Differences

This shows you the differences between two versions of the page.

--- pivpn [2022/02/14 20:19]
cfrench removed
+++ — (current)
@@ Line 1: / Line 1: @@
-===== AWS Debian Zero Tier Tunnel =====
-=== Install Zero Tier ===
-Document Source https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode\\
-<code>
-sudo curl -s https://install.zerotier.com | sudo bash
-</code>
-Join Network
-<code>
-sudo zerotier-cli join 98e7278b055e3ea9
-</code>
-This command may do something but I didn't have any luck actually saving the iptables file.
-<code>
-sudo apt-get install iptables-persistent
-</code>
-In this example the $ZT_IFACE was obtained with the following command after adding the Debian machine to the Zero Tier network:
-<code>
-sudo ifconfig
-</code>
-Edit the following file /etc/sysctl.conf and uncomment the following variables and change rp_filter to =2:
-<code>
-net.ipv4.ip_forward=1
-net.ipv4.conf.all.rp_filter=2
-</code>
-The only rules that were actually added to the /etc/iptables/rules.v4 file below are as follows:
-<code>
-*nat
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
--A POSTROUTING -o eth0 -j MASQUERADE
-COMMIT
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD DROP [0:0]
--A FORWARD -i $ZT_IFACE -o $WAN_IFACE -j ACCEPT
--A FORWARD -i $WAN_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
-:OUTPUT ACCEPT [0:0]
-COMMIT
-</code>
-Actual file contents.
-<code>
-# Generated by iptables-save v1.6.0 on Mon Feb 14 17:45:54 2022
-*filter
-:INPUT ACCEPT [0:0]
-:FORWARD DROP [0:0]
--A FORWARD -i ztcprhtnnm -o eth0 -j ACCEPT
--A FORWARD -i eth0 -o ztcprhtnnm -m state --state RELATED,ESTABLISHED -j ACCEPT
-:OUTPUT ACCEPT [0:0]
-:INPUT ACCEPT [2317:604411]
-:FORWARD ACCEPT [1467:325076]
-:OUTPUT ACCEPT [1385:221951]
-:DOCKER - [0:0]
-:DOCKER-ISOLATION-STAGE-1 - [0:0]
-:DOCKER-ISOLATION-STAGE-2 - [0:0]
-:DOCKER-USER - [0:0]
--A FORWARD -j DOCKER-USER
--A FORWARD -j DOCKER-ISOLATION-STAGE-1
--A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--A FORWARD -o docker0 -j DOCKER
--A FORWARD -i docker0 ! -o docker0 -j ACCEPT
--A FORWARD -i docker0 -o docker0 -j ACCEPT
--A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 655 -j ACCEPT
--A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p udp -m udp --dport 655 -j ACCEPT
--A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
--A DOCKER-ISOLATION-STAGE-1 -j RETURN
--A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
--A DOCKER-ISOLATION-STAGE-2 -j RETURN
--A DOCKER-USER -j RETURN
-COMMIT
-# Completed on Mon Feb 14 17:45:54 2022
-# Generated by iptables-save v1.6.0 on Mon Feb 14 17:45:54 2022
-*nat
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
--A POSTROUTING -o eth0 -j MASQUERADE
-:PREROUTING ACCEPT [408:64692]
-:INPUT ACCEPT [6:631]
-:OUTPUT ACCEPT [140:11637]
-:POSTROUTING ACCEPT [542:75698]
-:DOCKER - [0:0]
--A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
--A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
--A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
--A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 655 -j MASQUERADE
--A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p udp -m udp --dport 655 -j MASQUERADE
--A DOCKER -i docker0 -j RETURN
--A DOCKER ! -i docker0 -p tcp -m tcp --dport 655 -j DNAT --to-destination 172.17.0.2:655
--A DOCKER ! -i docker0 -p udp -m udp --dport 655 -j DNAT --to-destination 172.17.0.2:655
-COMMIT
-# Completed on Mon Feb 14 17:45:54 2022
-</code>
-The rest of the setup is done through the controller where you will build a route and tell other clients to route through this node.

DokuWiki

User Tools

Site Tools

Differences

Page Tools