Ah! Right. I had changed that earlier today because I had read stuff (probably even near the start of this thread!?) suggesting that it was necessary to have them in the same subnet but with non-overlapping IP allocation from DHCP & from ZeroTier.
But now that you have pointed this out, Iāve realised that this is when my problem started
Right so the way this stuff works - taking a computer with NO VPN as an example:
1 Network interface. 192.168.0.2. The network rules say that ALL traffic not destined for 192.168.0.0/24 should be sent to the router - and out on the internet.
2 Network Interfaces. 192.168.0.2 and 10.10.72.8. The network rules say that all traffic destined for 192.168.0.0/24 should go out on Interface 1. All traffic for 10.10.72.0/24 should go out on Interface 2. And ALL traffic not destined for either of those networks should go to the router, via the primary network interface - probably Interface 1 (192.168.0.2).
Now when you add virtual networks in to the mix, the rules get even more complicated. But taking your situation, if you have 192.168.68.0/24 on Interface 1, and then on a virtual network you have an IP address in the same address range as interface 1, the computer will EITHER continue to send all requests that should be going to the VPN, out on interface 1, or it will send ALL requests for ALL LAN traffic out to the VPN. Which option the computer uses, depends on what priority the interface has been assigned. But under either option - it will break stuff.
That tells the computer that the networks are linked.
In any case, itās a terrible idea as many other people in that thread point out. You really need to be good with your understanding of how networks communicate and route traffic, to be able to pull off stuff like that. The post a bit further down about installing ZeroTier on a Pi and enabling IP forwarding though, that is do-able. I donāt personally use Zero Tier I use Wireguard on a PI, with IP forwarding enabled - which allows me to access anything on my LAN from outside the network, without having to install anything on any of the other machines. And because my Wireguard setup points to my internal DNS server (which is Pi Hole), I get ad-blocking when I am connected to other peopleās networks.
Oh, now that sounds interesting - is it tricky to setup WireGuard VPN at home and use it to ātunnelā into my LAN when away from home? Can you point me at any reasonably comprehendible guides?
I have an rpi2b sitting in a drawer, an rpi0w already running Pi-hole, and an rpi4b running RaspberryPi OS with a 2nd HomeAssistant in a docker. Iāve also got a Win11 PC running VirtualBox - so plenty of places to put a WireGuard server isnāt there?
UPDATE: I did some Googling. Is it necessary for your WireGuard VPN server to have a static IP address from your ISP? I use 4G broadband at home, so my IP address on the internet changes all the time and because they use CGNAT I dont think I have a public facing IP address. Sorry for being off the thread topic.
UPDATE2: Seems not having a public IP address & being behind my ISPs CGNAT, means itās not easy to use a VPN tunnel into my network (looks like various workarounds using reverse tunnels & assorted cloud services). I think Iāll stick to this excellent HomeAssistant ZeroTier integration as it seems to do everything I need.
Try Hassos Addon - Cloudflare Argo Tunnel
This allows exposing your HA instance under a domain (or subdomain) and to apply security (including 2FA).
Sadly there is no official addon, but hopefully, it will be added at some point
I played around with ZeroTier over night and was quite impressed with it.
My LAN IP range is 192.168.2.x
My brothers LAN IP range is 192.168.1.x
I installed ZeroTier on his Plex server (where Wireguard is also installed). and added him to the network. I installed ZeroTier on my Raspberry Pi (where Wireguard is installed) and added that to the network.
Then I made his assigned ZeroTier IP static, 10.241.x.1
And then I added a new route: 192.168.1.0/24 via 10.241.x.1
And sure enough now I can access anything on his LAN from my LAN (to do this with Wireguard, I would typically have to tell Wireguard to send ALL traffic over the VPN, meaning while connected I would lose access to my own network resources)
EDIT: There is a wee bit more work involved in making that work, but a chunk of it was already done when I set up Wireguard. There are some firewall rules that need to be added to the āexitā node.
I live in the Netherlands and I am trying to manage an HA install in the USA.
Iāve installed Zerotier on the HA instance in the USA and created an account on the ZeroTier webpage.
There, I created a new network and let the HA instance connect to it.
Iāve installed the Zerotier client on my Windows PC here in NL and let that client connect to the created Zerotier network.
When I type in the assigned Zerotier address from the HA instance in my browser in NL I can connect to the frontend of HA. So one might think it works!
However, when I try to FTP / SMB into the HA instance it refuses me to.
Tried a lot and even disabled my Windows Firewall without any luck.
Can anyone give me a little guidance on how (or even if) I can send an HTTP POST webhook trigger to my HomeAssistant which is configured to be part of a ZeroTier network?
In the past, I could configure Port-forwarding in my router and with a DDNS service, I could trigger a HomeAssistant webhook Automation to run by sending an HTTP POST request (eg. something like http://myddns.com:8123/api/webhook/<webhook_id>)
However, my current ISP uses CGNAT so my home network is not allocated an external IP address on the internet, so Port Forwarding is useless to me. Iāve got the ZeroTier add-on working in my HomeAssistant and I can access it remotely using the ZeroTier network allocated local IP address from any client that also is part of my ZeroTier network, but I want to know if I can trigger a HomeAssistant webhook Automation using some sort of ZeroTier public URL for my configured ZeroTier network (if that makes sense?)
Basically, I want to run a HomeAssistant Automation from a device like Amazon Alexa by sending a webhook HTTP POST request via my ZeroTier network.
Hi All, I have a question about routing between zeroteir and physical lan using HA.
I have several tasmota devices and some other devices with a web interface on my LAN, and would like to access them from my phone while away from home.
My iphone has problems with zerotier over Wifi, but it works well over 4G. I suspect it has something to do with the ZT+Wifi+Apple combo, not with the zerotier HA-addon.
My brain doesnāt compute with anything appleā¦ i remember trying to print some tickets from my wifes macbook once! i tried until she was ready to leave 3hrs laterā¦ she did it in 30seconds. i still dont understand why the print button for the word app is in the start menu for the whole computer
But anyway, I have had a few times where it just wont work, it shows connected but doesnāt allow network access, but disconnecting Zerotier and reconnecting seems to fix the problem.
is it just home assistant you cant access on the remote network? or can you not connect to any devices on the remote network?
Noticed my HA instance was inaccessible via ZeroTier, but the host was still showing as ONLINE on the ZeroTier website. I locked in the logs for the addon and it was JUST solid:
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
recv: Connection reset by peer
I lost connection via ZeroTier since last week. The last time I was connecting was on Wednesday 08/03 - with no issue. Yesterday I tried with no success. On ZeroTier panel both nodes are online, but mobile app canāt connect. Today I spotted that in the meanwhile was update of this add-on. Any one has similar issue?
I restarted system several times, installed all system updates - no result. In the log there is nothing at all.
[18:34:10] INFO: Starting ZeroTier Oneā¦
s6-rc: info: service legacy-services successfully started
[18:34:10] INFO: Starting ZeroTier Oneā¦
s6-rc: info: service legacy-services successfully started
connect: Host is unreachable
connect: Host is unreachable
connect: Host is unreachable
connect: Host is unreachable
connect: Host is unreachable
connect: Host is unreachable