You to solve my issue - I want to have access to my home network (where is Chateau 12 - ex. 172.16.0.0/24) from my mobile phone (Android) using ZeroTier - ex. 10.11.12.0/24. What kind of rules I must to add to Mikrotik to make it work well?
 
rami344
just joined
Posts: 8
Joined: Sun Nov 21, 2021 8:20 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Dec 05, 2021 9:08 pm

thanks bro for explaining

plz correct me if i am wrong :

first i have started over (mikrotik formatted ) >>> (main DSL router ip:172.16.16.1)

then quick set > static
wan ip : 172.16.16.2 default gatway :172.16.16.1
then >
Lan ip :192.168.2.1 (i have chosen this ip to make mikrotik to be a part of my lan network because my local ip range for pcs start from 192.168.2.100-254 )
DHCP server = unchecked
bridge all lan ports = unchecked
Nat =unchecked
upnp =unchecked

then installed required pkg (zerotier with setup and got status : ok )

then > followed your instructions
after that i plugged in an ethernet cable from port 2 on mikrotik to the main switch of the network .

is above configuration correct for what i want ? or i need some kind of rules or bridging etc to let this router acting as any device in the network Not for internet connection )
sorry man i am new to this router
Last edited by rami344 on Sun Dec 05, 2021 9:44 pm, edited 2 times in total.
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Dec 05, 2021 9:25 pm

Well, from the data you provided it seem's that you have a double NAT configuration. Your modem already work's as a router and it provides your Mikrotik with internal IP adress (not public IP). Usualy this isn't realy desired situation. Also, where is your current DHCP server for LAN network?
 
rami344
just joined
Posts: 8
Joined: Sun Nov 21, 2021 8:20 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Dec 05, 2021 9:48 pm

Well, from the data you provided it seem's that you have a double NAT configuration. Your modem already work's as a router and it provides your Mikrotik with internal IP adress (not public IP). Usualy this isn't realy desired situation. Also, where is your current DHCP server for LAN network?
sorry mistake i mean (main DSL router ip:172.16.16.1)

i disabled dhcp server because i do not want mikrotik to act as internet provider for offline Pcs on my lan .
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Dec 05, 2021 10:04 pm

That doesn't realy change anything. So you actualy wan't to use Mikrotik as just another device on your network, no routing functions or anything?
 
User avatar
smyers119
Member Candidate
Member Candidate
Posts: 170
Joined: Sat Feb 27, 2021 8:16 pm
Location: USA

Re: ZeroTier added to RouterOS v7.1rc2

Mon Dec 06, 2021 9:52 pm

@Normis

Please see this thread in reference to possible bug introduced when using zerotier.
viewtopic.php?t=180919

Also if someone else in this thread can confirm the problem, that would be great as well.
 
rami344
just joined
Posts: 8
Joined: Sun Nov 21, 2021 8:20 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 07, 2021 6:11 pm

That doesn't realy change anything. So you actualy wan't to use Mikrotik as just another device on your network, no routing functions or anything?
nothing at all except WAN for just allowing internet connection for zerotier client inside mikrotik and lan only to expose LAN devices . we bought mikrotik board specially for zerotier service.
we plane to move from MPLS service (provided by ISP ) to zerotier becoz mpls quite expansive .
 
Jarek9008
just joined
Posts: 12
Joined: Sun Dec 05, 2021 12:38 pm

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 07, 2021 11:51 pm

Hi,

Can You explain me how to remove interface zerotier1? I added 2nd zerotier network and now in /zerotier/interface print I see two networks - zerotier 1 and zerotier 2.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 08, 2021 7:59 pm

Anyone else done speedtests wireguard vs zerotier.
(for the case of client using servers internet connection for internet).

Nice video.....
https://www.youtube.com/watch?v=eFI59jJ2MM8
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
proemptor
just joined
Posts: 1
Joined: Tue Dec 07, 2021 8:12 pm
Location: Budapest, Hungary

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 08, 2021 8:31 pm

Thank you Normis.
Interesting combo of HW and SD WAN, should be developed with IPCEI CIS funds...
 
artie11
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sun Feb 20, 2011 12:08 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 08, 2021 11:52 pm

For those having routing issues with ZeroTier, It would be advantageous to understand routing and NAT normally first,

Perhaps try creating your network using normal ethernet ports on the tik first and test it there... as I would say most of your issues stem from Return Path issues, packets not knowing how to get back to the original computer... That is either Routes, or NAT... You should have a basic understanding of what they're doing.
 
User avatar
vlarsen
just joined
Posts: 10
Joined: Thu Jul 11, 2019 11:13 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 09, 2021 12:14 am

Hi,

Can You explain me how to remove interface zerotier1? I added 2nd zerotier network and now in /zerotier/interface print I see two networks - zerotier 1 and zerotier 2.
/zerotier>disable zt1
/zerotier/interface/ remove zerotier1
 
User avatar
deadkat
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sun Nov 15, 2020 11:14 pm
Location: Alabama, USA

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 09, 2021 5:02 pm

are we missing an 'allow-dns' option for ZT or is it just me?
MTCNA, MTCRE
 
Zacharias
Forum Guru
Forum Guru
Posts: 3290
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 09, 2021 7:16 pm

Anyone else done speedtests wireguard vs zerotier.
(for the case of client using servers internet connection for internet).

Nice video.....
https://www.youtube.com/watch?v=eFI59jJ2MM8
I 'll have a look since you suggest it...
 
aleavg
just joined
Posts: 1
Joined: Tue Sep 03, 2019 3:18 am

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 10, 2021 2:30 am

Anyone knows if ZeroTier is available already fo the 750gr3?
 
hyperpaccket
just joined
Posts: 5
Joined: Mon Mar 06, 2017 6:10 am

Re: ZeroTier added to RouterOS v7.1rc2

Sat Dec 11, 2021 8:57 am

Anyone knows if ZeroTier is available already fo the 750gr3?
As far as it seems its ARM devices only. 750GR3 is mmips.

