Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:services:vpn:zerotier [2024/08/01 10:21] – [Basic Configuration] echterago | docs:guide-user:services:vpn:zerotier [2024/10/18 14:51] – [Basic Configuration] andrewz | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Zerotier ====== | ====== Zerotier ====== | ||
| - | Zerotier creates a virtual network between hosts. You may refer to [zerotier-openwrt' | + | Zerotier creates a virtual network between hosts. You may refer to [[https:// |
| ===== Installation ===== | ===== Installation ===== | ||
| Line 10: | Line 10: | ||
| ===== Basic Configuration ===== | ===== Basic Configuration ===== | ||
| - | * Create | + | * Create virtual network on [[https:// |
| - | * Add the virtual network to the Openwrt | + | * Add virtual network to the OpenWrt |
| + | |||
| + | For ZeroTier version 1.14.0 or older: | ||
| < | < | ||
| uci delete zerotier.sample_config | uci delete zerotier.sample_config | ||
| uci add zerotier my_zt_net | uci add zerotier my_zt_net | ||
| - | uci add_list zerotier.my_zt_net.join=< | + | uci add_list zerotier.my_zt_net.join=< |
| uci set zerotier.my_zt_net.enabled=' | uci set zerotier.my_zt_net.enabled=' | ||
| uci commit zerotier | uci commit zerotier | ||
| service zerotier restart | service zerotier restart | ||
| </ | </ | ||
| - | | + | |
| - | * Typical communication with Zerotier peers will happen on UDP port 9993, and no additional configuration is needed for an out-of-the-box router configuration. | + | For ZeroTier version 1.14.1 or newer: |
| + | < | ||
| + | uci set zerotier.global.enabled=' | ||
| + | uci delete zerotier.earth | ||
| + | uci set zerotier.my_zt_net=network | ||
| + | uci set zerotier.my_zt_net.id=< | ||
| + | uci commit zerotier | ||
| + | service zerotier restart | ||
| + | </ | ||
| + | |||
| + | | ||
| + | * Typical communication with Zerotier peers will happen on port 9993/udp, and no additional configuration is needed for an out-of-the-box router configuration. | ||
| * To use the virtual network, the device must be authorized on Zerotier Central by clicking the " | * To use the virtual network, the device must be authorized on Zerotier Central by clicking the " | ||
| - | * Device connectivity can be seen by using the " | + | * Device connectivity |
| < | < | ||
| - | zerotier-cli info | + | root@OpenWrt# |
| + | 200 info xxxxxxxxxx 1.14.0 ONLINE | ||
| </ | </ | ||
| * Some services (eg dropbear, luci) may need to be reconfigured to allow access from the new Zerotier virtual interface. The easy way is to un-restrict them from specific networks/ | * Some services (eg dropbear, luci) may need to be reconfigured to allow access from the new Zerotier virtual interface. The easy way is to un-restrict them from specific networks/ | ||
| * For dropbear (allow access from anywhere, potentially unsafe): | * For dropbear (allow access from anywhere, potentially unsafe): | ||
| < | < | ||
| - | cat / | + | root@OpenWrt# |
| config dropbear | config dropbear | ||
| Line 37: | Line 51: | ||
| </ | </ | ||
| - | **You must reboot | + | :!: You must reboot |
| + | |||
| + | After reboot get the device name using your 16-digit Network ID: | ||
| + | < | ||
| + | root@OpenWrt# | ||
| + | ztXXXXXXXX | ||
| + | </ | ||
| + | |||
| + | Alternatively run '' | ||
| <code bash> | <code bash> | ||
| - | # Configure firewall | + | # Create interface |
| - | uci -q delete | + | uci -q delete |
| - | uci set firewall.vpn="zone" | + | uci set network.ZeroTier=interface |
| - | uci set firewall.vpn.name="vpn" | + | uci set network.ZeroTier.proto=' |
| - | uci set firewall.vpn.input=" | + | uci set network.ZeroTier.device=' |
| - | uci set firewall.vpn.output="ACCEPT" | + | |
| - | uci set firewall.vpn.forward=" | + | # Configure firewall zone |
| - | uci set firewall.vpn.masq="1" | + | uci add firewall |
| - | uci set firewall.vpn.mtu_fix=" | + | uci set firewall.@zone[-1].name='vpn' |
| - | uci add_list firewall.vpn.device=" | + | uci set firewall.@zone[-1].input=' |
| - | uci -q delete | + | uci set firewall.@zone[-1].output='ACCEPT' |
| - | uci set firewall.lan_vpn=" | + | uci set firewall.@zone[-1].forward=' |
| - | uci set firewall.lan_vpn.src=" | + | uci set firewall.@zone[-1].masq='1' |
| - | uci set firewall.lan_vpn.dest=" | + | uci add_list |
| - | uci -q delete | + | uci add firewall |
| - | uci set firewall.ssh=" | + | uci set firewall.@forwarding[-1].src=' |
| - | uci set firewall.ssh.name=" | + | uci set firewall.@forwarding[-1].dest=' |
| - | uci set firewall.ssh.src="vpn" | + | uci add firewall |
| - | uci set firewall.ssh.dest_port=" | + | uci set firewall.@forwarding[-1].src='vpn' |
| - | uci set firewall.ssh.proto=" | + | uci set firewall.@forwarding[-1].dest=' |
| - | uci set firewall.ssh.target=" | + | uci add firewall forwarding |
| - | uci commit | + | uci set firewall.@forwarding[-1].src=' |
| - | service firewall restart | + | uci set firewall.@forwarding[-1].dest=' |
| + | |||
| + | # Commit changes | ||
| + | uci commit | ||
| + | |||
| + | # Reboot | ||
| + | reboot | ||
| </ | </ | ||