Scribd Logo
Upload

Welcome to Scribd!

  • Zerotier Openwrt

    Uploaded by

    Jorge
    204 views6 pages
    This document provides instructions for routing ZeroTier clients into an OpenWRT/LEDE local area network (LAN). It describes how to set up ZeroTier on an OpenWRT/LEDE router, configure it to join a ZeroTier network, and set up routing so that ZeroTier clients receive IP addresses and can access the LAN. It also provides tests to validate the configuration is working and allows ZeroTier clients to connect to each other and access the LAN.

    Original Description:

    zerotier-openwrt

    Original Title

    zerotier-openwrt

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for routing ZeroTier clients into an OpenWRT/LEDE local area network (LAN). It describes how to set up ZeroTier on an OpenWRT/LEDE router, configure it to join a ZeroTier network, and set up routing so that ZeroTier clients receive IP addresses and can access the LAN. It also provides tests to validate the configuration is working and allows ZeroTier clients to connect to each other and access the LAN.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    204 views6 pages

    Zerotier Openwrt

    Uploaded by

    Jorge
    This document provides instructions for routing ZeroTier clients into an OpenWRT/LEDE local area network (LAN). It describes how to set up ZeroTier on an OpenWRT/LEDE router, configure it to join a ZeroTier network, and set up routing so that ZeroTier clients receive IP addresses and can access the LAN. It also provides tests to validate the configuration is working and allows ZeroTier clients to connect to each other and access the LAN.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 6

    目录

    目录

    目录 1
    Home 2
    Layer 3 Routing of ZeroTier clients into an OpenWRT/LEDE LAN 2
    ZeroTier setup on OpenWRT/LEDE 2
    Installation 2
    Create your ZeroTier network 2
    Configure ZeroTier on your OpenWRT/LEDE router using UCI 2
    Join your ZeroTier network with OpenWRT/LEDE 3
    Configure the routing within OpenWRT/LEDE 4
    Tests 5
    How to compile ZeroTier using uClibc++ 5

    1/6
    Home

    Home

    Layer 3 Routing of ZeroTier clients into an OpenWRT/LEDE LAN


    ZeroTier setup on OpenWRT/LEDE

    Installation
    If not already installed, install ZeroTier on your router. On my router a TP-Link TL-WDR4300 with lede-17.01 branch (git-17.290.79498-d3f0685) /
    LEDE Reboot 17.01.4 r3560-79f57e422d I had to manually install the ZeroTier (1.1.14) package with the following commands:

    root@LEDE:~# opkg update


    root@LEDE:~# opkg install zerotier
    Installing zerotier (1.1.14-4) to root...
    ...
    Installing kmod-tun (4.4.92-1) to root...
    ...
    Installing ip-tiny (4.4.0-9) to root...
    ...
    Configuring kmod-tun.
    Configuring ip-tiny.
    Configuring zerotier.
    Generate secret - please wait...
    root@LEDE:~#

    ZeroTier service will autostart and join you to the public virtual network called Earth with network ID 8056c2e21c000001 . Because this is
    maybe not what you want, you should stop the ZeroTier service for now:

    root@LEDE:~# /etc/init.d/zerotier stop

    Create your ZeroTier network


    If not already done, create a network on any kind of ZeroTier controller. At least you could use the free service at https://my.zerotier.com to create a
    network.

    My network setup looks like this (! not my real one !):

    ZeroTier Controller
    -------------------
    Network ID: 8ad5123ed69d6f69
    IPv4 Auto-Assign (advanced)
    [x] Auto-Assign from Range: 172.28.28.1-172.28.28.255
    Managed Routes:
    172.28.28.0/24 (LAN)
    192.168.1.0/24 (172.28.28.1)
    IPv6 Auto-Assign
    [ ] ZeroTier RFC4193 (/128 for each device)
    [ ] ZeroTier 6PLANE (/80 routable for each device)
    [ ] Auto-Assign from Range

