Community discussions

MikroTik App
 
parfait02
just joined
Topic Author
Posts: 17
Joined: Sat Jun 26, 2021 10:39 pm

configuring Zerotier Full Tunnel Mode on routerOS

Sat Apr 30, 2022 4:48 pm

I would like to configure my router RB40011 as a gateway for my zerotier network as proposed https://zerotier.atlassian.net/wiki/spa ... unnel+Mode. This is to route all our zerotier devices internet traffic through the router (sort of using the router as proxy)
We do not have a static IP address, so on a simple linux pc, the config would default to
sudo iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE
sudo iptables -A FORWARD -i $WAN_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $ZT_IFACE -o $WAN_IFACE -j ACCEPT

as proposed in the link.
So on the router i set :
/ip firewall nat
 add chain=srcnat action=masquerade
/ip firewall filter
 
 add chain=forward in-interface=ZT_IFACE out-interface=WAN_IFACE action=accept
 add chain=forward in-interface=$WAN_IFACE out-interface=$ZT_IFACE  action=accept connection-state=established,related
 
But it does not work (no response on pc used as client) and nothing happened on the reply forward chain as shown on the attached file.

Firstly, is it possible to do this?
Secondly, if yes, how to improve the config to do it?
You do not have the required permissions to view the files attached to this post.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: configuring Zerotier Full Tunnel Mode on routerOS

Sat Apr 30, 2022 5:09 pm

Sorry have not mastered zerotier yet, on my to do list one day.......
In the meantime this is the best reference I am aware of vis-a-vis ZT and mikrotik!
viewtopic.php?t=183424 (thanks to amm0!)
 
parfait02
just joined
Topic Author
Posts: 17
Joined: Sat Jun 26, 2021 10:39 pm

Re: configuring Zerotier Full Tunnel Mode on routerOS

Sat Apr 30, 2022 11:45 pm

Thank you for your reply
I have gone through this link from top to bottom,
No solution so far.
I keep looking

Who is online

Users browsing this forum: oliverlexis, Renfrew and 63 guests