ZeroTier Container Setup on MikroTik x86/CHR - Easy Mode SD-WAN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

would you like to use zero tier on your CHR well I've got great news for you this video will show you how to use zero tier on a CHR or x86 Virtual Router or device that you might have the software installed on bare metal so you can use this as a VPN concentrator or for labbing purposes or whatever you want so this is a neat little hack that I'm hopefully going to show you using containers just to help you get zero tiered installed on your virtual Network foreign so let's quickly think about a couple of use cases that we can use this for well the biggest thing I can think of is it gives us a way to easily access our home environments or home Labs remotely and it has the added benefit of being able to route to different networks across your HD wire Network which is zero tier so this is extremely useful if you maybe want to get your VMS that are hosted at your house or at your office or something and just a quick and really really awesome way to get this done and it doesn't just have to be for home lab access you can set this up for out-of-band management type of solutions where you can access your network remotely to quickly have a look and see what's wrong with the devices via some type of Lte connection or it can also just be for a full-fledged VPN service that you're trying to build between all of your sites and you just want them to be able to connect securely using hd-wan via zero tier so I think those three use cases are very typical but it's really really relevant because a lot of people will tend to use it for those type of solutions so what we're going to be doing is we will be installing a zero tier container on an x86 microtic on my hypervisor and then we will be able to use this as a means of accessing my Virtual Lab so let's begin by actually logging on to winbox and then from winbox we will do the whole process now I just want to stress I'm already running various containers on this environment so I'll just briefly be touching on some of the prerequisites that you will need I will definitely link separate videos like how to actually configure everything from scratch independent comments so please have a look at that but in essence what you want is you firstly want to set up a virtual Network and what you'd like to do for that is you will first add a bridge and you can call this bridge or Docker Bridge or whatever you'd like to name it and then you will be creating virtual ethernet interfaces or weaves to actually be used as NYX for your containers and you will be adding those Veith interfaces as ports to your bridge and this will actually allow your virtual Network a means to connect with your actual Network or with each other if needed so it's really useful now to actually add a v or a v ethernet interface you can go to your interfaces go to these and let's just add a new V interface now I've already got a0 to your interface running but we can set up a second container it's really not going to change anything now what I tend to like to do is just leave the name as whatever the new V interface is give it a little Dash and then give it a description what it is so this will be for my zero tier two now your address this is where you will specify the IP address and subnet that the container will use so I'm going to be using 10.0.0.100 24 for this container and then its Gateway will be 10.0.0.1 which is the IP address that has been bound to the bridge interface so if I apply this and I go to my IP addresses we will see that 10.0.0.1 24 is physically bound to the Dockers bridge now last step is I actually you just need to add that interface to this bridge so I will go to the ports and I will add a new port and the port will be my V7 zt2 find it to the Dockers Bridge hit apply now the network portion is sorted so besides the network we actually need to make sure that we are allowing containers on this device now there's two steps for this firstly you will have to install the containers package so if you look at your system packages just make sure that you have the container package installed if you don't have container installed won't work second step is you need to make sure that your device is set for container mode now to achieve this you can go into your terminal window and you can just do a system device mode you can print this and it will tell you if it is on container mode yes or no if it's a no then you need to set it in container mode and again I'll have a separate video that I'll use that you can follow to do that but in essence it's as easy as just setting it to yes and then restarting the VM and then it should boot up in container mode so great so your VM actually boots back up your your x86 or your CHR and it should have this container option here container tab so when you click this this will actually bring up a menu for all of your containers and what's nice is make micro ticks actually made a lot of Headway with how you can configure and manage your containers I really appreciate everything they've done for us over the last couple of months so this is really awesome so before we add any containers I just first want to mention a few more prerequisites in the container option and that is when you click on this config button just make sure the registry URL is set to https colon forward slash forward slash registry-1 dot docker.io this is an Essence where your Microtech is going to be pulling the docker containers from and then extracting it to a temp directory on your local micro tick to actually install the docker container some baseline stuff but definitely helpful if you want to you can import your own containers it's a little bit different to do but that you can follow the marketing weekly your talks for I will post that in the pinned comment as well so feel free to have a look at that so let's actually add this container so what are we going to do we're going to click on the plus we're going to set our remote image now what do we set this to well we can find out by going to the docker Hub so if I go to hub.docker.com and I search for zero tier it should bring up zero tier forward slash zero tier this is the official zero tier container so I can