Zerotierone: How to expose LAN with Zerotier when using Ubiquiti Edge Router X

Created on 20 Feb 2020  路  2Comments  路  Source: zerotier/ZeroTierOne

How do you expose the LAN with Zerotier when using Ubiquiti Edge Router X (Firmware version 2.0.8)?

So I managed to install ZeroTier with the Ubiquiti Edge Router X via:

admin@edgerouter# sudo -i
root@edgerouter:~# curl -s https://install.zerotier.com | sudo bash

And got to access the Edge OS (Edge Max) interface through the ZeroTier Global IP, so I can access my router anywhere in the world which is great.

However, how can I access the LAN devices connected to the router?
For example, I have one device with Local IP in the router, 192.168.1.39

How can I access this using the ZeroTier network?

picture incube8r
👍1

Most helpful comment

Here's the solution:

  1. Update the Ubiquiti EdgeRouter-X (ER-X) with Firmware 2.0.8 (you can Google this very easily)
  2. Install ZeroTier from the command line (Skipping the device mapping)
ubnt@edgerouter# sudo -i
root@edgerouter:~# curl -s https://install.zerotier.com | sudo bash

At this point the ER-X is unable to "interact" with ZeroTier so we need to patch.

  1. Patch with the zerotier-edgeos (by Dennis Kruyt)
    Download this file from https://github.com/dkruyt/resources/raw/master/zerotier-edgeos.tgz
root@edgerouter:/# tar -C / -xvzf /home/admin/zerotier-edgeos.tgz

At this point after reboot the ZeroTier interface will now show in the router dashboard.

  1. Setup DNAT and SNAT rule in the ER-X router, taking into account the Upstream IP address and the ZeroTier IP address and the switch0 address, additionally, to keep the setup simple a Network Group was created, the Upstream and ZeroTier group respectively (nothing special here just set the Group following the standard Ubiquiti guide

Then

ubnt@edgerouter# configure
edit service nat rule 1
set description "ZeroTier DNAT" 
set destination group network-group ZeroTier
set inbound-interface ztzlgezugz
set inside-address address 192.168.0.157
set log disable
set protocol all
set type destination
top

edit service nat rule 5000
set description "ZeroTier SNAT"
set log disable
set outbound-interface ztzlgezugz
set outside-address address 10.147.17.15
set protocol all
set source group network-group Upstream
set type source
top

commit
save exit

Where the IP 192.168.0.157 is the upstream IP i.e. eth0 and the 10.147.17.15 is the ZT IP

  1. Setup Managed Route in ZeroTier:

Note: 192.168.1.0/24 here is the switch0 address where the LAN devices are connected, eth1, eth2, eth3 and eth4 in my case since I have ER-X router

ZT_Managed_Route

Done.

From here, you will be able to access the LAN devices connected to switch0 over the internet.

References:

https://blog.kruyt.org/zerotier-on-a-ubiquiti-edgerouter/
https://kruyt.org/zerotier-on-edgerouter-p2/
https://community.ui.com/questions/How-to-bridge-two-network-interface/b74f4c6e-dbea-4587-bd53-3ce8acdf9b6b

picture incube8r on 27 Feb 2020
🎉2 👍2 🚀1

All 2 comments

Hello,

Most of the setup would happen in the edge route, not in zerotier.

At my.zerotier.com, you'd add a managed route to the physical lan via the zerotier ip address of the edge router. Something like:

[192.168.1.0/24] via [10.147.20.1]

Here's how to do it in openwrt for an example.

If you figure out the steps for the edge router, can you post them here?

laduke picture laduke on 20 Feb 2020

Here's the solution:

  1. Update the Ubiquiti EdgeRouter-X (ER-X) with Firmware 2.0.8 (you can Google this very easily)
  2. Install ZeroTier from the command line (Skipping the device mapping)
ubnt@edgerouter# sudo -i
root@edgerouter:~# curl -s https://install.zerotier.com | sudo bash

At this point the ER-X is unable to "interact" with ZeroTier so we need to patch.

  1. Patch with the zerotier-edgeos (by Dennis Kruyt)
    Download this file from https://github.com/dkruyt/resources/raw/master/zerotier-edgeos.tgz
root@edgerouter:/# tar -C / -xvzf /home/admin/zerotier-edgeos.tgz

At this point after reboot the ZeroTier interface will now show in the router dashboard.

  1. Setup DNAT and SNAT rule in the ER-X router, taking into account the Upstream IP address and the ZeroTier IP address and the switch0 address, additionally, to keep the setup simple a Network Group was created, the Upstream and ZeroTier group respectively (nothing special here just set the Group following the standard Ubiquiti guide

Then

ubnt@edgerouter# configure
edit service nat rule 1
set description "ZeroTier DNAT" 
set destination group network-group ZeroTier
set inbound-interface ztzlgezugz
set inside-address address 192.168.0.157
set log disable
set protocol all
set type destination
top

edit service nat rule 5000
set description "ZeroTier SNAT"
set log disable
set outbound-interface ztzlgezugz
set outside-address address 10.147.17.15
set protocol all
set source group network-group Upstream
set type source
top

commit
save exit

Where the IP 192.168.0.157 is the upstream IP i.e. eth0 and the 10.147.17.15 is the ZT IP

  1. Setup Managed Route in ZeroTier:

Note: 192.168.1.0/24 here is the switch0 address where the LAN devices are connected, eth1, eth2, eth3 and eth4 in my case since I have ER-X router

ZT_Managed_Route

Done.

From here, you will be able to access the LAN devices connected to switch0 over the internet.

References:

https://blog.kruyt.org/zerotier-on-a-ubiquiti-edgerouter/
https://kruyt.org/zerotier-on-edgerouter-p2/
https://community.ui.com/questions/How-to-bridge-two-network-interface/b74f4c6e-dbea-4587-bd53-3ce8acdf9b6b

incube8r picture incube8r on 27 Feb 2020
🎉2 👍2 🚀1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gdamore picture gdamore  路  5Comments
paweljacewicz picture paweljacewicz  路  4Comments
AlexisTM picture AlexisTM  路  4Comments
mattgorski picture mattgorski  路  4Comments
MaskRay picture MaskRay  路  4Comments