Finally, the video you have been asking for. How to quickly set up Zerotier in a MikroTik router. ARM/ARM64 MikroTik router required for this tutorial. help.mikrotik.com/docs/displa...
I just got myself a hAP ac2 and put zerotier on, followed your guide, put in a couple of routes, now I can access my NAS and raspberry pi from anywhere from my phone etc. I am really pleased. next I'll set it up for my wireshark packet capture devices and raspberry pi drop boxes.😀
I’ve had opnsense running in a VM with routes in my CCR2004 to get to ZT, was happy to replace it with the new ZT integration in routerOS, and it’s been working amazing
One thing is missing :) for this to work you need to enable managing on the zerotier interface. Mine was off by default. Also if you want to route traffic both ways you can change the NAT masquarade setting to have ALL as output interfaces. These settings made it work for me.
I've been using ZT since it was available in ROS 7, it has a lot of potential! Downside is that there is no hardware encryption available at least on ARMv7 (32bit) and the CPU gets overloaded quickly delivering low throughputs. I had no chance to test it on ARMv8 (64bit) so far, hopefully it performs better.
Have you tried latest versions? We see 0% CPU use in idle, and only slight increase with traffic. Also, try to direct only needed traffic through it, not all of it.
if you have a small 1u rackmount XEON server, load router OS on a VM, allocate enough CPU power, and use that as you gateway from outside... especially if you have access to multiple static IP's from your ISP... you can setup OSPF from your main router to deal with whatever device IP is needed from the ZT VM Router... if you have a better solution, please teach me haha
@@mikrotik I always use latest versions. The issues isn't CPU usage when idle, it is CPU usage when transferring data via ZT due to encryption. It seems that there is no hardware offloading available as in IPSec and that a pity. For example, using a hAP ac2 I cannot squeeze more than 20mbps via ZT because the CPU stresses out.
@@mikrotik Agreed, but when using containers on the same router, tailscale will help exposing them directly into the tailnet in addition to the LAN. For ex. PiHole container can be both LAN and tailnet DNS server by putting router’s Tailscale IP address in the tailscale settings.
the version of zerotier on tik is slightly old? also, how do we implement policies when running the self hosted controller? It seems that a couple of feature are missing, otherwise this is a great package. And yes, as others have said there appears to be no h/w acceleration
@@mikrotik Thanks for the quick reply. That's a totally valid point. It's just the competition (pfSense, OpenWRT comes to my mind) already supports running Tailscale. The one thing I absolutely loved about Tailscale is just how easy is to run exit node (it's just pressing two or three buttons and you're done!) I can understand that supporting yet another feature on RouterOS isn't as straightforward as it may sound. Perhaps consider making a video on how to setup exit nodes on Zerotier and funneling your devices traffic running behind MikroTik through your chosen node.
CCR1xxx are on TILE cpu... not ARM. We can use WireGueard + VxLAN or old school BCP+EoIP. But WG often stops communication and cannot be used for now as production (SUP-94949)
@@chumly8596 even if all traffic doesn't go through the cloud, some communication is happening, and you can't be sure what exact information can be passed to their servers. Ability to use own server is nice, but that will defeat the advantage of simplicity of this type of VPN.
This is great, but I'll have to get all new routers for it to be of any use to me since mips isn't supported 😕🤷 Is there any chance of mips being supported in the future? I have been using ZT for a long time via routing on a raspberry pi, but it works be really nice to host it off the Mikrotik itself.
Great! Every routerboards that I used in my customer's are RB750Gr3. So now, I will need to buy a new RB ARM model to each customer to user this feature. Congratulations Mikrotik!!
@@mikrotik HEX/HEX S MSRP is $60/80. All the RB models you mentioned have MSRP between $180-220. MSRP for the HAP AC2 is $80. And both HEX and HAP AC2 have 5 ethernet ports, what do you mean it has less ports? I guess the only thing that meets the criteria I asked about is the HAP AC2. It's too bad the CCR1000 series can't run ZT either.
