Versions Compared

Old Version 10

changes.mady.by.user Travis LaDuke

Saved on

compared with

New Version Current

changes.mady.by.user Travis LaDuke

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Physical LAN Subnet

  • Physical LAN DHCP Range

  • ZeroTier Auto-Assign Range

  • Default Gateway IP Address (the router)

  • Bridge IP Address (will be statically assigned)

  • Create a new ZeroTier network and get the ID. Keep the an old one network around for secondary way to connect any devices already using ZeroTier.

The DHCP range and ZeroTier Auto-Assign range should be in the same subnet, but not overlap. You’d probably base this off what is already configured on your router.

An example plan:

Name

Value

Referred to below as

Physical LAN Subnet

192.168.192.0/24

 

Physical LAN DHCP RANGE

192.168.192.65 through 192.168.192.126

 

ZeroTier Auto-Assign Range

192.168.192.129 through 192.168.192.190

$ZT_POOL

ZeroTier Managed Route

192.168.192.0/23

$ZT_ROUTE

Default Gateway IP Address

192.168.192.1

$GW_ADDR

Bridge IP Address

192.168.192.2/24 (or use DHCP)

$BR_ADDR

ZeroTier Network ID

d5e04297a19bbd70

$NETWORK_ID

ZeroTier Network Interface Name

zt3jnwghuq

$ZT_IF

Get your bridge device up and running.

...

Code Block
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf;
sudo systemctl enable systemd-networkd;
sudo systemctl enable systemd-resolved;
sudo systemctl enable systemd-timesyncd;

  1. Configure interfaces

    Code Block
    sudo zerotier-cli set $NETWORK_ID allowManaged=0

    Write Network Configuration files. Puts ethernet and zerotier into the bridge, configures the bridge with a static IP. See below for DHCP configuration on the bridge.

    Code Block
    cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0.network
[Match]
Name=$BR_IF

[Network]
Address=$BR_ADDR
Gateway=$GW_ADDR
DNS=1.1.1.1
EOF

cat << EOF | sudo tee /etc/systemd/network/br0.netdev
[NetDev]
Name=$BR_IF
Kind=bridge
EOF

cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0-zt.network
[Match]
Name=$ZT_IF

[Network]
Bridge=$BR_IF
EOF

cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0-en.network   
[Match]
Name=eth0 # might be en*

[Network]
Bridge=$BR_IF
EOF

    Review configuration

    Code Block
    tail -n+0 /etc/systemd/network/*

    If needed, edit the files with the editor of your preference.

    If it looks good:

    Code Block
    sudo reboot

    You should be able to, from the physical LAN, connect to the Pi via $BR_ADDR

If it takes a long time waiting for the network during boot.

...

Appendix

  1. Configure bridge with DHCP

    Code Block
    cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0.network
[Match]
Name=$BR_IF

[Network]
DHCP=yes
EOF

I can ping the bridge, but not behind it

...

https://serverfault.com/questions/162366/iptables-bridge-and-forward-chain

FAQ

  1. Why is the Managed Route /23 and the LAN subnet /24?

    Say you have a laptop that is on the ZeroTier network and you bring it home. Now it’s WiFi address and ZeroTier address are in the same subnet. Which interface/address should your laptop use for internet access? https://en.wikipedia.org/wiki/Longest_prefix_match

  2. Why is an app on my phone not working over ZeroTier?

    Unfortunately the iOS and Android VPN APIs won’t let ZeroTier use multicast/broadcast. These are typically how apps auto-discover services on the LAN. 😭 Stay tuned for an article on bridging a ZeroTier network and a WiFi access point.

References

...