search

mwarning / zerotier-openwrt

A OpenWrt package for ZeroTier One - Pull requests are welcome!
697 stars 146 forks source link

When using zerotier, I encountered a strange problem, please solve it! #77

Closed openwrtdiy closed 4 years ago

openwrtdiy commented 4 years ago

I have multiple routers, two of which have zerotier exit line VPN, and they are not WAN interface lines! I don't know where is the problem?

Router firmware system: OpenWrt-19.07 The version numbers of zerotier are as follows: PKG_NAME:=zerotier PKG_VERSION:=1.4.6 PKG_RELEASE:=1

ogarcia commented 4 years ago

But, What is exactly your problem? Please describe your setup, what is happening to you and what did you expect to happen.

openwrtdiy commented 4 years ago

But, What is exactly your problem? Please describe your setup, what is happening to you and what did you expect to happen.

I hope that Zerotier uses the physical interface wan when connecting to the Internet, and not the virtual interface VPN. When I log in to the background https://my.zerotier.com/network, I find that the Physical IP registered on my zerotier member device is the actual IP of the VPN account on my router. I used a simple configuration:

mkdir -p /etc/zerotier-one uci del zerotier.sample_config uci commit zerotier uci set zerotier.default=zerotier uci set zerotier.default.enabled=1 uci set zerotier.default.config_path=/etc/zerotier-one uci set zerotier.default.port=9993 uci add_list zerotier.default.join=af415exxxxxxe009 uci commit zerotier

uci set network.lan=interface uci set network.lan.type=bridge uci set network.lan.ifname=eth0.1 uci set network.lan.proto=static uci set network.lan.ipaddr=192.168.100.1 uci set network.lan.netmask=255.255.255.0 uci set network.lan.ip6assign=60 uci set network.wan=interface uci set network.wan.ifname=eth0.2 uci set network.wan.proto=dhcp uci set network.wan.metric=10 uci set network.wan6=interface uci set network.wan6.ifname=eth0.2 uci set network.wan6.proto=dhcpv6 uci set network.wan6.reqaddress=try uci set network.wan6.reqprefix=auto uci set network.vpn=interface uci set network.vpn.proto=pptp uci set network.vpn.server=xxxxxxxxx.com uci set network.vpn.username=xxxxxx uci set network.vpn.password=** uci set network.vpn.ipv6=0 uci set network.vpn.defaultroute=0 uci commit network

ogarcia commented 4 years ago

If you do ip route what is your default route? (Something like this: default via 192.168.1.1 dev pppoe-wan proto static)

openwrtdiy commented 4 years ago

After my self-examination, I found that the problem was in the firewall forwarding.

uci add firewall rule uci set firewall.@rule[-1].name=Allow-ZeroTier-Inbound uci set firewall.@rule[-1].src=* uci set firewall.@rule[-1].target=ACCEPT uci set firewall.@rule[-1].proto=udp uci set firewall.@rule[-1].dest_ port=9993 uci commit firewall