This seems to be the simplest pattern for getting remote access to your LAN. It doesn't require access to the LAN's router or have some of the pitfalls of bridging. This requires a Linux PC or VM, something that runs iptables, on your LAN. A raspberrypi works. This is a NAT/Masquerade setup.
If you have a router that can run zerotier, you should use that instead of this article. Many router vendors and operating systems have zerotier packages.
Possible Disadvantages:
No broadcast/multicast across networks (but the mobile OS's don't allow this anyways).
Can't initiate connections from the LAN to an external ZeroTier client.
...
Required information
For Example:
Info | Example | Shorthand Name Below |
---|---|---|
ZeroTier Network ID | d5e04297a19bbd70 | $NETWORK_ID |
ZeroTier Interface Name | zt7nnig26 | $ZT_IFACE |
Physical Interface Name | eth0 | $PHY_IFACE |
ZeroTier subnet | 172.27.0.0/16 |
|
Physical subnet | 192.168.100.0/24 | $PHY_SUB |
ZeroTier IP Address of "Router" | 172.27.0.1 | $ZT_ADDR |
Install ZeroTier
https://www.zerotier.com/download/
...
This adds another route to every device joined to the ZeroTier network.
Destination | (Via) |
---|---|
$PHY_SUB | $ZT_ADDR |
For example:
Destination | (Via) |
---|---|
192.168.100.0/23 | 172.27.0.1 |
Configure the destination route as slightly larger than the actual physical subnet, here /23 instead of /24 (a smaller number is a bigger subnet in this notation) This makes devices that are on both the physical and the ZeroTier network prefer the physical connection.
...
Code Block |
---|
sudo iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE sudo iptables -A FORWARD -i eth0$PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT |
...