Can't wait for it to release for 750GR3 and CHR. I have hundreds of both in use.
 
rud1r055
just joined
Posts: 2
Joined: Sun Aug 02, 2020 10:27 am

Re: ZeroTier added to RouterOS v7.1rc2

Sat Dec 11, 2021 5:38 pm

I am experimenting with ZT on a hap ac2 with a vlan aware setup. My goals:
  • The ZT interface to be part of the bridge and
  • The traffic coming through the ZT interface getting an appropriate vlan tag.
But as I want to make use of hardware offloading, the vlan stuff is handled by the switch and the bridge cannot be vlan aware. (For the wireless interfaces I can get the vlan tags using the vlan-mode and vlan-id properties.)

Does anybody know whether there is a similar setting for ZT interfaces? And if not, is such a setting technically possible?
 
User avatar
vecernik87
Forum Veteran
Forum Veteran
Posts: 858
Joined: Fri Nov 10, 2017 8:19 am

Re: ZeroTier added to RouterOS v7.1rc2

Sun Dec 12, 2021 1:27 pm

Anyone knows if ZeroTier is available already fo the 750gr3?
As far as it seems its ARM devices only. 750GR3 is mmips.

Can't wait for it to release for 750GR3 and CHR. I have hundreds of both in use.
That will be fun to see.. CHR, very likely at some stage. But MMIPS? uhhh... maybe never. Point here is, that ZT uses 3rd party codebase and it may be not available for other than mainstream architectures. I really want to see how this turns out, because until now, RouterOS offered all features on all devices. (obviously, no wifi on non-wifi models)
If you find me posting too many replies, I am either procrastinating on some really important task, or just drunk. Roll D20 to find out which one it is.
 
User avatar
siscom
Member Candidate
Member Candidate
Posts: 188
Joined: Tue May 26, 2009 6:37 pm
Location: Malta, EU.

Re: ZeroTier added to RouterOS v7.1rc2

Mon Dec 13, 2021 12:53 pm

Hi,

Any idea when (or if at all) ZeroTier shall be available for the CCR range (Eg CCR1036) running on TILE?

Rgds,
M
 
plisken
Forum Guru
Forum Guru
Posts: 2523
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 9:49 am

I have a problem with ZeroTier.
In the wiki are two firewall rules and the in-interface=zerotier1
This interface zerotier1 cannot be found and in place the interface zerotier1 it switches to ether1
What can I do to allow Zerotier traffic?
Is this a bug?
thanks
 
Rox169
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Sat Sep 04, 2021 1:47 am

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 10:48 am

Use this wiki..it could not be easier....

https://help.mikrotik.com/docs/display/ROS/ZeroTier

in terminal write:
/ip firewall filter> add action=accept chain=forward in-interface=zerotier1 place-before=0
/ip firewall filter> add action=accept chain=input in-interface=zerotier1 place-before=0
 
User avatar
skylark
MikroTik Support
MikroTik Support
Posts: 144
Joined: Wed Feb 10, 2016 3:55 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 11:09 am

I have a problem with ZeroTier.
In the wiki are two firewall rules and the in-interface=zerotier1
This interface zerotier1 cannot be found and in place the interface zerotier1 it switches to ether1
What can I do to allow Zerotier traffic?
Is this a bug?
thanks
Yes, ZeroTier interfaces are not yet supported by Winbox, currently use CLI instead.
 
plisken
Forum Guru
Forum Guru
Posts: 2523
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 11:18 am

Thanks for your quick reply but I did this. But the zerotier interface disappears so that the in-interface zerotier1 cannot be set as in-interface.
I use the CLI
zerotier enable zt1
zerotier/interface add network=...... instance=zt1 and i set the firewall as like the wiki.
If i try to login with ZeroTier it don't work.
If i make a firewall rule input accept it works but that is not what i want.
I want accept input traffic to the zerotier1 interface and not all the interfaces.
I hope you understand me
 
User avatar
skylark
MikroTik Support
MikroTik Support
Posts: 144
Joined: Wed Feb 10, 2016 3:55 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 12:21 pm

Thanks for your quick reply but I did this. But the zerotier interface disappears so that the in-interface zerotier1 cannot be set as in-interface.
I use the CLI
zerotier enable zt1
zerotier/interface add network=...... instance=zt1 and i set the firewall as like the wiki.
If i try to login with ZeroTier it don't work.
If i make a firewall rule input accept it works but that is not what i want.
I want accept input traffic to the zerotier1 interface and not all the interfaces.
I hope you understand me
Give us a configuration example from the CLI, will see what we can suggest or improve in RouterOS.
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 2:18 pm

I don't know if i'm being stupid, but somehow my acess to zerotier network from my LAN devices doesn't work anymore. It worked before, so i'm not sure if it's caused by the upgrade to 7.1 stable or something else.

Everything is set by the manual, there are two firewall rules ZT in firewall and an adress in adresses. I can ping ZT network from the router itself, but not from any device on the LAN. I can also acess my LAN devices from zerotier network if i add route in ZT configuration. I must be missing something small. In route list there is automaticly added Dst. Adress to my zerotier network 192.168.196.0/24 using gateway *172 .

Any sugestions?
 
plisken
Forum Guru
Forum Guru
Posts: 2523
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 2:45 pm

Check your firewall rules again to see if they are correct. It changes interface for me. First they had the in-interafce zerotier1 and then ether1.
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 3:15 pm

I know that. This is normal since there is no support for zerotier in winbox yet. If you check firewall rules in terminal they should be correct. In Winbox you see "unknown".
 
plisken
Forum Guru
Forum Guru
Posts: 2523
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 3:17 pm

Image
This is what I see after a few minutes.
The Zerotier interface is gone and repositioned with ether1 or unknow.
After a reboot the zerotier interface returns but not always.
You do not have the required permissions to view the files attached to this post.
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 3:21 pm

As skylark told you, this is considered as normal for now. What problems to you have with traffic?
 
plisken
Forum Guru
Forum Guru
Posts: 2523
Joined: Sun May 15, 2011 12:24 am
Location: Belgium
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 3:37 pm

Sometimes I can login via Zerotier and sometimes not.
This is definitely a bug in Mikrotik ZeroTier. I consider this not reliable.
There is still work to be done.
 
