🤖Testing out the Ethernet Switch of the Planet! ZeroTier ft. MikroTik!
Вставка
- Опубліковано 26 лип 2024
- Hello and welcome! In this video we will be looking at how to connect a MikroTik device using RoSv7.1RC7 to ZeroTier an amazing "ethernet of the world" solution.
You will be shown how to enable ZeroTier, add a ZeroTier interface, accessing a MikroTik via ZeroTier and even how to do some routing via ZeroTier. Enjoy!
Support the Channel:
⭐Become a Patreon: / thenetworkberg
⭐Become a UA-cam Member: / @thenetworkberg
Social Media:
🌏 thenetworkberg.com
🌏 / thenetworkberg
🌏 / bergnetwork
🌏 / the-network-berg-39451...
MTCNA Playlist:
• Free MTCNA RoSv6
Timestamps:
00:00 - Introduction
00:19 - Zerotier Overview
01:21 - MikroTik requirements
03:05 - Enable ZeroTier
04:39 - ZeroTier network setup
06:51 - MikroTik ZeroTier interface
08:56 - Windows Client ZeroTier
11:10 - Routing via ZeroTier
Credits:
Thumbnail: Created on Canva
Intro: Created on Canva
Thanks again for watching
ZeroTier documentation:
docs.zerotier.com/zerotier/manual
Awesome lab, explained precisely and clear as crystal by the BERG.
This is incredible. I have an MT in my parents house that I cant manage from public due to not having access to the provider's modem to open the correct ports. This should solve the problem! Fantastic.
Thanks for the video! I was exactly looking for this content, a video that can show me if zerotier is something that I can benefit from or not before digging deeped.
Thanks so much, ZeroTier is really amazing!
Thank you for the lessons
Excellent video, I just subscribed to your channel.
this was very special. Thanks, indeed
This is great. Thanks!
Very cool!
this is so awsome!!!!
Thank you !!! You and ZeroTier just made my life easier. No more vpn connections, now I have multiple devices from different locations all connected in the same network.
I just wish they will bring ZeroTier on MIPS CPU's, I had to use my wifi cAP AC with ARM CPU and additional static routes to home MIPS router to bring ZeroTier in my lan.
Great to hear! I honestly wish for the exact same thing from MikroTik.
Alternative solution for the mips. Raspberry Pi Zero W is possible with USB LTE connection. Both ARM-based Container installation and the opportunity to connect to all devices on the Mikrotic network via Zerotier.
I'm using ZT with a hAP Ac². Simple to configure and works fine. Performance is much better than the solution I was using before (L2TP on a Raspberry pi).... the only downside is Winbox wont show ZT1 interface and mark the rules and routes as "unknow" ...
Would be great to have Zerotier available for other plataforms (mips, mipsbe, x86)..
Dankie vir wat jy op die youtube channel doen word baie waardeer.
Dankie vir boodskap en ondersteuning Andre, waardeer dit ook werklik baie!
Crazy! Awesome!!
Very awesome indeed!
Nice video, TNX
Thank you for a great video, what rules do you use on your firewall?
I have extended my home lan into another site 2000km away using two raspberries as edge devices and it is awesome, totally outperforms OVPN tap. Next step will be to replace the rasps with proper mikrotiks. It would be cool if you can comment on throughout via WAN. I can only reach 42Mbps due to CPU capacity of the rasps, interesting to know performance on the mikrotiks.
I like that video when you describe what you plan to do, what this do etc. On livestream of OSPF&BGP is chaos :).
Please not press Apply and OK where only OK do the job - you learn other people to do that "stupid" action, be smart teacher !
Love it
Would love to see your videos on released ROS v7's new features.
awesome.
awesome. Just subsribed.
Thanks for the sub!
Hello very interesting video. I would like You make a follow up when 7.2 stable will be available with new tweaks. Beside a ropic I would be very interesting is UPNP for MK. This is also recommended by ZT.
