ZeroTier Hub and Spoke

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi folks in this video i'm going to be showing you how to configure your zero tier in a hub and spoke model as someone requested so essentially the network is set up like here on the screen and by default my zero tier here client which is here at home can connect to my zero tier client on this remote network and that's generally you know back and forth i could essentially into this host if it had ssh or i can remote desktop into it or web server whatever but let's say you're remote and what you want to do is connect back to your home network on your device your zero tier device here and be able to directly access other networks you have set up because by default the clients here cannot connect to this particular address you see on the screen or in the address and it's not six or four network so we're going to configure this zero tier client to be a gateway or a router or firewall if you will to access these other networks and what i'm going to do is here's one of my clients on this network i'm going to set up a continuous ping to a host and when the network comes up or when the firewall is configured we should start seeing pings occurring on the network right uh notice actually one six eight seven one let's do that one so by default witness is gonna do four pings and then terminate i do the dash t to allow continuous pings so i'm going to configure this gateway which is a linux box a correction this zero tier as a gateway is the linux box to connect to these networks here and currently you see that does not work so i'm going to hop over to my that i'm using my program the bash class ct i want to go back to the main menu and i'm going to manage routes number six right here manage routes it's like a network you want to manage routes for number one then i want to list my routes you see my default route is the only one that's there so i'm going to add a new one and the first thing you want to enter is a network that you want to connect to 6.0 slash 24. so that's the remote network i want to connect to and then the host that you want to be the gateway and in this case the remote gateway is going to be my linux over here so this is the remote system let me go back to my my diagram is this tab this tab this tab here we go so this is the remote network here and this is this is the linux server i'm on currently to configure the firewall so this host right here is this host and this diagram right here okay so let's take a look at this here's my network in my interface and then here's my ip address so this is the ip address and configuration that i want for my gateway so this host is going to be the gateway to access this network okay someone hit enter and then a message route was added and list my routes and good and you can see that the route is now added let's look at our linux box and you see it is now allowing me access to my remote network as you can see here it was not before but now it's allowing access i'm going to kill this let's try let's try 4.4 on the other network it's not working there i'm going to go back here i want to add a route 1.2.168.4.0724 and then the same host is going to allow access to the 4.0 network route was added right route there you see i now have access so now if any client connects then they can get access to this.6.4 network so you probably want to implement flow rules to restrict the ips and services or i should say ports and protocols that are allowed to access that.6.4 network if you have to and you can set up multiple networks and only allow specific people access to specific surfaces using your flow rules okay so what did i do to configure my remote system over here well i entered these commands here so uh this is actually out of order sorry about that um skills over here i enabled this echo one i did it so that i can just immediately do the test what you want to do however is you want to edit your cisco.com file and for the reporting you want to uncomment this here that way it survives a reboot because if you just do the echo statement like i did it's not going to survive that reboot okay you're going to go back to not being a router so that enables routing to occur on this linux system save that and then you run ctl.p to write that change and that takes place right away all right and then you want to enable your happy tables masquerading this is what's going to have all clients have the ip address of the public interface for this linux server in this case my public interface is right here in 6 np6 and then there's the ip address so when it goes to another host on a remote network that's a i should have tried a different one but it still was going to work anyway uh let me try 6.72 you can see how that still works i was pinging the interface of my um gateway the public interface which means it was still routing so let me see if i can position these so it's easier easier to see here [Music] that should work for now right there so right here is that is my network interface that's what you're going to put whatever is right there whatever your interface is on that remote lan not the zero tier but your interface for that remote lan that's the um interface you want to put here it's probably eth0 it may be eth1 eth2 whatever you're not having your network is set up so just change that accordingly and then the next two lines is going to allow forwarding between the zero tier interface and your public interface and this is the public interface of correction this is the uh zero tier interface on on my my system as we see right here number six right there number six see how it matches that right there now you could put zt plus right here especially if you have a gateway that's providing access to um other networks and things but that's up to you if you want to do that um i only have one that's all i needed for and then the forwarding rule down here at the bottom and you want to ensure that when you enable this you want to have your these in a startup script so that when you restart the system these iptables commands will be inserted so that when i reboot this server here i won't uh for updates or whatever then my clients can connect and start routing again okay so that's how you configure your remote linux server to be a gateway so you want to first enable appy forwarding and i did this just to demonstrate um how you can go from the command line and you can see how the pinging is occurring because it is acting as a router right now if i change that one to a zero i'm effectively going to disable routing see how that stopped right there and now i'm going to re-enable routing take a moment for it to catch back up i may have to kill it there we go yeah there we go now it's pinging again since now it's back routing okay so this is just a way to do it real quick from the command line to enable routing has to be set to one zero disables routing all right so that's the hub and spoke model that's how and it's if you want to look at us from a context of a vpn this is split tunneling because all of my internet traffic is going through my standard or commodity internet but when i want to go to one of these networks.4.6 it's going through the zero tier interface so if i go to google for example my google traffic is going out my it's got my standard interface and out to google but if i want to go 2.4 or 6 network over here it's going to take the route of the vpn and then go to whichever host all right

Info

Channel: Duane Dunston

Views: 118

Rating: undefined out of 5

Keywords:

Id: Fb65bU3oyEo

Channel Id: undefined

Length: 10min 52sec (652 seconds)

Published: Sat Oct 23 2021