Hi! I'm glad you liked the video. Please stay tuned for more interesting videos (as soon as I'm back from vacation). Thanks for your comment. It's great. Load balancing outgoing traffic is not that easy as it seems :) I have it on my todo video list. Cheers!
Hi! Unfortunately I'm not that familiar with Cudy brand. Do you know if it's using OpenWRT software? BTW Have you tried establishing ZeroTier connection to the router and then selecting "Allow Default Route Override" option on the ZeroTier Client?
Hi, im trying to setup the exit node on my raspberry pi, which is also the PiHole, but it's not working. I can't ping the pi and the pi can't ping the host, and i lose internet connection when i allow the default manage route to the pi. The netstat commands are also not working. Im new to this. Using windows, and ssh to the pi.
Hi! I would start troubleshooting with identifying if both win and RPI are connected to the ZT network. - go to ZT web console and check if both devices are there, auth tick is there, last seen is 1 minute ago - go to RPI console and do "zerotier-cli listnetworks" - it should be "OK PRIVATE and then the IP address" - go to RPI console and do "zerotier-cli peers" - there shuold be a list of IPs (DIRECT or RELAY) along with lastTX/RX - go to Windows zerotier client and check if the connection status shows OK Above will tell you if either RPI or ZT have any issues. - if above are OK then try pinging from windows to RPI via the zerotier IP (that you get from the ZT web console) If Windows is not connecting try disabling firewall. If RPI is not connecting then we need to take a look at RPI firewall. BTW Over the weekend I'll be doing a short video on setting up Exit Node with TailScale so you can also try that (it's very similar technology to ZeroTier) and it's easier to setup.
@@LinuxCloudHacks "- go to Windows zerotier client and check if the connection status shows OK Above will tell you if either RPI or ZT have any issues." Where can I check for the OK? All the other steps seem to work. Pinging via zerotier works bothways from and to pi and windows. Currently, the only issue I have now is that adding the pi ZT IP to manage routes and then allowing default override will still show the original IP address and not the exit node one. Funnily, I got tailscale working so that's good, but I'd still like to try ZeroTier. Cheers
@@Kevin_D_Y If you have ping between nodes using ZT addresses that's good. Now few things: - check in the zerotier management page if you have 0.0.0.0 via RPI zerotier IP added - check if RPI has forwarding enabled, you can check that with "sysctl net.ipv4.ip_forward", it should return 1 - check if RPI has masquerade/snat enabled (for example "iptables -t nat -nvL) or "nft list ruleset" depending on what you are using - finally on the windows client select "allow default route override"
Hello! Both ZT and Tailscale are solid options. If you are happy with Tailscale then there's no point in switching. For me: - Tailscale is much more user friendly and has better and more consistent UI. You can setup exit node if just few clicks. (+ for Tailscale) - Tailscale - joining a device based on identity (like gmail), very nice feature (+ for Tailscale) - Tailscale uses Wireguard as the tunneling technology vs ZT has it's own proprietary protocol (+ for Tailscale) - Tailscale has built-in DNS (+ for Tailscale) - Tailscale has a Internet tunnel support in their paid option (something like Cloudflare's CloudflareD) (+ for Tailscale, but Cloudflare's one is better in my opinion) However in favor of ZeroTier: - You cannot self-host Tailscale (+ for ZeroTier) - Zerotier has Mikrotik support (+ for ZeroTier) - Zerotier can tunnel Layer2 traffic (+ for ZeroTier) So for some use cases like managing Mikrotik devices or bridging network with Layer2 networks it's better to go with ZT.
hello, have you done iperf3 tests? I made a zerotier controller on mikrotik 5009, the ends are mikrotik 3011 - symmetrical links 1Gb/s and I have a transfer of 40-50 mbps how does it look for you? regards Daniel
Hi, Are you running ZT on those 3011? If yes then unfortunately 3011 cpu is not that great. For site to site I would look at Wireguard or IPSEC (unless you need a mesh VPN like ZT). On MTs I'm using ZT only for management. I can run a ZT benchmark on my 5009 but from the top of my head it was way behind Wireguard or IPSEC.
@@LinuxCloudHacks Hi, that's right, 3011 is a bit weak and it would be used as a client's end; I'll replace 3011 with 4011 and then with 5009 - I'll compare; then it's time for CCR regards Daniel
@@DanelSwitalski If you have public IPs then I would definitely recommend going Wireguard or IPSEC route as you'll get much better performance than ZeroTier. BTW if you go CCR then it needs to be ARM based CCR (and not TILE - the 1xxx series).
@@LinuxCloudHacks Hi, I have public IP addresses - I work for an ISP; My tests are aimed at implementing zerotier as a service for us as an operator, without the participation of the zerotier portal - they charge for a larger number of connections; Yes, I know that ARM and ARM64 I would like to replace L2 data transmission with zerotier L3 at least 50% efficiency Best regards Daniel
