Community discussions

MikroTik App
 
zorrua
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 53
Joined: Sun Sep 17, 2017 4:32 pm

Route between zerotier interfaces

Thu Sep 01, 2022 4:55 pm

Hello,

I have a RB4011 with 3 Zerotier interfaces:
] /zerotier/interface> export
# sep/01/2022 15:51:06 by RouterOS 7.4.1
# software id = ISAN-GT1M
#
# model = RB4011iGS+
# serial number = xxxxxxx
/zerotier interface
add allow-default=no allow-global=no allow-managed=no disabled=no instance=zt1 name=zt-1 network=xxxxx
add allow-default=no allow-global=no allow-managed=no disabled=no instance=zt1 name=zt-2 network=xxxxx
add allow-default=no allow-global=no allow-managed=no disabled=no instance=zt1 name=zt-3 network=xxxxx
I create the routes in each zerotier panel with next hop the RB4011 IP.

My idea is to connect the devices in different interfaces using the RB4011 as a gateway.

Is it possible? I will appreciate any help.

Kind regards.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3253
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Route between zerotier interfaces

Mon Sep 26, 2022 5:37 am

This depends on what you mean by "route" AND how ZeroTier web UI is configured...

But it should work, but there are 3 places – your Mikrotik "Hub" Router, my.zerotier.com website configuring it, or the remote non-Mikrotik ZeroTier client) – any of those layers could block routing.

Several things to check on the Mikrotik:
  • /ip/firewall/filter - this could be blocking the zerotier interface – you'd need to add firewall rules to allow the ALL of the ZT interface.
  • /ip/address - each of the ZT interfaces has an IP address & it matches the range defined inside my.zerotier.com for each network
  • All interfaces are authorized & running under /zerotier


On my.zerotier.com web UI side...

My guess is your problem is that each of the ZeroTier networks (at my.zerotier.com) needs to have routes defined between OTHER IP networks. These routes are "injected" into remote ZeroTier clients, so if they aren't defined IN my.zerotier.com under "Routes", your remote ZT clients won't route to them. i.e. adding a 0.0.0.0/0 to that points to the Mikrotik IP won't work (unless you enable "Allow Default Router Override" on the remote CLIENTs like iOS, Android etc).

For example, let's your 3 ZT interfaces:
zerotier1 has IP 10.1.1.1/24. ; "ZT Net 1"
zerotier2 has IP 192.168.2.1/24 ; "ZT Net 2"
zerotier3 has IP 172.23.3.1/24 ; "ZT Net 3"

So, inside ZeroTier "ZT Net 1", you'd need 4 routes:
0.0.0.0/0 to 10.1.1.1
192.168.2.0/24 to 10.1.1.1
172.23.2.0/24 to 10.1.1.1
10.1.10.0/24 to 10.1.1.1
You'd have repeated that for "ZT Net 2" and "ZT Net 3" & use correct IP address for the MT for that particular ZeroTier subnet each time (172.23.3.1, etc.)


It also possible, the ZeroTierOne client (e.g. on laptop, smartphones, etc..) settings may be the issue too...
See client the "allow managed" & "allow default" etc will certainly have an impact on this all works (or doesn't)... Specifically, you'd want "all managed" on the client so it will set the routes (which is the default).

But if ZeroTier doesn't have the right routing table, it never will get to the Mikrotik.


NOTE: There are few way to configure ZT for this case, this is roughly one. But without specifics of what you're trying to do...just guessing here.

Who is online

Users browsing this forum: Ahrefs [Bot], hatred, mszru and 70 guests