just copy this or I could go to the tags and then we can see what the tags are so you will use zero tier four slash zero to your colon latest to actually download the specific container but if we navigate back to the overview it gives you a nice explanation of what the container is how it works some of the functions on it some environment variables you can set all kinds of nice stuff but I'm going to give you a very Baseline and easy way to configure everything so all that we want to do is just download this container so I'll just copy this and I'll go back onto my marketing paste it in the remote image and then call on latest for the latest build my interface I'm going to select this as the width 7-zt2 that I've actually created during this video and we're not going to set any environment list for this demonstration even though there are some environment variables you can say but what I do want to set additionally here is maybe just the logging and you can specify your root directory think of this is where the actual thing is going to be stored so if you want to store this on an external drive perhaps then this is where you could do that I'll just leave this blank as well so this is Baseline it this is all that I really need so once I hit apply it should actually be downloading this container now from hub.docker.com or docker.io and it is going to take a little bit of time but it's not a big container the zero tiered container is actually extremely small and once this has finished extracting we should be able to start up the container alright so our container has finished started or extracted we see that the OS is Linux and our architecture is amd64 which is perfect so next step for me is actually just to start the container now I can click on start here but there is one thing I recommend people do when it comes to some containers because a lot of people they like their containers to start up automatically when they first reboot the market for whatever reason if you don't do this then you manually need to start the Microtech every time so let's just quickly do this I'll do a container print this will just give us a list of all of the containers then I want to find my number six here which is the new container that I added it is to my v7-82 so I know this is the right container so all I want to do is container set start on boot yes and then I will list this as item number six hit enter and now all this does is it will start the container automatically whenever the marketer gets rebooted so I don't need to set up a scheduler with a script to do this this is now being done by the marketing automatically perfect so next step is actually starting the container so we can navigate back to the container menu or you could start it from the CLI as well but I'll just do everything from the menu so you can just click on the container click on start and then it will go into a running State now running means obviously that the container is live and it's actually booting up and getting ready to work now this is actually where the fun is going to start and where I smash my head into a wall a few times trying to figure out how to get zero to your working on a Virtual Router so the container is run running but if we actually want to join our zero tier Network how are we going to do that you could read There are some ways that they mentioned with environment variables to get this done however I found that I typically were struggling with that so the easiest way to actually do this is to log on to the container directly via a shell now this doesn't mean SSH or telnet onto the container this means you're literally going to Shell onto the container from your micro to command line so if we go back to the CLI I can do a container and again let's just do a print to make sure we are working on the correct container so we know line item six is the V7 zt2 so I know that is what I want to work on so if we do a container shell and then I can specify the line item this is basically going to log me into that container and it will be as if I'm working on Linux as well it's going to be crazy we're going to see so I'm going to Shell on to six and you immediately see this changes to root at R1 whoa this is crazy so I'm technically now on the file system on the back end of the market tick now this is also kind of why this is a little bit dangerous as well because we are now actually working on Linux now we're working on the back end which is typically not where you want people to be and this is why you need to be extra careful and very secure when you work with containers especially when it comes to marketing so now that we are on the shell we can actually run with zero tier as if we were working on Linux so we could just do a zero tier Dash CLI and we can specify join and then after the join we can actually paste in our network ID that we get from zero tier now if you haven't watched my zero tier video I will link that as well for you to watch but basically when you go to the zero to your site you'll be able to create a network and then with this network you'll be able to join different devices so that they can speak each other over the software defined when over sd-wan now we just really need this network ID 233cc aac273b12ba think of this as the secret handshake between the zero to your clients to be able to connect to this zero tier Network now if we scroll down and I know that I'm showing my public eyepiece here I'm actually just going to either mask this or I'm just going to reboot my router since I get Dynamic IP so I'm not too stressed about you guys seeing this either but we can see there are two clients currently that have been authorized to connect now my zero tier setup where I physically need to accept you to be able to connect so if you see this idea as well I'm also going to kill it afterwards so don't worry about that but you can see what devices have connected you can even give the devices descriptions you can give them static ipis if you want you can set what the IP address range is for your devices zero tier is really really neat but what I want to do is just join this new micro tick or this new Docker that I've brought up so to do that just paste in this network ID hit enter 200 join okay that is fantastic