User avatar
smyers119
Member Candidate
Member Candidate
Posts: 170
Joined: Sat Feb 27, 2021 8:16 pm
Location: USA

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 16, 2021 9:21 pm

Sometimes I can login via Zerotier and sometimes not.
This is definitely a bug in Mikrotik ZeroTier. I consider this not reliable.
There is still work to be done.
I have not had one problem with zerotier. If your on the firewall rule in winbox then you are going to mess the rule up, as zerotier is not supporteds on anything but CLI. To work around this problem for noww add zerotier1 to a interface list and use the interface list in the firewall rules, that way you can mess with the firewall rules all you want in winbox. just don't touch the list now!
 
elbob2002
Member Candidate
Member Candidate
Posts: 148
Joined: Tue May 15, 2018 8:15 pm
Location: Ireland

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 17, 2021 12:40 am

I had issues on the last beta and now again with 7.1 in that Zerotier on my RB3011 becomes unresponsive. Other devices on the same Zerotier network are still contactable.

About every 5 days I need to disable the Zerotier interface on my RB3011 and re-enable it again. However my RB3011 is bridged to my ISP supplied VDSL router and connects using PPPoE. I'm fairly certain now that when DSL drops and resyncs and the RB3011 re-establishes its PPPoE connection the Zerotier interface doesn't automatically reconnect.
RB5009, RB3011UiAS, RB750GR3, CRS328-24P-4S+, CRS125-24G-1S, CRS125-24G-1S-2HnD, 8 x CHR, Chateau LTE12
 
User avatar
smyers119
Member Candidate
Member Candidate
Posts: 170
Joined: Sat Feb 27, 2021 8:16 pm
Location: USA

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 17, 2021 2:33 am

I had issues on the last beta and now again with 7.1 in that Zerotier on my RB3011 becomes unresponsive. Other devices on the same Zerotier network are still contactable.

About every 5 days I need to disable the Zerotier interface on my RB3011 and re-enable it again. However my RB3011 is bridged to my ISP supplied VDSL router and connects using PPPoE. I'm fairly certain now that when DSL drops and resyncs and the RB3011 re-establishes its PPPoE connection the Zerotier interface doesn't automatically reconnect.
That sounds like something you could temporarly fix with a script when pppoe comes up
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 17, 2021 12:12 pm

Everyone who uses Zerotier on Mikrotik, can you acces devices in ZT network from your LAN devices on 7.1? Somehow i can't seem to manage to get this to work.

I can ping ZT network from Mikrotik but only in i don't select interface. If i select bridge as interface, ping stops working. What am i missing?
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 17, 2021 3:06 pm

I have 2 RB3011s running Zerotier.

One 7.1rc4 the other it 7.1.

The RC unit passes ARP discovery to external clients.
The Upgrade 7.1 (Stable) does not.

I can manually enter the mac address into my client and reach the 7.1 unit. But it never shows up as a neighbor in winbox and I can't discover devices on the LAN.

Maybe its the RB3011 and Zerotier 1.6.6?
I have several hAP AC2s with 7.1 and ZT1.6.6 and they discover just fine.

Anyone else see this or have any ideas?

I just added Zerotier to a running hAP AC2 with a very similar config to the 3011s firewall.
ARP and discovery work just fine.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 17, 2021 8:18 pm

I have 2 RB3011s running Zerotier.

One 7.1rc4 the other it 7.1.

The RC unit passes ARP discovery to external clients.
The Upgrade 7.1 (Stable) does not.

I can manually enter the mac address into my client and reach the 7.1 unit. But it never shows up as a neighbor in winbox and I can't discover devices on the LAN.

Maybe its the RB3011 and Zerotier 1.6.6?
I have several hAP AC2s with 7.1 and ZT1.6.6 and they discover just fine.

Anyone else see this or have any ideas?

I just added Zerotier to a running hAP AC2 with a very similar config to the 3011s firewall.
ARP and discovery work just fine.
And, yes, I recall difference in discovery & MAC winbox connection from ~rc4 to 7.1 – what I exactly was going on when, harder to say. I do want to saw L2 winbox connection worked more consistently in the early betas. But in V7.1 discovery has worked well, and L3 connection always has worked in V7... on Audience, wAP ac, hAP ac2 at some point, but no RB3001 to try.

But has not always worked in V7 is L2 MAC-based – I haven't narrowed it down, but do know the pathes the ZT uses (fiber, LTEw/CGNAT, LTEw/staticIP, ZT through IPSec) effect connecting effect this & perhaps the client-side path to ZT might also be involved. Since I also use a Mac with winbox on top of this... Has worried me about calling L2 discovery a ZT bug BUT I suspect there are issues.

Which why I started to think I'm not sure exactly how much is ZeroTier allow to do to figure out it's tunnels out. This post has a very bizarre issue with ARP running afoul with ZT: viewtopic.php?t=180919
Since MT neighbor discovery also uses L2 broadcasts, might be related.

Haven't tried bridging with ZeroTier yet. Already super useful for on V7 devices for only remote access as a plain interface to a specific "Mikrotik Management" ZeroTier network - didn't want to push my luck. But also I'm not clear what should be happening if bridged – while obviously the traffic inside the tunnel should land on the bridge the ZT port is assigned – that's part is easy to understand. BUT, the tunnels ZT establish have a lot of way to tunnel OUT from their spec – some kinda strange & prehaps useful, but also non-standard. Basically seem to use various techniques and probing that go well beyond what a "bridge port" can normally do.
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 17, 2021 8:42 pm

Amm0
I have years and years of per site managed networks.

My switches and WAPs are all locally managed. Which I can reach via VPNs.

However there are other devices on my networks that rely completely on broadcasts. For instance... The lighting vendor we use. Not only discovery but programming requires L2 broadcasts.

