Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Controller #11

Open
willuk2010 opened this issue Oct 11, 2021 · 26 comments
Open

Controller #11

willuk2010 opened this issue Oct 11, 2021 · 26 comments

Comments

@willuk2010
Copy link

Hey @ChanceM

Good work on this, i managed to build and deploy this on my pfSense router this evening, and i am able to connect to networks fine on the Zerotier dashboard.

But i'm trying to get the Controller working, i'm able to set up a controller network, but the client (on my iphone) just shows Network not Found.

I must be missing something, or my understanding of how the controller works.. my assumption was i could create a controller network from pfSense, connect my clients (phone etc), and allow access to my devices behind the pfSense firewall.

Cheers!

@willuk2010
Copy link
Author

Ok scrap the above, i restarted zerotier on pfSense, and now the clients can find the network and connect, and i am able to authorise them, however no clients appear to get an ip address.

@willuk2010
Copy link
Author

Ok im close!

I read the documentation on how to set up a controller manually using curl, so I was able to set the ip range's and rouite, which means I can now get a client registered to my controller, authorised, and an IP is given. but I cant ping any of them.

one thing I noticed, if I connect to a network created at zerotier central, I get an interface called "zt1ocu1pr84r8o3" in pfSense but when I create my own controller, I get 2 interfaces created, "tap9994" and "tap9995" but they always stay disconnected with "no carrier".

@ChanceM
Copy link
Owner

ChanceM commented Oct 12, 2021

I will have to spin up my VM and do some tests. I apologize for the delay in response just coming back from a vacation. You should get a zt interface that you can assign and then you will need to manually set the IP to the one given from zt and add rules allowing traffic.

@willuk2010
Copy link
Author

No worries bud, hope you have had a good vacation!

Yeh i would have expected a zt interface, just like you do if you connect to a network using Zerotier Central using their controllers.. not sure why setting up your own controller creates the two "tap*" interfaces instead of the zt one.. I tried to look at how/where they are created but haven't figured that out yet.

@ChanceM
Copy link
Owner

ChanceM commented Oct 19, 2021

So testing this, creating a network does in fact create a tap interface, but I only see one. Joining the network from the same device creates a ZT interface.

@knightian
Copy link

@ChanceM hello, thanks for this. How would we go about updating the package to v1.8.1?

@ChanceM
Copy link
Owner

ChanceM commented Nov 9, 2021

@ChanceM hello, thanks for this. How would we go about updating the package to v1.8.1?

I believe 1.6.6 is the latest available FreeBSD 12.

@knightian
Copy link

So testing this, creating a network does in fact create a tap interface, but I only see one. Joining the network from the same device creates a ZT interface.

I have a zt interface and a tap interface after joining the network from the pfsense device. I assume we only use the zt interface set it up with the IP assigned from the controller and such? I'm getting direct connection to the controller but all other nodes have to relay to it and I can't ping in.

@knightian
Copy link

knightian commented Nov 13, 2021

@ChanceM hello, thanks for this. How would we go about updating the package to v1.8.1?

I believe 1.6.6 is the latest available FreeBSD 12.

Yea seems that way, so after some research I learned how to compile 1.8.1 and build my own pkg for it. Working on my pfsense (I looked at the file structure of the v1.6.6 pkg and copied that in my pkg from the compiled bins)

Link to my pkg if anyone else wants it https://we.tl/t-tNOBIrdV9B

Screen Shot 2021-11-13 at 4 50 15 pm

@knightian
Copy link

knightian commented Nov 13, 2021

So testing this, creating a network does in fact create a tap interface, but I only see one. Joining the network from the same device creates a ZT interface.

I have a zt interface and a tap interface after joining the network from the pfsense device. I assume we only use the zt interface set it up with the IP assigned from the controller and such? I'm getting direct connection to the controller but all other nodes have to relay to it and I can't ping in.

Can confirm that at least when not running a controller on the pfsense device, it's safe to ignore the tap interface that shows up, just mount the ztxxxxxxxxxx interface that shows up and give it an IP in your zt network, assign it that same IP at the controller and then make your firewall rules correct and you're good :D (I just needed to tweak my firewall rules to fix the pinging in and relay vs direct etc).

v1.8.1 running fine.

