In watching the latest Home Lab Show regarding ZT,
folks had asked if you could put ZT on pfSense.
Why would you do that? Wouldn’t that just provide
access to the pfSense box?
If I wanted to have access to my “whole LAN”
wouldn’t I have to have the ZT client on each device?
Thanks for any help
Think of Zerotier as a virtual switch. Your phone and your PFSense can be connected to this switch, via the ZeroTier software. They will also each be assigned an IP address on the virtual ethernet port that shows up on the phone and the router, which is how you can access the router from your phone.
Now, like VPNs, when you connect to Zerotier Central (assuming you are using that service) your phone can be pushed a route like “192.168.10.0/24 → 172.23.0.5” (if 172.23.0.5 is the ZT IP for your router, and 192.168.10.0/24 is you LAN).
You could also push a route like “0.0.0.0/0 → 172.23.0.5”, and now the phone is using the router as its default gateway (sending all traffic through the router like a regular VPN). If you want to do this there is additional documentation you should read: https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode
Thank you!. Much appreciated