Going into the Tiks and setting up EoIP tunnels was my only chance at being able to handle things like that. Short of leaving computers onsite and remote controlling them over TeamViewer... Then we were into a whole nother level of maintenance.

Using a hAP AC2 as a "VPN Concentrator" was likely to become a standard for us.

But since this was a new deployment... Figured... Well maybe it could run on the router. After all it runs just fine on 10 other test sites. But they are 8 hAP AC2s, 1 audience, and the other 3011 with RC4 on it.

So I am pretty sure this might be specific to the 7.1 stable release + RB3011 (maybe others). Short of updating the one 3011 to confirm it, I was hoping to see if anyone else saw this. Before I break something that will require driving a few hours.
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Rox169
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Sat Sep 04, 2021 1:47 am

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 22, 2021 10:49 am

Hi,

What is you thorough via zerotier? I can get max 25 Mbit...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 22, 2021 10:34 pm

Sometimes I can login via Zerotier and sometimes not.
This is definitely a bug in Mikrotik ZeroTier. I consider this not reliable.
There is still work to be done.
I have not had one problem with zerotier. If your on the firewall rule in winbox then you are going to mess the rule up, as zerotier is not supporteds on anything but CLI. To work around this problem for noww add zerotier1 to a interface list and use the interface list in the firewall rules, that way you can mess with the firewall rules all you want in winbox. just don't touch the list now!
I have the same observation as plisken.
Do you mean create a new interface list called zerotier1 OR
do you mean add as a list member zerotier1 to an existing interface list?

If the latter this can only be done in CLI, what are the commands??

and did anybody else check what effect this command has when in the zerotier CL structure "disable-running-check=yes"
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
Jarek9008
just joined
Posts: 12
Joined: Sun Dec 05, 2021 12:38 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 23, 2021 3:44 pm

Hi, at the moment there are two devices connected to ZT - Mikrotik router and Android phone. Everything works, devices can see each other, ping, etc. But … is there any chance that in this configuration my phone will come out with WAN IP from MT in this configuration? I would like to add that there are private WAN IPs on both sides.
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 23, 2021 4:07 pm

Hi, at the moment there are two devices connected to ZT - Mikrotik router and Android phone. Everything works, devices can see each other, ping, etc. But … is there any chance that in this configuration my phone will come out with WAN IP from MT in this configuration? I would like to add that there are private WAN IPs on both sides.
If you just added a ZeroTeir interface to the Mikrotik, and installed the ZT client on Android - both joined to same ZT network. The ZT network traffic shouldn't "come out with WAN IP from MT".

Now the tunnels ZT will establish to create the ZT network, will go out the WAN at least on the Mikrotik side. But those may or may not be used depending on what network the Android uses... e.g. same LAN as MT ZT, firewall configs, IPv6 config/availablity/paths, etc. could all effect how the Android and Mikrotik are connected by ZT.

But if your wanted your android ZT client to use the Mikrotik as WAN, not the phone. You'd need to add the ZT interface to a bridge, or in some way enabled DHCP on the Mikrotik ZT interface so ZT clients would get DHCP from the MT, thus routed by it. So possible, but it won't happen by accident – or shouldn't.

Are you seeing something odd? Otherwise, the MT WAN shouldn't be involved if you just have a ZT interface on MT and Android ZT client – that should be a private network by default.
 
Jarek9008
just joined
Posts: 12
Joined: Sun Dec 05, 2021 12:38 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 23, 2021 4:41 pm

Hi, at the moment there are two devices connected to ZT - Mikrotik router and Android phone. Everything works, devices can see each other, ping, etc. But … is there any chance that in this configuration my phone will come out with WAN IP from MT in this configuration? I would like to add that there are private WAN IPs on both sides.
If you just added a ZeroTeir interface to the Mikrotik, and installed the ZT client on Android - both joined to same ZT network. The ZT network traffic shouldn't "come out with WAN IP from MT".

Now the tunnels ZT will establish to create the ZT network, will go out the WAN at least on the Mikrotik side. But those may or may not be used depending on what network the Android uses... e.g. same LAN as MT ZT, firewall configs, IPv6 config/availablity/paths, etc. could all effect how the Android and Mikrotik are connected by ZT.

But if your wanted your android ZT client to use the Mikrotik as WAN, not the phone. You'd need to add the ZT interface to a bridge, or in some way enabled DHCP on the Mikrotik ZT interface so ZT clients would get DHCP from the MT, thus routed by it. So possible, but it won't happen by accident – or shouldn't.

Are you seeing something odd? Otherwise, the MT WAN shouldn't be involved if you just have a ZT interface on MT and Android ZT client – that should be a private network by default.
I added ZT interface to bridge and unfortunately I still have on my mobile phone WAN IP from sim card provider. Maybe I must to add some rules in ZT admin console? Generally I'd like to looks it the same like in connection via L2TP or Wiregourad .
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 23, 2021 6:48 pm


But if your wanted your android ZT client to use the Mikrotik as WAN, not the phone. You'd need to add the ZT interface to a bridge, or in some way enabled DHCP on the Mikrotik ZT interface so ZT clients would get DHCP from the MT, thus routed by it. So possible, but it won't happen by accident – or shouldn't.
I added ZT interface to bridge and unfortunately I still have on my mobile phone WAN IP from sim card provider. Maybe I must to add some rules in ZT admin console? Generally I'd like to looks it the same like in connection via L2TP or Wiregourad .
Fair question. Bridging the ZT interface be fine, to get you the LAN on your phone from anywhere. But the phone using ZT as its default route, that take CLIENT settings in the app. Dunno the specific android client settings for ZT, but you'd want to look at the "Send All Traffic" and/or "Allow Default Route Override" (names be different, help in ZT app may explain) are set right.