Good tutorial thanks for it. Please any hints considering more MKs on local LAN how to access all MKs on this LAN via winbox considering just on of it is zerotier interface enabled? How to reach more local ip addresses?
Nicee, im from Indonesian
thank you for you information i setup my mikrotik with zerotier and its work great can i use zerotier with pbx like greandstream so i can use my iPhone as extinction
hey good videos any chance you be covering raduis
Interesting observation. ROMON does not seem to work through 0T. I don't need ROMON to work through 0T but interesting nonetheless. Perhaps it is a similar issue with ROMON not working through Unifi switches.
Hi TNB, het jy al probeer om twee tiks na mekaar te route op ZeroTier?
well done ....i wana to access my devices as loccal via zero tier
and if I want to pass all traffic through mikrotik, should I just set 0.0.0.0/0 for destination?
Helo The Network Berg.Am trying to install the Zerotier in my mikrotik 3011 running v7.1.1 with zerotier v7.1.1 but its not working.Kindly help
I have done this but the data transmit limit is only 20 Mbps at all. Is there any setting for it to increase ?
How to expose from Mikrotik side all LAN devices to ZeroTier?
It's like EoIP cloud server.
That's a pretty good comparison, though unlike EoIP which is MikroTik proprietary this is more available and I find it amazing that you can connect stuff like server infrastructure and your MikroTiks together via ZT.
any tutorial using ZeroTier with DNS / AD ? .-) if possible
Can I convigure IKEv2 between Mikrotik and CISCO ASA please? if yes, please make a video and which Mikrotik hardware you recommend.
I don't see why not, I configured NordVPN using IKEv2. Though I do not currently have a video regarding this, the concept should be fairly similar to the NordVPN setup it's all about selecting the correct P1 & P2 configurations.
Nice video 👍. I saw in your video that IP address of zerotier interface is "unknown", it should be zte1, bug On ROS?
On the GUI sort of, once version 7 actually releases then it should show the ZeroTier interface that you created, but the GUI has no idea where this interface is so it just shows an "unknown" interface.
@@TheNetworkBerg It is showing up for a second as "zerotier1" and disappearing. I hope they will fix it ASAP
I have my zerotier configured on two mikrotik routors Point to point using starlink internet but my VPN is too slow, where am i getting it wrong Boss?
Thanks so much
how to check the zero tier address in mtk?
Hi, Berg. Thank you for the lesson. But how do you think is technology like this will substitute the common IPsec vpn ?
@@cctech298 nebula from slack look like a better alternative since it's less centralized ! but development seem kinda slow !
@@cctech298 the same situations. Cisco was my first vendor that I learned thoroughly. But now I've got already the second MikroTik certificate. It's really impressed vendor.
I think all services have their place and that ZeroTier serves a specific niche and is awesome. One thing I would like to do is add a few devices running ZeroTier to connect via LTE into ZeroTier so that I can setup a type of OOB network should I lose access to my core devices. It saves me a trip to the DC if there is some configuration issue.
I've also worked on most of the major vendors equipment, Cisco, Juniper, Huawei etc, MikroTik is by far the only device I have been able to tune to do exactly what I want at times. It is an amazing "Swiss Army Knife"
I love this video. Great job explaining what ZeroTier does and how to configure it. Looking forward to more MikroTik videos!
might be exciting if you could also do tailscale in comparison to zerotier
agreed. but unfortunately mikrotik doesn't support tailscale yet. which is a bit awkward because it does support wireguard (which tailscale is built on).. Hopefully we'll be able to choose between zerotier or tailscale
Hi Network Berg Ty for this video. I am able to ping the MK router from a PC on the ZT network but I cannot get to a PC behind the MK router from a PC on the ZT network (the MK router doesn’t seem to be allowing traffic to devices within its subnet). Is there something I am missing … I am trying to access PCs behind the MK from ZT network without having to install ZT on those PCs.
you need to have a routing entry for those network behind ZT on the MK routing config. Add those dest zt subnets, gw=the next hop ip address.
@@ismashkhy I'm in the same boat...can ping the MK router, but not other devices behind the MK router. Would you be able to elaborate a bit on what is needed?
@@happyhome64 I dont know if theres a way with ZT to add a remote subnet and point for a gateway, if there is, you can add those lan subnet behind the MK, then add the gateway ip (you said you can ping), then with MKtik do the other way around.
same here! Please post a solution if you find it.
Oh, dang! I have two mikrotik routers and neither of them are ARM architecture. Is it true that ZeroTier is NOT IN all versions of RouterOS v7? Only in ARM architecture hardware? If so, can you do a short video talking about the differences? You got me jazzed about ZeroTier, and now I'm thinking I have to buy a new router. Thanks for your excellent videos, by the way.
Hi Steve at the moment yes, unfortunately only ARM & ARM64 architecture supports ZeroTier. Though I can almost assure you it will become available for all other models once MikroTik releases updates to v7 which officially released last week. So hopefully you can add ZeroTier to all your devices in the next update.
Alternative solution for the mips. Raspberry Pi Zero W is possible with USB LTE connection. Both ARM-based Container installation and the opportunity to connect to all devices on the Mikrotic network via Zerotier.
@@TheNetworkBergDarn it I was excited until I realized it's not working... when I upload the file to the v7.1.1.2 I reboot but it doesn't show in the package list... any ideas what's the cheapest mikrotik with ARM technology?? I assume mine just don't cut it.....??? I'm running V7.11.2 on HAPPY ax^2 (ARM64) but no madder how many times I try it don't show in package list :(
Hi!! Very interesting video. Have you made an speed test over SMB between a pc behind mikrotik and other device of Zerotier? If I try that, the speed is very slow (about 3MB/s) and If I transfer a file between other devices in Zerotier that are not behid a Mikrotik the speed is optimal (depends of the fiber line but much better..). What can you say about it???
Have you tried testing with anything besides SMB? I've ran Iperf3 tests between two hosts connected through the ZeroTier tunnel and I am getting the expected speeds. I was getting around 43Mbps to a remote fibre link that is connected to a 50Mbps Fibre and is also doing other traffic besides my Iperf3 test. So this looks good to me.
@@TheNetworkBerg I've only done tests with SMB but it has been strange to me that the transfer of files from one device to another that is behind a Mikrotik is much slower than other devices that are directly connected in Zerotier. I did this with a 600/600 fiber line.
But the difference is enormous. From 3-4MB/s to about 50-60MB/s
PC -> ZT -> PC: 50-60MB/s
PC -> Mikrotik hAPac2 -> ZT -> PC: 3-4MB/s
I also set up Zerotier on a Ubiquiti EdgerouterX but the result was the same. So I suppose that perform slows down when we connect some router or firewall between the host and ZeroTier Network.
@@unaibas4676 Yeah that is very strange, I can think of many possibilities. But I honestly couldn't tell you why you see those results, if you say you get the same results from other vendor's equipment like Ubiquiti then I imagine you could ask the question to the ZeroTier people directly as well.
@@TheNetworkBerg thanks anyway!!!
@@unaibas4676 uh 3MB/s = 24Mbps.......
Is there a way you can join the ZT network to OSPF so that you won't have to manually publish routes to subnets that you want to make available ?
I can't see why not, although I would have to lab this on two different ARM/ARM64 routers as ZT is currently only available on that hardware and I only have access to one router that works with ZT :(
@@TheNetworkBerg Actually I have done some testing on one of my devices. So the HQ router is ARM so I have installed ZT on it. I have OSPF setup with my other branch office routers and by joining the ZTNA network in the OSPF backbone I was able to reach all of my subnets even from other networks. Now I am not 100% sure on my testing as I do not have a machine outside of my network.
is there a way to force the zerotier traffic to only use WAN2 instead of wan1?
