Closed mwoz123 closed 1 week ago
We do not maintain that page (the OpenWrt wiki is maintained by the community), in fact on the page itself at the top of the page it tells you to always go to our wiki for the most up to date instructions.
That said, the instructions on that page are not entirely accurate. The easiest is to create both the interface and the zone with luci (it's more visual), but if you prefer the commands are as follows:
# Create interface
uci set network.ZeroTier=interface
uci set network.ZeroTier.proto='none'
uci set network.ZeroTier.device='ztks56k4sj'
# Create zone
uci add firewall zone
uci set firewall.@zone[-1].name='vpn'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'
uci set firewall.@zone[-1].masq='1'
uci add_list firewall.@zone[-1].network='ZeroTier'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='vpn'
uci set firewall.@forwarding[-1].dest='lan'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='vpn'
uci set firewall.@forwarding[-1].dest='wan'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='vpn'
# Commit changes
uci commit
If you realize before configuring the zone (the firewall) you have to create an interface so that the system works in the most orderly way possible. Nor is it necessary to create rules; it is simpler by default to allow traffic to and from the VPN since, by definition, it should be considered a secure network.
Thanks @ogarcia :) Appreciate your help especially as I've nearly no knowledge when it comes to firewalls... I'll check that once I'm back next week
Works:) thanks @ogarcia :)
Btw how about adding it to the wiki ? I was checking if I can edit/ create pr for it but seems public editing is disabled and gh doesn't handle pr for wiki...
btw., it would be nice to move the wiki to the OpenWrt Wiki. :-)
On the ZeroTier page of the OpenWrt wiki the first line reads:
Zerotier creates a virtual network between hosts. You may refer to zerotier-openwrt's official Wiki for the latest instructions.
I think that leaving it as it is is the most accurate because the OpenWrt wiki can be edited by anyone (and therefore put an exotic configuration that only works for that person) and yet our wiki is controlled. Using only the OpenWrt wiki would force us to be regularly checking that nobody makes changes that break the configuration and that is a pain.
In any case I have edited our wiki page and the OpenWrt wiki page and added what we have discussed here. :wink:
I get
Connection refused
when trying to login to zerotier ssh.I'm using:
I'm connected to network with openwrt device
and laptop.
I was doing step by step from documentation at https://openwrt.org/docs/guide-user/services/vpn/zerotier but it might be out dated:
as it seems to be created for fw3 and now openwrt uses fw4
full log: