#zerotier

Assuming initial LAN config: 192.168.3.0/24, DHCP. Zerotier will be set up on 192.168.2.0/24.

Creating the Zerotier network

Managed routes:

192.168.2.0/24

192.168.3.0/24 via 192.168.2.1 (.2.1 will be the IP of the OPNsense machine in the ZT network

IPv4 auto assign: 192.168.2.1-192.168.2.254

Installing Zerotier on the OPNsense machine

System → Firmware → Plugins, install os-zerotier.

Navigate to VPN → Zerotier → Settings

Enable Zerotier.

Networks tab: add your network.

Enable the network. (Checkbox in the Enabled column)

In Zerotier Central:

Add the IP 192.168.2.1

Click the wrench

Allow Ethernet bridging enabled

Do not auto-assign IPs enabled

Authorize the machine

Setting up the Zerotier interface in OPNsense

Interfaces → Assignments. Add the Zerotier interface (zt…). I'm using ZeroTier as description - this is what will appear throughout the UI.

Interfaces → ZeroTier.

Enable and lock it

IPv4 configuration type: static IPv4

At the bottom static IPv4 address: 192.168.2.1/24

Save and apply

Join other device into the network.

Confirm pinging that device from OPNsense (tty option 7) is possible.

Firewall → Rules → ZeroTier. Add a rule:

Action: Pass

Direction: in

TCP/IP version: IPv4

Save and apply

Confirm that pinging the OPNsense machine from the other Zerotier device is possible on both of its IP addresses (.2.1 and .3.1).

ZeroTier doesn't work on DSM 7. Running it in Docker is possible, but Docker is not available for 32-bit ARM-based models, even unofficially (unless you're willing to build the binary yourself).

Downgrade involves wiping the NAS.

In short, the procedure goes like this:

Get the NAS into "migratable" state. This means that DSM boots into a "bootstrap" mode rather than normally. You can trigger this by popping in a fresh HDD or editing /etc.defaults/VERSION to an older version.

Reboot the NAS.

Try to install DSM 6. It will fail, but telnet will be made available on port 23.

Edit the VERSION file again. Make sure to use correct values. Otherwise the installation will fail.

DNS – the treasure trove of information your ISP can see

In recent years, the nature of privacy on the internet has become a very important topic amongst those concerned with the now lack of net neutrality. The de-facto mechanism for dealing with privacy has been to “SSL all the things“, which I am very much in favor of. What many do not realize, though, is that simply using SSL for the traffic that transits a given ISP still leaves a wealth of thick,…

ZeroTier | Network Virtualization Everywhere

Directly Connecting the World’s Devices

Create a virtual network in seconds and use it to connect almost anything. ZeroTier delivers simple and secure network virtualization across devices and locations.

Use ZeroTier to replace conventional VPNs, create private network backplanes for hybrid and multi-data-center cloud deployments, bridge office networks together, and more.

Source: ZeroTier |…