I like it when stuff just says okay and we're ready to roll so if I go back onto zero tier whoa that's crazy I can see there's a new client that's requesting an auth and if I want to auth this it's as simple as clicking on the yes and this will now assign an IP address to that zero to your client as well you will see that it is going to be running a new build of zero tier and we can see what IP address it received automatically from zero tier so I can just copy this and my actual Windows computer which is it feels a bit redundant since everything is kind of like connected directly with VMS and stuff already um but since I'm on zero tier now I should be able to Ping the zero to your IP from my actual home computer because this is already running zero tier if I look at my zero tier there's my ID I'm already connected and if I ping 10 147 17 190 which is the container on my micro tick I can see it is live it's actually up and running it is working so I'm super stoked for this now let's actually see if we can access a virtual Network that's sitting behind the CHR via zero tier so what I'm going to do is just look at the CHR quickly or the x86 sorry and if I look at the addresses I have an ether2 which has the IP address 172 16 0.1 24 bound to it right and this is actually on the micro tape and behind that I'm not sure if my Linux host is live it is live so let's just quickly check what this Linux host's IP address is as well because I want to see if I can maybe get to this Linux host via zero tier quickly so if I do an ifconfig 172 16 0.254 is my Linux machine great so we know that the Linux machine which is on my hypervisor is also live or this is actually sitting behind the market tick as a client all right so next step is actually to advertise some routes or let's test and see if it works if I go onto my computer and I ping something like 172 16 0.254 which is the Linux VMS IP it is currently timing out and the reason this is timing out is because I'm going to go through my normal internet path to actually try and access this client so if I do a route print and I search for 17216.star I can see there are no active routes for this now xero tier makes it really easy to send routes out to all of the clients just using its front page or its admin page so what I can do is just add a new route for this and I'd just like to copy this IP address for the container because obviously to get to this virtual Network I'm going to tell all of my other zero to your clients hey you need to connect to this zero tier endpoint as your gateway so let's scroll back up add a new route my destination will be 172 1600 24 and I'm going to do this via that container's IP and we'll submit this and now that that has been added if I actually look at my windows client and I do the same command of Route print 172.16.star we can see there is a new active route which is pushing traffic via the zero tier Gateway which is that container so let's test again let's see you can actually ping out so if I ping 172 16 0.254 minus t it's still timing out why is this timing out well I've got a suspicion why because right now what is happening is the traffic is actually getting to that Docker container and from the docker container it's actually going to go out to the actual micro tick so if we look at this shell that I'm still connected to you and I do a route we can see that the default route out which means if it wants to get to 172 1600 slash 24 it's going to go to the actual microtix ipf10001 so let's see can I pin 172 16 0.1 from this container I can can I ping.254 that I can ping as well so I know that the container can actually get to that network but why can't I on my actual home computer get there well if I look at the microtix routing table it's going to make a lot more sense because if I go to these routes we'll see that there is no routing available for the zero tier Network so in essence if I want to make this work all that I need to really do is Route the zero tier subnet back to the docker IP of the zero tier container so if I go on to my zero tier console or admin page I can just quickly grab this IP address range so it's 10 147 17. so let's just add a new route and I will say if you want to get your 10 147 17.0 24. the Gateway is going to be the docker container ipf zt2 which was 10.0.0.100 I will apply this change and I actually see that I do have something similar added but this was from testing from before so let's just disable this old route or delete it entirely because the 254 was my first zero tier container and now this should actually work so if I go back onto my command prompt and I run a ping again to 172 16 0.254 whoa that's crazy guys I'm actually getting to my virtual network from my zero to your client and again this is super powerful because if this let's say this wasn't my computer if this was my laptop I could have connected to zero tier over any internet and I'd still be able to access my Virtual Lab really really powerful stuff so I really hope you guys can see how awesome sd-wan is and how cool this is that we can install a Docker container of zero tier on an x86 or a CHR to get this working without having the architecture that officially supports it and what is nice for me this way as well you are running a more stable and latest version of zero tier so this is extremely cool all right so this is going to be where I'm going to end off the video I'd like to thank you guys for watching again I'd like to remind you guys to like And subscribe and also comment tell me what you thought about the video and make any suggestions that you'd like to make I will definitely cover it if I have time and I'd like to thank everybody again thanks again for watching especially my patrons and YouTube members and I'll see you guys in the next videos happy holidays bye foreign

Info

Channel: The Network Berg

Views: 26,483

Rating: undefined out of 5

Keywords: ZeroTier, Docker, Container, MikroTik, VPN, SD-WAN, MikroTik Tutorial, VPN Tutorial, Router, CHR, x86, VPN tunnel, MikroTik VPN, MikroTik ZeroTier, MikroTik Container, TheNetworkBerg, Zerotier Setup, MikroTik Setup, mikrotik container, Virtual Network

Id: QKjWLfGfkF0

Channel Id: undefined

Length: 18min 15sec (1095 seconds)

Published: Wed Dec 14 2022