I am having a slight problem understanding the concept in this post of yours, however.
My home local network is 192.168.1.XXX and my office local network is also 192.168.1.XXX
I have created a ZeroTier network that is assigning 10.145.20.xxx IPs.
I have 1 CE box at home and that has been auto assigned 10.145.20.2 lets say, and 10.145.20.3 for the office one. The LAN IPs for both are 192.168.1.2 and 1.3 respectively too, let us assume.
From my laptop, which is also on the same ZeroTier network, when I use 10.145.20.2 from any network (even remote) i can access the box at home and 20.3 for the box at office but I cant use 192.168.1.2 or 3 unless in the respective LAN to access them.
Is this correct behaviour? Your post seems to suggest otherwise. That the LAN IPs themselves suffice to access devices without remembering the ZT IPs. Please correct if my understanding is wrong. Thanks.
ZeroTier offers many alternatives, in your case where private networks have the same range of addresses, the best alternative is to address the devices using the IPs of the ZeroTier network 10.145.20.0/24. The behavior you suggest is correct.
I recommend that you leave the ZeroTier network only with:
10.145.20.0/24 -----> (LAN)
and don’t do any additional routing.
In this way, when you address a device with 192.168.1.0/24, it will only search the private network to which it is connected, and will not be able to look at the ZeroTier network.
It’s easy, just spend a little time thinking about the routing logic on each of the private networks and the ZeroTier network. A device connected to the ZeroTier network can see two networks, and if routing rules are not established the two networks are absolutely separate without a gateway between them.
In the last two years I have used the ZeroTier VPN network quite successfully but I have to admit that the smooth transmission of video stream is not guaranteed, even at 5 Mb/s, for this reason I continue to use ZeroTier as an alternative VPN network in case of WireGuard main VPN network failure that has no bandwidth limitations.
When managing unattended remote devices, there is always the possibility of failure of one of the VPN networks or devices, almost always in the software update processes. For this reason I am only using ZeroTier, much more robust than WG, to restore with SSH, SFTP or VNC the device that lost the WireGuard link.
People interested in VPN can take a look at tinc. Tinc creates a private net like ZeroTier but without a root server. It is a peer to peer network without the need of an external server which is not your own server.
ZeroTier has great advantages over other VPN networks: (1) it is very easy to configure, (2) it works behind a router, and (3) it is very robust with respect to updates, it never goes down. ZeroTier also has a major drawback: it requires connection to ZeroTier hosts as gateways to your virtual private network. When ZeroTier hosts have little work, everything is fine and there are no problems with the transmission of video streams, but when ZeroTier hosts are few or have a lot of workload, they are unable to maintain a minimum speed in a sustained way. The only thing the user can do is wait for ZeroTier to bring a sufficient number of hosts into service.
Regarding tinc, my opinion is worse than any other VPN network because I think that it needs the opening of ports in the router, in each and every one of the nodes, which is sometimes impossible.
I do not understand your question. The zerotier.com website allows you to create a virtual private VPN network in which you assign the permissions to each of the devices that want to enter this network. To enter this network from CoreELEC it is necessary to install the ‘zerotier-one’ service and execute the command ‘zerotier-cli join <your-vpn-network-id>’ once.
In the latest versions of zerotier I have seen that it is also necessary to execute the command
Hi there. I have created a network in zerotier and in zerotier central I have all the devices that I have added online. But when it comes to accessing them, I can’t do it. I cannot access the devices using the virtual IP created by zerotier. What do you have to do to access them?
If you see your devices online in your zerotier private network and you have defined the network domain correctly (for example 10.10.10.0/24) then you do not have to do anything. Install a service on one of your devices (for example tvheadend server on port 9981 of device 10.10.10.1 and 192.168.1.25) and enjoy this service on another device (for example 10.10.10.2) even if this device is very far away.
If you do not establish fordwarding rules each network interface is inaccessible from another remote address, for example 10.10.10.2 does not know how to get to 192.168.1.25, but it does know how to get to 10.10.10.1.
that’s exactly what I want to do. See the satellite channels of my deco, on the pc or on the mobile. I have tvheadend configured and running. zerotier has assigned a virtual ip number to my deco and another ip to my smartphone. I have tried to configure dreamdroid putting the virtual ip of the deco but it gives me a connection error.
I have installed dreamdroid on my mobile and it asks me for an IP address to connect and I supposed that I had to put the virtual IP address of the device to which I want to connect (I put the IP assigned by zerotier my deco). The truth is that I have no idea what I have to do!