    Configure ZeroTier on your OpenWRT/LEDE router using UCI


    The initial start of ZeroTier has created some unique files like your public/private key pair

    /var/lib/zerotier-one/identity.public # Your ZeroTier public key


    /var/lib/zerotier-one/identity.secret # Your ZeroTier private key
    /var/lib/zerotier-one/authtoken.secret # Your authentication token for the API (if ever needed)

    A look at the uci config should show something like this:

    root@LEDE:~# uci show zerotier


    2/6
    Home

    zerotier.sample_config=zerotier
    zerotier.sample_config.enabled='1'
    zerotier.sample_config.interface='wan'
    zerotier.sample_config.join='8ad5123ed69d6f69'
    zerotier.sample_config.secret='aabbccddee:0:5415e8....many...more...characters'

    The zerotier.sample_config.secret is the content of /var/lib/zerotier-one/authtoken.secret

    Join your ZeroTier network with OpenWRT/LEDE

    SSH into your OpenWRT/LEDE router.

    First we will disable the default sample_config of ZeroTier using the uci command line interface:

    root@LEDE:~# uci set zerotier.sample_config.enabled='0'

    Then we will configure a new ZeroTier connection with name lede_network using uci

    root@LEDE:~# uci set zerotier.lede_network=zerotier


    root@LEDE:~# uci set zerotier.lede_network.interface='wan'
    root@LEDE:~# uci set zerotier.lede_network.secret="$(cat /var/lib/zerotier-one/identity.secret)"
    root@LEDE:~# uci add_list zerotier.lede_network.join='8ad5123ed69d6f69'
    root@LEDE:~# uci set zerotier.lede_network.enabled='1'
    root@LEDE:~# uci commit zerotier

    Hint: The zerotier.lede_network.join config variable is a so called list.

    If you want to remove a network ID from the list use the following command:

    root@LEDE:~# uci del_list zerotier.lede_network.join='<network id to remove from to join list>'

    Now verify that /etc/config/zerotier represents your config, mine looks like this:

    root@LEDE:~# cat /etc/config/zerotier

    config zerotier 'sample_config'


    option interface 'wan'
    list join '8056c2e21c000001'
    option secret '<very long secret number>'
    option enabled '0'

    config zerotier 'lede_network'


    option interface 'wan'
    option secret '<very long secret number>'
    option enabled '1'
    list join '8ad5123ed69d6f69'

    As you can see, the sample_config is not enabled while lede_network is enabled.

    If it looks similar on your end, reboot your router. (Yes, you must actually reboot your router here)

    root@LEDE:~# reboot

    After the reboot re-login using SSH and verify the zt0 interface. The interface zt0 should be up and running

    root@LEDE:~# ifconfig zt0


    zt0 Link encap:Ethernet HWaddr 6A:2D:25:D7:33:02
    inet6 addr: fe80::682d:25ff:fed7:3302/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:2800 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
    3/6
    Home

    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:738 (738.0 B)

    and your ZeroTier client should be in state online :

    root@LEDE:~# zerotier-cli info


    200 info 41c7017c10 ONLINE 1.1.14

    After some time, your LEDE router should appear within your controller (my.zerotier.com or on your self-hosted one).

    Make sure you Auth orize the client, so it can pickup an IP from your network. Because we want to later route all traffic of all members of our
    ZeroTier Network ID into our LAN we make sure, that the ZeroTier IP address of our OpenWRT/LEDE router is fixed to 172.28.28.1 by setting it up
    manually within the ZeroTier controller (eg. my.zerotier.com).

    Hint If you change any network settings for the ZeroTier client running on your OpenWRT/LEDE router you should reboot the router, because it will
    sometimes not pick up the changed configuration!

