CoreELEC and ZeroTier: A good couple

General Guides & How-tos
19

How to join two home networks with CoreELEC and zerotier (or CoreELEC as router)

Imagine that we want to join two home networks (for example, one in Germany and one in the Canary Islands) so that devices connected to a single zerotier network can access any device (including devices that are not connected to the zerotier network) of both networks.

We will need at least one CoreELEC device connected to the zerotier network in each of the home networks.

Scenario example:

Network zerotier:
Domain: 10.10.10.0/24
CoreELEC IP (A): 10.10.10.12
CoreELEC IP (B): 10.10.10.24

Home network A:
Domain: 192.168.8.0/24
CoreELEC IP (A): any (for example 192.168.8.34)

Home network B:
Domain: 192.168.4.0/24
CoreELEC IP (B): any (for example 192.168.4.25)

How to:

Zerotier Network routing rules:
10.10.10.0/24 -----> (LAN)
192.168.8.0/24 -----> 10.10.10.12
192.168.4.0/24 -----> 10.10.10.24

Routing rules in Home network A:
Add the following to /storage/.config/autostart.sh in CoreELEC (A):

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.pv4.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.rp_filter=2
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i zt+ -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Routing rules in Home network B:
Add the following to /storage/.config/autostart.sh in CoreELEC (B):

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.pv4.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.rp_filter=2
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i zt+ -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

Last step:

Forget about the zerotier network, the domain 10.10.10.0/24 and the devices 10.10.10.12 and 10.10.10.24. You don’t need it at all and everything works transparently.

In this way any device attached to your zerotier network has access to any device that belongs to domains 192.168.8.0/24 and 192.168.4.0/24. It works even behind a CGNAT or mobile network.

Be careful if you allow access to your zerotier network to a device controlled by untrusted people.

Note:

  • Replace eth0 with wlan0 if you are using a WiFi connection instead of ethernet

Applicable Uses:

  • Multimedia
  • Remote security cameras
  • Access to servers that cannot connect to the zerotier network

(updated 14/07/2021)

2 Likes