Is it possible to route all the traffic of one pc through another one? I managed to see my home PC at the office using ZeroTier but I could not route all the office traffic through my PC at home.
what about IPv6? Will it works with IPv6, if I only have a IPv6 on my MikroTik WAN Interface (no native IPv4) and will it connect from anywhere to my locally NAS, which is behind my Mikrotik RouterOS? Thanks for your great work and information in your videos!
ZeroTier works over IPv6 (including v6 only) only and can provide IPv6 (again including v6 only) addressing. It has a special automatic addressing scheme to derive a per node /128 address from the network and node ID. This addressing mode avoids the costs of next hop resolution (NDP/ARP proxying, multicast or in the worst case broadcasts) by embedding the node ID into the IPv6 host addresses. Combined with filter rules to allow only unicast traffic between the provisioned addresses this allows scaling to very large networks by avoiding the control plane "chatter" normally required to provide a convincing Ethernet overlay. It's perfect for management via SSH or (encrypted) API, but won't support your old local multiplayer games.
I don't like how ZT relies on a cloud service. When it comes to networks, I want to handle everything myself. Trusting a cloud provider for your networking seems as smart as trusting Russia for your gas supplies.
In what way is performance low? In megabits, or in CPU usage? Zerotier needs a little bit of time to find the optimal path between networks. It could be slow in beginning, but will become faster later. It's not a direct tunnel between networks, it goes in different paths than regular VPN
@@mikrotik Fair enough. But you have a legion of Tilera CCR units out there, a lot of which are quite recent, that you have condemned as out of the ZEROTIER game .. A quick search on your site for routers based on TILE (using the filter) still shows up the following Ethernet routers - CCR1009-7G-1C-PC, CCR1009-7G-1C-1S+, CCR1009-7G-1C-1S+PC, CCR1016-12G, CCR1016-12S-1S+, CCR1036-12G-4S, CCR1036-8G-2S+, CCR1036-12G-4S-EM, CCR1036-8G-2S+EM, CCR1072-1G-8S+.
Dear, @Mikrotik, I have tried installing zerotier on my mikrotik crs326 ARM device with routeros version 7.11.2, i load the package and when i reboot the device on the next start i don't see the menu of zerotier...where is the problem?
Dear, @Mikrotik, I have tried installing zerotier on my mikrotik CCR1009-7G-1C-1S+ i have failed is there a way of going about it. Have tried two methods, upgrading to RouterOs 7.7 , have also tried uploading it from the extra packages. To no avail. What am i missing here.🤔🤔
My advice is to get an ARM based MikroTik device to have all the latest features and best performance. A lof of effort is going into development for ARM now.
same here with any arm hardware. speed very slow only when i install zt on mikrotik and push the lan route in zt web gui. if i install zt agent directly in every workstation without routes then works fine. any ideas??
I followed this video exactly. I can see my router and desktop in zerotier central, they have assigned ips, I did the routing correct and added the firewall rule. Yet.. I cannot ping my router from my remote desktop, nor does it pass any traffic. Anyone else run into this problem? Thanks in advance.
Mikrotik HAP AC2 (Arm) zerotier not connecting. Mikrotik setup totally in bridge mode and no firewall rules. Zerotier online on device for a day then it still shows connected in the Zerotier panel but cannot ping to device or from device. disabling zerotier instance and re enabling it only show requesting information private. deleting instance has the same effect. I can only upgrade and after the restart it will re connect for one more day. after that I will need to downgrade the O.S (From 7.6 to 7.4.1) re install zerotier and then it connects again. I suspect network issues as I have the same problems on other of the same carrier on windows 10 and windows 11. Those however I have a task scheduler to disable service and re enable after 15min which then works. However not all clients on same carrier have the issue. I have multiple other clients using same Mikrotik or windows clients that work without problems. carrier support just says the do not have anything that can cause this problem.
You don't listen to audio which is published - please use something like Elgato if you don't edit audio and use oversensitive microphones. So many videos are ruined here :/
What exactly is the problem? The audio sounds fine on several types of devices - our studio monitors, a laptop, a regular PC with a Bluetooth speaker. Not sure what you mean..?