@opnwall
Copy link

opnwall commented Nov 29, 2021

@knightian Your shared file has expired, the latest is 1.83, can you recompile and share it?

@knightian
Copy link

knightian commented Nov 29, 2021

@knightian Your shared file has expired, the latest is 1.83, can you recompile and share it?

Heya the official package has been updated to 1.8.3 so if you use the url in the readme and change 1.6.6 to 1.8.3 in the url, it will add the latest official package.

@fxn2020

@opnwall
Copy link

opnwall commented Nov 29, 2021

@knightian I really don't have the energy to build the environment needed for compilation. Could you share the pfsense-pkg-zerotier.txz you compiled, thank you in advance. My email: [email protected]

@brahmanggi
Copy link

@ChanceM hello, thanks for this. How would we go about updating the package to v1.8.1?

I believe 1.6.6 is the latest available FreeBSD 12.

Yea seems that way, so after some research I learned how to compile 1.8.1 and build my own pkg for it. Working on my pfsense (I looked at the file structure of the v1.6.6 pkg and copied that in my pkg from the compiled bins)

Link to my pkg if anyone else wants it https://we.tl/t-tNOBIrdV9B

Screen Shot 2021-11-13 at 4 50 15 pm

hello @knightian the link expired I want to try it on my machine, thank you in advance

@opnwall
Copy link

opnwall commented Nov 30, 2021

I compiled one by myself, you can download it if you need it。pfsense-pkg-zerotierzerotier1.83.txz

@brahmanggi
Copy link

I compiled one by myself, you can download it if you need it。pfsense-pkg-zerotierzerotier1.83.txz

thank you very much, do I need to compiling again or is it already pkg files?

@opnwall
Copy link

opnwall commented Dec 1, 2021

@brahmanggi It has been compiled, downloaded and decompressed, uploaded to pfsense, installed in the shell environment, command: pkg install pfsense-pkg-zerotier.txz

@brahmanggi
Copy link

@brahmanggi It has been compiled, downloaded and decompressed, uploaded to pfsense, installed in the shell environment, command: pkg install pfsense-pkg-zerotier.txz

yes, I will try to upload to my pfbox, and again thank you very much

@knightian
Copy link

Just be mindful if you remove the package, it keeps the config for the zt interface still in the config.xml and next boot the device gets blocked asking you to reassign the interfaces because it can no longer find the zt interface that it has a config specified for.

This is something I encountered during upgrade. So if you are remote accessing the box or have no local video/serial console access then best you never uninstall the package once installed.

@ChanceM
Copy link
Owner

ChanceM commented Dec 1, 2021

@knightian I'm looking at this. I think I can remove the interfaces on deinstall to hopefully prevent this.

Updated Package for Install: https://app.box.com/s/m3a6m081d1gjpxrwob6rktfilrktsrnn

@knightian
Copy link

@knightian I'm looking at this. I think I can remove the interfaces on deinstall to hopefully prevent this.

Updated Package for Install: https://app.box.com/s/m3a6m081d1gjpxrwob6rktfilrktsrnn

Thanks, does the new package you posted have this fix?

@ChanceM
Copy link
Owner

ChanceM commented Dec 2, 2021

@knightian not yet this addition shows the interface associated with the network or a link to assign an interface for a new network, but that was just the first step getting the associated interface so I can remove them on deinstall.

@1ARdotNO
Copy link

1ARdotNO commented Dec 5, 2021

This is great work!
Appriciate it :-)

@knightian
Copy link

@ChanceM is that issue of the interface getting removed and screwing up pfSense updates being worked on? it makes using the zerotier pkg in the field untenable because whenever we update pfSense we would have to visit the site and physically reset up the pfSense device :(

@ChanceM
Copy link
Owner

ChanceM commented Mar 22, 2022

@knightian I would love to say yes, but the reality is I do not have a whole lot of time to devote to it. I did dig a little bit into it tonight, but nothing new to report.

@opnwall
Copy link

opnwall commented Mar 13, 2023

@ChanceM In pfSense plus 23.01, the plug-in can no longer be installed and used normally, and I hope it can be updated in time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants