ZeroTier Review
-
@johnhooks said:
Yes. I was planning on having a peer at the office in bridge mode which forwards requests to the office and out of the office.
That works. So the problem is that the one side can't be connected to the other. A A can see all of B, but B can't see all of A?
-
@scottalanmiller said:
@johnhooks said:
Yes. I was planning on having a peer at the office in bridge mode which forwards requests to the office and out of the office.
That works. So the problem is that the one side can't be connected to the other. A A can see all of B, but B can't see all of A?
Well I'm not even sure if that's a stipulation. In my experience with this hospital before, I believe it's just because they don't want to do anything on their end. I had set up a client to connect to his existing Cisco router. It works everywhere outside of the hospital's network but they essentially wouldn't attempt to figure out why. That's when I asked if we could do a site to site tunnel and they said "that's not going to happen." So I needed a client/server set up. This will work and is east to connect to but I think the edgerouter will be nicer.
-
@johnhooks said:
Well I'm not even sure if that's a stipulation. In my experience with this hospital before, I believe it's just because they don't want to do anything on their end.
Isn't site to site the "least to do on their end" solution?
-
@scottalanmiller said:
@johnhooks said:
Well I'm not even sure if that's a stipulation. In my experience with this hospital before, I believe it's just because they don't want to do anything on their end.
Isn't site to site the "least to do on their end" solution?
You would think. So we will have to install the client on each billing computer and then they will have to manually connect and disconnect.
This is a hospital that is still using the records system they wrote in DOS and I'm willing to bet dollars to donuts that it's sent via HTTP over the internet from the offices to the hospital. The doctors just run this small application that sends all of the info to the hospital address. I never inspected, but Ive set it up and never had to create or install any certificates.
-
@johnhooks said:
You would think. So we will have to install the client on each billing computer and then they will have to manually connect and disconnect.
Seems their required solution is the opposite of their stated goals.
I need a car but you must only buy a boat.
-
@johnhooks said:
This is a hospital that is still using the records system they wrote in DOS and I'm willing to bet dollars to donuts that it's sent via HTTP over the internet from the offices to the hospital.
Seems unlikely. The gap between DOS was a viable OS and when HTTP was a viable transfer protocol was pretty huge. I suspect they are using something far, far older.
-
@scottalanmiller said:
@johnhooks said:
This is a hospital that is still using the records system they wrote in DOS and I'm willing to bet dollars to donuts that it's sent via HTTP over the internet from the offices to the hospital.
Seems unlikely. The gap between DOS was a viable OS and when HTTP was a viable transfer protocol was pretty huge. I suspect they are using something far, far older.
Well that's even worse then. They are supposed to switch over to the system that this doctors office uses. So I'm sure I'll be in for some fun when the switch happens.
-
That will be a big shock coming from DOS! What OS are they running the app on now? XP, I assume?
-
@scottalanmiller said:
That will be a big shock coming from DOS! What OS are they running the app on now? XP, I assume?
Well I'm not sure about in the hospital itself. They send out discs with updates to the doctors offices so it does run on 7 in the doctors office.
-
@johnhooks I activated the bridging functionality within ZeroTier when I created the network, and then authorized the client (at my destination network) to be a bridge, and then I set up the route on my remote ztClient.... I should probably draw it out, lol.
I did have to set up a Linux VM to get the routing to work right. Windows doesn't do routing without having to install RRAS, and I didn't feel like settingall that up (and I had a fresh Fedora VM with nothing on it anyway, lol)...
... |---(Llinksys, NAT)---- (public internet)--------------(remote client, 192.168.251.49/24, zt0)
(SITE A)--|
... |--(SITE A LAN, 192.168.10.0/24)--(192.168.10.10/24, eth0)--ztRouter(192.168.251.179/24, zt0)On my Linksys, I added a route to 192.168.251.0/24 via 192.168.10.10.
On the remote client, I added a route to 192.168.10.0/24 via 192.68.251.179 -
@dafyre said:
@johnhooks I activated the bridging functionality within ZeroTier when I created the network, and then authorized the client (at my destination network) to be a bridge, and then I set up the route on my remote ztClient.... I should probably draw it out, lol.
I did have to set up a Linux VM to get the routing to work right. Windows doesn't do routing without having to install RRAS, and I didn't feel like settingall that up (and I had a fresh Fedora VM with nothing on it anyway, lol)...
... |---(Llinksys, NAT)---- (public internet)--------------(remote client, 192.168.251.49/24, zt0)
(SITE A)--|
... |--(SITE A LAN, 192.168.10.0/24)--(192.168.10.10/24, eth0)--ztRouter(192.168.251.179/24, zt0)On my Linksys, I added a route to 192.168.251.0/24 via 192.168.10.10.
On the remote client, I added a route to 192.168.10.0/24 via 192.68.251.179Thanks so much for all of your help. I did get everything to work between my laptop and a VM. I didn't know if when I checked bridge on the web interface I had to bridge the zt0 and eth0 interfaces.
Took me a while to figure everything out. I could ping my eth0 ip for my laptop but nothing else. After much wailing and gnashing of teeth I realized I had set masquerading up incorrectly.
This might not work for the intended purpose since routing would have to be set up on the hospital side and they are most likely not going to do anything (also they are using Windows).
-
I gotcha. It may be best, then to have the server hosting the software run ZeroTier, and then your other Doctors join your ZeroTier network as well...
But it seems to me that I remember reading somebody didn't want it done that way...
-
@dafyre said:
I gotcha. It may be best, then to have the server hosting the software run ZeroTier, and then your other Doctors join your ZeroTier network as well...
But it seems to me that I remember reading somebody didn't want it done that way...
That would have been the easiest, but I can't get access to the application server. It's locked down and the software company has to ssh in to change anything. They won't install any third party packages. But I don't expect them to, that could be a big issue.
-
So, can I install this software on one computer, and use it to access the entire network?
-
@anonymous said:
So, can I install this software on one computer, and use it to access the entire network?
It's the same as Pertino in that way, or Hamachi. You can access any node that also has the software on it or anything sitting behind a gateway.
-
-
@anonymous said:
@scottalanmiller said:
or anything sitting behind a gateway.
Can you explain that?
It's like a site to site, or client to site VPN. You (or a firewall) connect to a gateway device on the network you want to connect to, then you appear as a node on that network simply able to connect to things as if you were local.
This is a bit more complex as you need to setup routing, etc.
-
@anonymous said:
@scottalanmiller said:
or anything sitting behind a gateway.
Can you explain that?
A gateway connects the VPN to the network behind it, same as any "normal" VPN device.
-
I needed a quick and dirty single device to my server connection for a project that is suppose to last about a month. I went from zero to finished in about 30 mins. Using ZeroTier as the host, damn that was fast and easy
Frankly I looked at Pertino first thinking they had a free for 10 users type thing, but I couldn't find immediately so I bailed and moved onto ZeroTier.
Now time to see about standing up my own ZT host.
-
@Dashrender said:
I needed a quick and dirty single device to my server connection for a project that is suppose to last about a month. I went from zero to finished in about 30 mins. Using ZeroTier as the host, damn that was fast and easy
Frankly I looked at Pertino first thinking they had a free for 10 users type thing, but I couldn't find immediately so I bailed and moved onto ZeroTier.
Now time to see about standing up my own ZT host.
A Pertino account with no paid subscription can have 3 devices on the network.
Works a treat for one off stuff like you mentioned as long as you need only a 1 to 1 access. I like to use it to provide RDP access to an internal PC or VM that the user can then use to access whatever they need.
