search

YunoHost-Apps / zeroui_ynh

ZeroTier Controller Web UI, packaged for YunoHost
GNU General Public License v3.0
0 stars 2 forks source link

Access Domain Names via ZeroTier Network #7

Open laguill opened 2 months ago

laguill commented 2 months ago

Hello,

I've recently installed ZeroTier UI, and it's working great for accessing my server using its ZeroTier network IP address. However, I would like to know if it's possible to make domain names reachable when connected to the ZeroTier network.

Thank you for your help!

laguill commented 1 month ago

Ok my mistake it is not possible to use a registered domain name. topic

I was confused because I managed to get a registered domain name even if I did not open any port on my router.

BTW ztnui app seams to be easier to manage a zerotier network.

laguill commented 3 weeks ago

After several attempts and exchanges with @tituspijean, I’ve made some progress on the solution. However, I still can’t reach my Yunohost server when I’m connected via Zerotier. I can only access it by connecting with the Zerotier network IP.

I don't know how to debug this issue

laguill commented 3 weeks ago

Here is what I currently wrote about this issue.

Configure ZeroTier

Open zerotierui or zeroUI to get the ip on the zerotier network.

Make sure that your server (for me, its IP is 10.0.0.3) and your client are on the same ZeroTier network and that they can ping each other with their ZeroTier addresses.

ping -c 5 10.0.03

Configure the Server

Let’s ensure the server forwards traffic correctly.

sudo -i
mkdir -p /etc/yunohost/hooks.d/post_iptable_rules
touch /etc/yunohost/hooks.d/post_iptable_rules/95-zerotier
chmod +x /etc/yunohost/hooks.d/post_iptable_rules/95-zerotier

Get the name of the ZeroTier interface (it starts with "zt") and the primary network interface, like "eth0."

To get $WAN_IFACEand $ZT_IFACE

ip address

image

In my case:

$WAN_IFACE = enp2s0
$ZT_IFACE = zt77dhnf6e

Then edit the file:

nano /etc/yunohost/hooks.d/post_iptable_rules/95-zerotier

Edit it according to your interfaces (add rules to iptables):

#!/bin/bash

# shell variables
export WAN_IFACE=enp2s0
export ZT_IFACE=zt77dhnf6e

# rules
iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $ZT_IFACE -o $WAN_IFACE -j ACCEPT

exit 0

Run the script:

/etc/yunohost/hooks.d/post_iptable_rules/95-zerotier

Validate with iptables-save (check that the lines with zt... are listed)

iptables-save

Configure the ZeroTier Network

In the ZeroTier network interface ➡️ Advanced ➡️ Managed routes, make sure to have 0.0.0.0/0 via 10.0.0.3.

image

laguill commented 3 weeks ago

I don't where to find the error If you can explain how to ping my server when I am connected only on zerotier network

Thanks you for your help