2

So I managed to install ZeroTier with the Ubiquiti Edge Router X via:

admin@edgerouter# sudo -i
root@edgerouter:~# curl -s https://install.zerotier.com | sudo bash

And got to access the Edge OS (Edge Max) interface through the ZeroTier Global IP, so I can access my router anywhere in the world which is great.

However, how can I access the LAN devices connected to the router? For example, I have one device with Local IP in the router, 192.168.1.39

How can I access this using the ZeroTier network?

cyberquarks
  • 269
  • 4
  • 14

2 Answers2

2

You have a choice between layer 2 bridging and layer 3 routing. We don't have much direct experience with Ubiquiti but you can find a lot of info around about doing either of those things. The ZeroTier interface should show up as another interface on the Ubiquiti that you should then be able to route or bridge to/from.

Adam Ierymenko
  • 131
  • 6
  • 1
    Hi Adam, yeah, in fact, it does show as an interface inside UBNT ER-X: https://serverfault.com/questions/1004316/accessing-local-network-devices-over-the-internet I was hoping to "transform" this ER-X device into something like ZeroTier edge appliance. – cyberquarks Feb 24 '20 at 20:52
  • 1
    That should be quite do-able. For L3 routing you can have ZeroTier inform the other devices of the route. For bridging you have to make the device a bridge *and* inform the other devices that the bridged IP range is "local," which also involves either pushing or setting a route. – Adam Ierymenko Feb 24 '20 at 21:18
  • Is L3 routing similar to Inter-VLAN? https://help.ubnt.com/hc/en-us/articles/115002359547-EdgeSwitch-Inter-VLAN-Routing – cyberquarks Feb 24 '20 at 21:29
  • 1
    I started a thread here that might be helpful (soon) in solving this ZeroTier configuration: https://community.ui.com/questions/How-to-bridge-two-network-interface/b74f4c6e-dbea-4587-bd53-3ce8acdf9b6b – cyberquarks Feb 25 '20 at 20:57
  • I managed to make ZeroTier work with Ubiquiti (thanks to the community) – cyberquarks Feb 27 '20 at 19:53
1

Here's the solution:

  1. Update the Ubiquiti EdgeRouter-X (ER-X) with Firmware 2.0.8 (you can Google this very easily)
  2. Install ZeroTier from the command line (Skipping the device mapping)
ubnt@edgerouter# sudo -i
root@edgerouter:~# curl -s https://install.zerotier.com | sudo bash

At this point the ER-X is unable to "interact" with ZeroTier so we need to patch.

  1. Patch with the zerotier-edgeos (by Dennis Kruyt) Download this file from https://github.com/dkruyt/resources/raw/master/zerotier-edgeos.tgz
root@edgerouter:/# tar -C / -xvzf /home/admin/zerotier-edgeos.tgz

At this point after reboot the ZeroTier interface will now show in the router dashboard.

  1. Setup DNAT and SNAT rule in the ER-X router, taking into account the Upstream IP address and the ZeroTier IP address and the switch0 address, additionally, to keep the setup simple a Network Group was created, the Upstream and ZeroTier group respectively (nothing special here just set the Group following the standard Ubiquiti guide

Then

ubnt@edgerouter# configure
edit service nat rule 1
set description "ZeroTier DNAT" 
set destination group network-group ZeroTier
set inbound-interface ztzlgezugz
set inside-address address 192.168.0.157
set log disable
set protocol all
set type destination
top

edit service nat rule 5000
set description "ZeroTier SNAT"
set log disable
set outbound-interface ztzlgezugz
set outside-address address 10.147.17.15
set protocol all
set source group network-group Upstream
set type source
top

commit
save exit

Where the IP 192.168.0.157 is the upstream IP i.e. eth0 and the 10.147.17.15 is the ZT IP

  1. Setup Managed Route in ZeroTier:

Note: 192.168.1.0/24 here is the switch0 address where the LAN devices are connected, eth1, eth2, eth3 and eth4 in my case since I have ER-X router

ZT_Managed_Route

Done.

From here, you will be able to access the LAN devices connected to switch0 over the internet.

References:

cyberquarks
  • 269
  • 4
  • 14