This post is the continuation of Part-1 of 2 part series. In Part-1, we have configured Raspberry Pi at home and made it a Gateway for ZeroTier virtual network. In this post, we will look at configuring a small travel router by GL-iNet to route traffic from all its connected clients via the ZeroTier Home Gateway.
What do you need?
- GL.iNET or any OpenWrt router
Configure OpenWrt router
We are going to configure GL.iNet mini router (OpenWrt firmware 19.07.x) to route all the internet traffic from all lan/wifi clients connected to it via the Home network through the Raspberry Pi ZeroTier Gateway.
Note: As I am using the GL.iNet mini router, some of the screenshots may vary with your router.
Go to your
Router Admin console, Applications -> Plug-ins. Click on ‘
Update‘, this will get all the list of available plugins.
Filter ‘All’ and search for ‘zerotier’, click on ‘Install’.
SSH to your travel router and configure ZeroTier client
Edit the /etc/config/zerotier file, modify below 2 lines
option enabled '1' list join '<yournetworkid>'
Start the zerotier
/etc/init.d/zerotier enable /etc/init.d/zerotier start
Go to my.zerotier.com, and authorize the device. Note the IP address assigned to this device (ex: 10.147.18.50).
In your route shell, run
ifconfig, you can see a new interface with a name starting with ‘zt’ added and the IP from zerotier network assigned as shown on the ZT settings page.
In your router Admin console, go to ‘
Advanced‘, which will open Luci settings page.
Go to ‘Network’ -> ‘Add Interface’ with below details
|Interface||ztxxxxxxxx (Your ZT interface)|
Configure the ZT0 interface with the below values, Save and finally Save & Apply on the interfaces screen.
|Bring up on boot||Yes|
|IPv4 address||10.147.18.50 |
(IP assigned to this device from ZT network)
|IPv4 netmask||Netmask of your ZT IP range|
|Firewall Settings-> |
After the router rebooted, ssh again to the router.
ifconfig and verify if you can see ZT network interface with the same IP.
Verify your routing table by running
Run the below with your network id to allow default route via ZeroTier network.
sudo zerotier-cli set <networkId> allowDefault=1
The above should add few new routes to your route table, run
route -n and verify.
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.147.18.21 18.104.22.168 UG 0 0 0 ztxxxxxxxx 0.0.0.0 192.168.1.1 0.0.0.0 UG 10 0 0 eth0.2 10.147.18.0 0.0.0.0 255.255.255.0 U 0 0 0 ztxxxxxxxx 22.214.171.124 10.147.18.21 126.96.36.199 UG 0 0 0 ztxxxxxxxx 192.168.1.0 0.0.0.0 255.255.255.0 U 10 0 0 eth0.2 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
Test with Mobile Phone
- In a Mobile Phone, if you have ZeroTier One enabled in previous steps (Part-1), disable it.
- Connect to OpenWrt router through wifi
- Open browser and verify public ip using https://ifconfig.io
With this when your OpenWrt router is connected to the internet via ethernet cable outside of your home, the internet traffic from any lan/wifi clients connected to this router will be routed via your home securely.
We have configured the OpenWrt travel router to redirect all the via the ZeroTier gateway at home (like VPN client). This enables you to access the home network by multiple devices without installing ZeroTier one client on all those devices.
Optionally, you may install pi-hole to act as a DNS server for your virtual network and to block ads, you can configure this in raspberry pi, this may be for another post.