The ZT web console is kinda like "Bridge" in the ROS - you add "ports" (e.g. ZT device connections), but once connected to ZT network, how the routing works depends on what the ports connected do on IP/Layer-3. The ZT console does have essentially the equivalent of "DHCP Server" that hands out IPs, but the "Auto IP" does NOT hand out default routes. Since ZT operates at Layer-2, the Mikrotik can certainly bridge any of it's interfaces to a ZeroTier network.

The ZT client will control what happens with the default route on a device like android (and after it's bridged to the MT). But, unlike L2TP or Wiregaurd, just having multiple ZeroTier mobile phone clients will bridge them all together without any router – so the default I'm sure isn't to use the ZT network for all phone device traffic, since a ZT network has no route out to the internet by default too. ZT support doing that it and useful sometimes, but philophosicallly that's not in line with ZT's "disaggregated" approach.
 
Jarek9008
just joined
Posts: 12
Joined: Sun Dec 05, 2021 12:38 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 24, 2021 1:32 pm


I added ZT interface to bridge and unfortunately I still have on my mobile phone WAN IP from sim card provider. Maybe I must to add some rules in ZT admin console? Generally I'd like to looks it the same like in connection via L2TP or Wiregourad .
Fair question. Bridging the ZT interface be fine, to get you the LAN on your phone from anywhere. But the phone using ZT as its default route, that take CLIENT settings in the app. Dunno the specific android client settings for ZT, but you'd want to look at the "Send All Traffic" and/or "Allow Default Route Override" (names be different, help in ZT app may explain) are set right.

The ZT web console is kinda like "Bridge" in the ROS - you add "ports" (e.g. ZT device connections), but once connected to ZT network, how the routing works depends on what the ports connected do on IP/Layer-3. The ZT console does have essentially the equivalent of "DHCP Server" that hands out IPs, but the "Auto IP" does NOT hand out default routes. Since ZT operates at Layer-2, the Mikrotik can certainly bridge any of it's interfaces to a ZeroTier network.

The ZT client will control what happens with the default route on a device like android (and after it's bridged to the MT). But, unlike L2TP or Wiregaurd, just having multiple ZeroTier mobile phone clients will bridge them all together without any router – so the default I'm sure isn't to use the ZT network for all phone device traffic, since a ZT network has no route out to the internet by default too. ZT support doing that it and useful sometimes, but philophosicallly that's not in line with ZT's "disaggregated" approach.
Hi,

I added screenshot from ZT Android Client. There is one option - Route via ZT, but if I marked it was the same. Generally I am not such good in Mikrotik ROS, and generally in networks, so I think it will be "to high mountain" for me. But thx a lot for Your full answer.
You do not have the required permissions to view the files attached to this post.
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 24, 2021 6:22 pm



Fair question. Bridging the ZT interface be fine, to get you the LAN on your phone from anywhere. But the phone using ZT as its default route, that take CLIENT settings in the app. Dunno the specific android client settings for ZT, but you'd want to look at the "Send All Traffic" and/or "Allow Default Route Override" (names be different, help in ZT app may explain) are set right.

The ZT web console is kinda like "Bridge" in the ROS - you add "ports" (e.g. ZT device connections), but once connected to ZT network, how the routing works depends on what the ports connected do on IP/Layer-3. The ZT console does have essentially the equivalent of "DHCP Server" that hands out IPs, but the "Auto IP" does NOT hand out default routes. Since ZT operates at Layer-2, the Mikrotik can certainly bridge any of it's interfaces to a ZeroTier network.

The ZT client will control what happens with the default route on a device like android (and after it's bridged to the MT). But, unlike L2TP or Wiregaurd, just having multiple ZeroTier mobile phone clients will bridge them all together without any router – so the default I'm sure isn't to use the ZT network for all phone device traffic, since a ZT network has no route out to the internet by default too. ZT support doing that it and useful sometimes, but philophosicallly that's not in line with ZT's "disaggregated" approach.
Hi,

I added screenshot from ZT Android Client. There is one option - Route via ZT, but if I marked it was the same. Generally I am not such good in Mikrotik ROS, and generally in networks, so I think it will be "to high mountain" for me. But thx a lot for Your full answer.
Try adding route to 0.0.0.0/0 gateway "your Mikrotik IP in zerotier network" in Zerotier dasboard and then enable Route Via Zerotier. Not realy sure if this will work, but you can try.
 
Jarek9008
just joined
Posts: 12
Joined: Sun Dec 05, 2021 12:38 pm

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 24, 2021 10:17 pm



Hi,

I added screenshot from ZT Android Client. There is one option - Route via ZT, but if I marked it was the same. Generally I am not such good in Mikrotik ROS, and generally in networks, so I think it will be "to high mountain" for me. But thx a lot for Your full answer.
Try adding route to 0.0.0.0/0 gateway "your Mikrotik IP in zerotier network" in Zerotier dasboard and then enable Route Via Zerotier. Not realy sure if this will work, but you can try.
BINGO! It is working! Thx a lot!
 
User avatar
Amm0
Long time Member
Long time Member
Posts: 612
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: ZeroTier added to RouterOS v7.1rc2

Fri Dec 24, 2021 10:47 pm



Try adding route to 0.0.0.0/0 gateway "your Mikrotik IP in zerotier network" in Zerotier dasboard and then enable Route Via Zerotier. Not realy sure if this will work, but you can try.
BINGO! It is working! Thx a lot!
That actually make sense, so simple if you don't need full L2. I presume you had to also tick the "Route via ZeroTier" in the Android ZT app too? The iPhone app has "Enable Default Route" that seem to needed to be set for the default route to take if 0.0.0.0/0 added to my.zerotier.com network's route table. But the default route "trick" (okay, it just client route injection) worked on iPhone too - but did seem gated by the client app too.
 
Rox169
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Sat Sep 04, 2021 1:47 am

Re: ZeroTier added to RouterOS v7.1rc2

Sat Dec 25, 2021 2:35 am

Hi,
What is the maximum bandwidth you can get thorough zerotier?

I can get maximum 25Mbit it's only half of my bandwidth?