Should be possible with some smart mangle rules. I would suggest either looking at ZT's documentation or running a packet capture on the Tik to see which protocols/ports are being used and based off of that you can setup mangle rules to push that traffic over Wan2.
Hello, I live in Iran and our government has filtered the internet and we don't have free access to the internet. I was able to get a German Hetzner server (Ubuntu) and my router is Mikrotik. Is there a way to tunnel between these two with zerotier and be able to Should I use free and unfiltered internet?
Dear, @The Network Berg. I have tried installing zerotier on my mikrotik CCR1009-7G-1C-1S+ i have failed is there a way of going about it. Have tried methods, upgrading to RouterOs 7.7 , have also tried uploading it from the extra packages. What am i missing here.🤔🤔
I don't think that router has an ARM chip, and ARM is a requirement.
hello bro : can in install the package on mikrotik hap lite or not supported ?
Unfortunately not. These are the architectures that are currently supported:
ARM64
nRAY, CCR2004, LHGGR
ARM
cAP ac, CRS305-1G-4S+, CRS309-1G-8S+, CRS317-1G-16S+, CRS318, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, Cube 60G ac, DISC AC, hAP ac², hAP ac³, LDF ac, LHG ac, mANTBox 52, NetMetal ac², RB4011, SXTsq (ac series), wAP 60G series, Chateau, RB3011, RB1100AHx4, Audience, RB450Gx4, wAP ac
will this work on my Haplite sir?
Unfortunately not, need at least ARM or ARM64 architecture, Hap lite is SMIPS
I think better wil bee to land via ILS.
ZeroTier provides no encryption, right? If I use it to connect from outside, to my HTTP services behind mikrotik router it will all go through plaintext, right?
I have no public IP on my mikrotik, so to be secure and private, I should use ZeroTier to reach mikrotik's IP and then connect to this IP with wireguard?
Do I understand this correctly?
Hey Mirek, I think someone already explained to you how ZT works with encryption. But in essence traffic is not plaintext.
@@TheNetworkBerg Indeed. Thanks for confirmation and thanks for all the knowledge-rich content you create!
We need juniper tutorial, please make for us
I can definitely look at doing some Juniper videos, are there anything specifically you would like to learn?
Zerotier need public ip or not ? Thanks
No, ZT works behind natted connections which makes it very useful.
What makes that so different from a VPN?
Well for starters it works seamlessly on devices behind a NATed connection and this operates at Layer 2 as well so you can actually do things like mac-telnet to a router on its virtual mac-address this is like connecting to a massive bridge in the cloud.
@@TheNetworkBerg Isn't that what L2TP already does? Or its layer 2 function only in the layer 2 of underlay for encapsulation? Also, there's Ethernet over IP. It sends layer 2 signals over an IP adress. What about that?
Is Zerotier to get around dynamic IP? Is it cheaper than fixed IP-Addresses on both ends?
What is this service good for beyond testing and experiments?
Sort of but not completely, it's more similar to VXLAN which allows us to extend broadcast domains across L3 connections. Being able to connect from a dynamic IP is one benefit yes but definitely not the only reason why you should be looking at ZeroTier, you can build awesome management networks, VPN tunnels or even extend the routing between two or more locations via the ZeroTier connection.
Another high-tech hole in your security.
Must have Arm processor not Mipse 🤔️😥️
Yeah unfortunately :(
No reason "not" to trust them, but I'm not seeing any protections from the ZeroTier system. Feels a whole lot like giving unknown people access to my systems, and they're offering it to us for free. hat have we learned about free? If you can't see where the money is coming from, you are likely the product. Very cool though, otherwise.
Good point and understandable point of view, many people trust and use ZeroTier, though I am inclined to agree that if you are using the product freely then you are probably part of the product. Though it seems as if ZeroTier makes use of a freemium business model to try and lure bigger customers for a paid for solution seeing as how it's only free up to a certain point you are also offered priority support being a paid for customer. Where being a free one is more like "We'll get to it when we can "