Hi, I purchased a MikroTik SPF+ switch and see that ZeroTier has been added to RouterOS.
My initial use case for the switch was to expand the number of SPF+ ports in my network, but now that I can run ZT on the switch, I wonder if it is possible to use it as a VPN device into my LAN.
I’ve seen a few posts and video that suggest this is possible, but have not found any instructions on how to do it. I think the steps are enable ZT on the switch. This will create a ZT interface. Then bridge the ZT interface with the rest of the ports on the switch. Does that sound about right? Do I need any forwarding rules? Has anyone tried this and willing to share their experience?
That might be useful to me as I think ZeroTier connects to a server to manage the connection. I’m behind a CG-NAT connection so no public IP at all and no way to forward ports. So this might be an option that I’ll have to eventually check out.
I tried to follow this video, and got as far as being able to ping the MikroTik device (using its LAN address of 192.168.1.2) via ZT from an iPad on cellular, but I can’t see/ping any other devices on my LAN.
If anyone has set this up, some help will be greatly appreciated! Thank you!
You do not need to append your zerotier interface to the bridge.
The only thing you need is a masquerade rule.
Create a masquerade nat rule with source of your local internal subnet and destinaton of your zerotier subnet.
For example, where src-address is your internal subnet, dst-address is your zerotier subnet:
/ip firewall nat add chain=srcnat src-address=192.168.1.0/24 dst-address=192.168.192.0/24 action=masquerade
After this, you should be able to access your devices via zerotier.