    After authorization of the OpenWRT/LEDE router as a ZeroTier client and after a reboot of your router, the router should pickup the config of your
    network (eg IP address) for its zt0 interface:

    root@LEDE:~# ifconfig zt0


    zt0 Link encap:Ethernet HWaddr 6A:2D:25:D7:33:02
    inet addr:172.28.28.1 Bcast:172.28.28.255 Mask:255.255.255.0
    inet6 addr: fe80::d432:6dff:febe:dfc4/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:2800 Metric:1
    RX packets:699 errors:0 dropped:0 overruns:0 frame:0
    TX packets:707 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:71677 (69.9 KiB) TX bytes:236370 (230.8 KiB)

    It is now a good time to backup the configuration of your OpenWRT/LEDE router before you continue.

    Configure the routing within OpenWRT/LEDE


    Currently we have the following setup:

    WAN-Interface of the OpenWRT/LEDE router : a public IP on the internet


    IP-Range of the LAN switch on the OpenWRT/LEDE router : 192.168.1.0/24
    IP-Address of the zt0 interface on the OpenWRT/LEDE router : 172.28.28.1
    ZeroTier network route on the OpenWRT/LEDE router : 172.28.28.0/24 via zt0

    Now we have to do some final setup within the web interface of the OpenWRT/LEDE router:

    Go to Network->Interfaces , click on Add new interface and enter the following settings:

    Name of the new interface : ZT0


    Protocol of the new interface : Unmanaged
    Create a bridge over multiple interfaces : [ ]
    Cover the following interface : [x] zt0

    Click on Submit and then on Save and Apply .

    Then go to Network->Firewall , click on Add to create a new zone with the following settings:

    Name: zero
    Input: accept
    Output: accept
    Forward: accept
    Masquerading: [ ]
    MSS clamping: [ ]
    Covered networks: [x] ZT0:
    [ ] lan:
    [ ] wan:
    [ ] wan6:

    4/6
    How to compile ZeroTier using uClibc++

    Inter-Zone Forwarding
    Allow forward to destionation zones: [x] lan:
    [ ] wan: wan6:
    Allow forward from source zones : [x] lan:
    [ ] wan: wan6:

    Click on Save & Apply

    I would now reboot the router again to make sure all the config is applied correctly.

    Tests
    Any ZeroTier client that now joins your ZeroTier Network (in my example: 8ad5123ed69d6f69) should automatically receive an IP address out of the
    172.28.28.0/24 range while the ZeroTier client already running on your OpenWRT/LEDE router has a fixed address of 172.28.28.1 . Because of the
    route we set for the ZeroTier network within the ZeroTier controller at my.zerotier.com (192.168.1.0/24 via 172.28.18.1) any of your ZeroTier
    network members can now reach LAN-IPs (192.168.1.0/24) behind your OpenWRT/LEDE router. Also allo ZeroTier clients (172.28.28.0/24) can
    reach each other.

    How to compile ZeroTier using uClibc++


    Note: Zerotier >1.1.14 cannot be compiled with uClibc++ anymore.

    Install uClibc++

    wget http://cxx.uclibc.org/src/uClibc++-0.2.4.tar.bz2
    tar -xvjf uClibc++-0.2.4.tar.bz2
    cd uClibc++-0.2.4
    make

    Now put this in the top section of Makefile in ZT source folder:

    UC_INC=~/uClibc++-0.2.4/include
    UC_LIB=~/uClibc++-0.2.4/src

    LDFLAGS+= -L$(UC_LIB) -pthread


    LDLIBS+= -L$(UC_LIB) -pthread -fno-builtin -nodefaultlibs -Wl,-Bstatic -luClibc++ -Wl,-Bdynamic -lpthread -lm -lc -lsupc++ -lc -lgcc -lgcc_eh -lgcc_s -lpthread -lm
    CXXFLAGS+= -fno-builtin -nostdinc++ -I$(UC_INC) -DGCC_HASCLASSVISIBILITY -Wall -fPIE -fvisibility=hidden

    Now call make .

    5/6
    How to compile ZeroTier using uClibc++

    6/6

    You might also like