I don't know why I can get only half of my bandwidth thorough zerotier....
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 3:49 pm

making little progress thus far but it is intriguing.
one question, can one use zerotier as a method of a reflector for mdns (since its acting like a level 2 switch)???
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 786
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 4:12 pm

making little progress thus far but it is intriguing.
Why would you use ZeroTier when in actual fact TailScale is much easier to use [implement], performs much better especially if your internet connection is via fiber [much less latency] ...like yours is and there is ABSOLUTLY nothing to configure on MikroTik? No public keys to remember or exchange ??? Give me ONE good reason @anav only ONE :lol:
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 5:10 pm

Because tailscale is not a service on the router, once I get it working then I will compare to wireguard performance already on board.
I will admit, I cannot even fathom how to connect one device (client) to use internet of second device (server), on zerotier yet. They have stupid article covering it which is USELESS for someone not linux trained, and seriously needs an MT makeover.
In other words, someone who knows WTF they are doing should be making some USEFUL ARTICLES.............
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 786
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 5:24 pm

Because tailscale is not a service on the router, once I get it working then I will compare to wireguard performance already on board.
YOU will be SHOCKED how easy it is to create a TailScale Network .... why wait ..... do it now ..... will not take more than 10 minutes to set up .... use your phone and if you have a NAS use it
I did it is less than 5 minutes ... check out viewtopic.php?p=900645&hilit=tailscale#p900546
:D
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 5:44 pm

What is the purpose of NAS?
So tailscale is superior but I have to go out and buy an NAS first ;-PPP
You have to do better than that LOL
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 5:46 pm

Correct me if i'm wrong, but Tailscale is stupid simple way to connect two or more devices directly, but ZeroTier is for network admins to create complex large networks (virtual switch). They both serve kind of different purpose, although with ZT you can also connect just two devices, if you want.
No answer to your question? How to write posts
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 5:52 pm

Correct me if i'm wrong, but Tailscale is stupid simple way to connect two or more devices directly, but ZeroTier is for network admins to create complex large networks (virtual switch). They both serve kind of different purpose, although with ZT you can also connect just two devices, if you want.
Since I can now do simple connections directly via wireguard, tailscale is not necessary.
However I do want to explore FAMILY virtual switch uses and thus zerotier seems interesting.

Perhaps I can run tailscale within a zerotier network and thus INVENT ZEROTAIL jajajaja
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 5:55 pm

Wireguard is something else. How will you run wireguard between two networks that have no real IP and where the private IP is changing all the time? This is where Zerotier can help
No answer to your question? How to write posts
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 6:09 pm

Wireguard is something else. How will you run wireguard between two networks that have no real IP and where the private IP is changing all the time? This is where Zerotier can help
Well I am only a home owner and thus do not have 'no real IP" or where Private IPs change all the time necessarily.
Does the concept of virtual switch and multicast possibilities intersect? (home scenario of chrome, sonos, apple, printers etc......) (vice rpi + reflector or PIM?)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 6:09 pm

duplicate post but will add..... perhaps there is no practical use for zerotier for the home user, and if so, one less thing to config.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2841
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 6:45 pm

This is where Zerotier can help
And when will we get Zerotier on other Routers, (MIPS)?
 
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
 
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 6:47 pm

The ARM devices are nice, you should get one. I love my RB4011.
Use the MIPS device for something else :)
No answer to your question? How to write posts
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 786
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 6:50 pm

Correct me if i'm wrong, but Tailscale is stupid simple way to connect two or more devices directly, but ZeroTier is for network admins to create complex large networks (virtual switch). They both serve kind of different purpose, although with ZT you can also connect just two devices, if you want.
Yes You are wrong .. BECAUSE TailScale will SCALE a very large network, networks far more easily than ZeroTier .... The KEY words is VERY easily .... Yes ZeroTier is more mature currently and ABSOLUTLY there is no question ZeroTier will make far more work for the Techie admin ... far more work for the techie means far more money for both the Techie and ZeroTier in compensation ... so people like me should LOVE ZeroTier ...... MY only argument is that TailScale is remarkable in what it achieves not only for the individual ... like Anav the homeowner but more importantly what it achieve for the mega corp or any business enterprise with hundreds [even thousands] of devices. Yes TailScale needs to mature and they are making significant headway so far.

Just consider one aspect --- Key management characteristics of the Tailscale Control Protocol -- Tailscale manages key distribution, key rotation, machine certificates, and all configurations for users, which is very useful if any of the devices on the network belong to non-technical users and this is all done automatically ....no work for the admin techies .... when hundreds or thousands of devices are in the picture THE headache of doing that manually is $$$$$
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 786
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 6:54 pm

What is the purpose of NAS?
So tailscale is superior but I have to go out and buy an NAS first ;-PPP
You have to do better than that LOL
Anav, does not have to be a NAS it could be your Desktop Computer or your daughters computer sitting in Spain or is it Portugal or in Vancouver :D But a NAS is far more fun IMO
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 25224
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 6:55 pm

How will it scale, if you can't install it on the router? You must install it on all end devices? Not very practical :)
No answer to your question? How to write posts
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 786
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 7:13 pm

How will it scale, if you can't install it on the router? You must install it on all end devices? Not very practical :)
Yes it would be nice if RouterOS became a TailScale Client :lol: However .....
https://tailscale.com/kb/1019/subnets/
Subnet routers and traffic relay nodes

Tailscale works best when the client app is installed directly on every client, server, and VM in your organization. That way, traffic is end-to-end encrypted, and no configuration is needed to move machines between physical locations.

