Exposing LAN with Zerotier when using Ubiquiti Edge Router X?

networking router ubiquiti ubiquiti-edgerouter

Solution 1:

You have a choice between layer 2 bridging and layer 3 routing. We don't have much direct experience with Ubiquiti but you can find a lot of info around about doing either of those things. The ZeroTier interface should show up as another interface on the Ubiquiti that you should then be able to route or bridge to/from.

Solution 2:

Here's the solution:

  1. Update the Ubiquiti EdgeRouter-X (ER-X) with Firmware 2.0.8 (you can Google this very easily)
  2. Install ZeroTier from the command line (Skipping the device mapping)
ubnt@edgerouter# sudo -i
root@edgerouter:~# curl -s https://install.zerotier.com | sudo bash

At this point the ER-X is unable to "interact" with ZeroTier so we need to patch.

  1. Patch with the zerotier-edgeos (by Dennis Kruyt) Download this file from https://github.com/dkruyt/resources/raw/master/zerotier-edgeos.tgz 
root@edgerouter:/# tar -C / -xvzf /home/admin/zerotier-edgeos.tgz

At this point after reboot the ZeroTier interface will now show in the router dashboard.

  1. Setup DNAT and SNAT rule in the ER-X router, taking into account the Upstream IP address and the ZeroTier IP address and the switch0 address, additionally, to keep the setup simple a Network Group was created, the Upstream and ZeroTier group respectively (nothing special here just set the Group following the standard Ubiquiti guide

Then

ubnt@edgerouter# configure
edit service nat rule 1
set description "ZeroTier DNAT" 
set destination group network-group ZeroTier
set inbound-interface ztzlgezugz
set inside-address address 192.168.0.157
set log disable
set protocol all
set type destination
top

edit service nat rule 5000
set description "ZeroTier SNAT"
set log disable
set outbound-interface ztzlgezugz
set outside-address address 10.147.17.15
set protocol all
set source group network-group Upstream
set type source
top

commit
save exit

Where the IP 192.168.0.157 is the upstream IP i.e. eth0 and the 10.147.17.15 is the ZT IP

  1. Setup Managed Route in ZeroTier:

Note: 192.168.1.0/24 here is the switch0 address where the LAN devices are connected, eth1, eth2, eth3 and eth4 in my case since I have ER-X router

ZT_Managed_Route

Done.

From here, you will be able to access the LAN devices connected to switch0 over the internet.

References:

  • https://blog.kruyt.org/zerotier-on-a-ubiquiti-edgerouter/
  • https://kruyt.org/zerotier-on-edgerouter-p2/
  • https://community.ui.com/questions/How-to-bridge-two-network-interface/b74f4c6e-dbea-4587-bd53-3ce8acdf9b6b

Related

Windows DNS servers repeatedly requesting records in zone when they get SERVFAIL response
.htaccess allow from hostname?
df shows bad information on partition usage
Persistent Network Configuration using KVM and libvirt
Postfix Domain Whitelisting in Combination with Sender Authentication
Xenserver 6.5 LSI MegaRAID
group policy in Windows Server 2008
How to recover a MSSQL user's password?
How do you prevent restarting machine after critial Windows updates?
How is NUMBER_OF_PROCESSORS env variable generated?
pfSense - Traffic to subnet not being routed by static route
Anyone have any experience with SQL over iSCSI on Equallogic boxes?