However, in some situations, you can’t or don’t want to install Tailscale on each device:

With embedded devices, like printers, which don’t run external software
When connecting large quantities of devices, like an entire AWS VPC
When incrementally deploying Tailscale (eg. on legacy networks)

In these cases, you can set up a “subnet router” (previously called a relay node or relaynode) to access these devices from Tailscale. Subnet routers act as a gateway, relaying traffic from your Tailscale network onto your physical subnet. Subnet routers respect features like access control policies, which make it easy to migrate a large network to Tailscale without installing the app on every device.
BTW
created the project below that provides a guide to deploy Tailscale on Mikrotik routers using containers
https://forum.tailscale.com/t/tailscale ... rotik/1387
Should be interesting
Last edited by mozerd on Tue Dec 28, 2021 7:26 pm, edited 1 time in total.
 
dksoft
Member Candidate
Member Candidate
Posts: 116
Joined: Thu Dec 06, 2012 8:56 am
Location: Germany

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 7:22 pm

The ARM devices are nice, you should get one. I love my RB4011.
Use the MIPS device for something else :)
Regarding home routers I agree but if you go automative with the LtAP series, there is no choice. And ZeroZier makes much sense to reach the device from outside.
Setup: Dt. Telekom FTTH, CCR2004, CRS317, CRS328-24P-4S+RM, multiple WAP AC via CAPsMAN. MCTNA
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 7:31 pm

Mozerd, what is meant by a subnet router???
I already have a router ................ or do you mean use the docker in MT to create the subnet router instance?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Posts: 786
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Tue Dec 28, 2021 7:40 pm

what is meant by a subnet router???
When one uses their TailScale Admin Account you then can configure a subnet Router that can interact with your MikroTik Router --- following is its description:
https://tailscale.com/kb/1019/subnets/
Subnet routers act as a gateway, relaying traffic from your Tailscale network onto your physical subnet. Subnet routers respect features like access control policies, which make it easy to migrate a large network to Tailscale without installing the app on every device.
 
mblinov
just joined
Posts: 4
Joined: Sun Aug 02, 2020 1:03 am

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 29, 2021 2:43 am

Hi all,

In the OP, one of the supported devices is the "hAP ac³ (non LTE)". This is acually a little overkill for my home office use case - will the hAP ac2 support this Zerotier package?

This looks like it's gonna be a killer feature for me, and I'd really like to deploy it in my use case!
 
gotsprings
Forum Guru
Forum Guru
Posts: 1507
Joined: Mon May 14, 2012 9:30 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 29, 2021 4:32 am

Hi all,

In the OP, one of the supported devices is the "hAP ac³ (non LTE)". This is acually a little overkill for my home office use case - will the hAP ac2 support this Zerotier package?

This looks like it's gonna be a killer feature for me, and I'd really like to deploy it in my use case!
Things I have ran Zerotier on:
Audience
cAP AC
RB3011
hAP AC2
CRS326
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Wed Dec 29, 2021 4:46 am

Hi all,

In the OP, one of the supported devices is the "hAP ac³ (non LTE)". This is acually a little overkill for my home office use case - will the hAP ac2 support this Zerotier package?

This looks like it's gonna be a killer feature for me, and I'd really like to deploy it in my use case!
Things I have ran Zerotier on:
Audience
cAP AC
RB3011
hAP AC2
CRS326
will add RB4011 and RB450Gx4..........
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
pitfermi
newbie
Posts: 27
Joined: Thu Dec 30, 2021 1:23 am

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 30, 2021 1:44 am

Hi. I have been using Zerotier (ZT) v1.6.6 on RouterOS 7.11 for the past few days and i have a speed problem. I use the Hap ac3 as a ZT peer. I think it's better to introduce my configuration first, and then ask for suggestions:
-my ZT network is 172.24.0.0/16 and managed on zerotier central
-my home LAN is 10.0.0.0/16
-the hap ac3 has a LAN ip of 10.0.0.1 and a ZT ip which is 172.24.0.1
-i have a synology NAS sitting behind the hap ac3 with an ip of 10.0.0.10
-i have a static route on the ZT central controller in order to access devices behind the hap ac3. for now, i am only accessing the NAS. the static route is: dst 10.0.0.0/24 via 172.24.0.1 (hap ac3 ZT ip)
-i configured the hap ac3 ZT peer according to this tutorial: https://help.mikrotik.com/docs/display/ROS/ZeroTier and made sure to add the firewall rules.
-my home ISP speed is 1000mbit/s down, 50mbit/s up
-remotely, i can properly ping and access the router and the NAS using their LAN IPs (10.0.0.1 and 10.0.0.10), since the static route was configured on zerotier central and the firewall rules added
to the hap ac3 firewall.
-no further configuration has been done on the home lan.
-accessing the home LAN remotely is done using a speed of approx 40mbps down, 5mbps up

remotely, when I try to transfer files, using WebDav or via http/https from or to the NAS, the speed is way low. I get upload speeds of 300kbps and download speeds of 900kbps, which is nowhere near the speeds i get when i do port forward on the hap ac3 and access my NAS without a tunnel like zerotier. for comparison, port forward method delivers a download speed of 3.5-4Mbps.
The cpu load of hap ac3, when transfering files is 20-30%, avg 25%, but i dont think this explains the slow download speed.
i checked the links between peers(pc-hap ac3) on the zerotier central and using the zerotier-cli on windows, they show a direct(non relayed) connection, and the respective public IPs are also showing up properly. ping times also give away a direct link. Any suggestions on improving my speeds would be appreciated.
 
raider
just joined
Posts: 1
Joined: Thu Dec 30, 2021 10:48 am

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 30, 2021 3:39 pm

The cpu load of hap ac3, when transfering files is 20-30%, avg 25%, but i dont think this explains the slow download speed.
i checked the links between peers(pc-hap ac3) on the zerotier central and using the zerotier-cli on windows, they show a direct(non relayed) connection, and the respective public IPs are also showing up properly. ping times also give away a direct link. Any suggestions on improving my speeds would be appreciated.
Is this cpu usage when testing file transfer via ZT network? If that's so it can be that one cpu core (hac3 is 4 core) is busy dealing with this traffic and that zt/wg engine cannot scale beyond one core (ie single threaded)?
 
hsanchez
just joined
Posts: 1
Joined: Sat Mar 24, 2018 11:48 pm

Re: ZeroTier added to RouterOS v7.1rc2

Thu Dec 30, 2021 6:55 pm

I installed Zerotier in Hap AC2, it works fine until reboot. After reboot all config is gone.
 
cwilmo
just joined
Posts: 4
Joined: Sat Jun 26, 2021 11:07 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 02, 2022 4:06 am

Hi y'all, I'm getting an error message trying to configure Zerotier on RB4011, running 7.1.1; I have two other clients in the pool which work well - an iPhone and RB5009. I have the new interface enabled online. I upgraded the RB4011 from 6.48.4 to 7.1.1 and after completing the Zerotier installation I get an error in the firewall rules - "in/out-interface matcher not possible when interface (zerotier1) is slave - use master instead (bridge)". I did check my configuration and Ether1 is not listed in the bridge. Since this is primarily CLI I'm not sure what to do. I think I have a configuration error and haven't been able to solve it yet, any help is kindly appreciated. I have attached my config.
You do not have the required permissions to view the files attached to this post.
 
pitfermi
newbie
Posts: 27
Joined: Thu Dec 30, 2021 1:23 am

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 02, 2022 4:21 pm

hi. yes, i observed most load on a single core of the router.
The cpu load of hap ac3, when transfering files is 20-30%, avg 25%, but i dont think this explains the slow download speed.
i checked the links between peers(pc-hap ac3) on the zerotier central and using the zerotier-cli on windows, they show a direct(non relayed) connection, and the respective public IPs are also showing up properly. ping times also give away a direct link. Any suggestions on improving my speeds would be appreciated.
Is this cpu usage when testing file transfer via ZT network? If that's so it can be that one cpu core (hac3 is 4 core) is busy dealing with this traffic and that zt/wg engine cannot scale beyond one core (ie single threaded)?
 
dcavni
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Sun Mar 31, 2013 6:02 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 02, 2022 5:25 pm

Hi y'all, I'm getting an error message trying to configure Zerotier on RB4011, running 7.1.1; I have two other clients in the pool which work well - an iPhone and RB5009. I have the new interface enabled online. I upgraded the RB4011 from 6.48.4 to 7.1.1 and after completing the Zerotier installation I get an error in the firewall rules - "in/out-interface matcher not possible when interface (zerotier1) is slave - use master instead (bridge)". I did check my configuration and Ether1 is not listed in the bridge. Since this is primarily CLI I'm not sure what to do. I think I have a configuration error and haven't been able to solve it yet, any help is kindly appreciated. I have attached my config.
I think this is your problem. You have Zerotier interface in bridge in your configuration:

add bridge=bridge ingress-filtering=no interface=zerotier1
 
cwilmo
just joined
Posts: 4
Joined: Sat Jun 26, 2021 11:07 pm

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 02, 2022 6:37 pm

Thank-you! That was the fix, not sure how I got that wrong. Kind regards.
 
MtHoodlum
newbie
Posts: 49
Joined: Fri Sep 07, 2012 2:09 am
Location: USA
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 02, 2022 8:21 pm

This is where Zerotier can help
And when will we get Zerotier on other Routers, (MIPS)?
And of course Intel x86 for whitebox server routers and cloud hosted routers (CHR)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2841
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 02, 2022 8:26 pm

No need to quote my post for asking that. You are not replying to my post.
An I already asked for the same (other routers)


And one link to same paid product in link is enough.
Stop spamming with new post everywhere. Have some forum etikette.

9 post today to promote your monitor solution.
 
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
 
 
lordzar
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Sat May 29, 2004 7:47 pm

Random Issue

Sun Jan 09, 2022 3:38 am

Been using it for about a week now... it's been GREAT.... until tonight that is....

Running it on a x4 and all of a sudden, I lost connectivity to my local lan. Connected to the console... didn't see any issues in programming. my router just couldn't talk to anything on my local lan and vice versa.

So... in the TRY RANDOM THINGS style of troubleshooting.... I just disabled the zero tier and POOF... everything is running again...

Really strange that it works perfectly for DAYS and then just stops tonight while we were eating dinner.

Any help????
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 11852
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 09, 2022 4:01 am

What was for supper?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
MTUNA Certified, by the Ascerbic Llama!
 
jadejerry
just joined
Posts: 1
Joined: Fri Dec 24, 2021 4:56 am

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 09, 2022 6:18 am

Question: how to orbit a moon of zt? Thanks.
 
User avatar
maxrate
Frequent Visitor
Frequent Visitor
Posts: 91
Joined: Mon Oct 23, 2006 10:55 pm
Location: Toronto

Re: ZeroTier added to RouterOS v7.1rc2

Sun Jan 23, 2022 3:02 pm

Just commenting letting folks know this would be very useful if available in CHR on x86.
Mikrotik everywhere!
 
hamil
just joined
Posts: 13
Joined: Fri Jun 08, 2007 7:21 pm
Location: Tallahassee, FL

Re: ZeroTier added to RouterOS v7.1rc2

Wed Jan 26, 2022 4:07 pm

Who will be responsible for updating the ZeroTier package when the ROS updates above 7.1.1?
 
connormill
just joined
Posts: 11
Joined: Thu Feb 22, 2018 5:45 pm

Re: ZeroTier added to RouterOS v7.1rc2

Wed Feb 09, 2022 1:14 pm

Is there a current Roadmap for adding ZT functions to non ARM based boards? (specifically Mipsbe)

We install a lot of LGH/SXT LTE devices so adding ZeroTier to these could be a great way for us to gain remote login functionality to devices we normally have a hard time accessing.
 
rogierb
just joined
Posts: 10
Joined: Wed May 14, 2014 4:44 pm

Re: ZeroTier added to RouterOS v7.1rc2

Mon Feb 14, 2022 1:19 pm

Is there a current Roadmap for adding ZT functions to non ARM based boards? (specifically Mipsbe)

We install a lot of LGH/SXT LTE devices so adding ZeroTier to these could be a great way for us to gain remote login functionality to devices we normally have a hard time accessing.
Or for CHR's? That would be awesome.

Who is online

Users browsing this forum: No registered users and 4 guests