2

I have a handful of internet-facing Linux (Ubuntu) VPSs with a couple of providers, and I connect them together with a virtual backplane network from ZeroTier (https://www.zerotier.com/). I use this to do stuff like database replication between servers without the need to allow database connections across the public internet. Also on the virtual network is my home server VM, running Windows 2008. This is behind NAT on my home network, and I include it in the backplane to allow my web-based tools to authenticate against AD using LDAP. The virtual network is a simple solution to making NAT irrelevant.

My home network uses the subnet 192.168.1.x, and my ZeroTier virtual network uses the subnet 192.168.2.x. What I’d like to do is join the two networks together, so that any of the virtual nodes on the ZeroTier virtual network are directly accessible from any of the machines on my home network, and vice-versa.

My home router is provided by Internet provider and doesn’t allow me to configure static routes, but all the machines on my home network are part of an AD domain and I anticipate that I can use group policy to configure whatever static route(s) I need on the clients through a startup script. I’m not able to change the default gateway on my home network either – the router sets itself as such when providing IP addresses through DHCP.

I have no idea how to accomplish what I’m trying to do. I assume I need to set static routes on all the windows clients on my home network to send traffic destined for 192.168.2.x to the Windows 2008 VM (192.168.1.52), set routes on all the VPSs to send traffic destined for 192.168.1.x to the Windows 2008 VM (192.168.2.100), and then do something on the Windows 2008 VM to get it to appropriately forward between its physical and virtual network interfaces as required. That’s great on paper, but I’ve never had a need to set up static routes on either Windows or Linux until now and I have no idea how, nor do I know how to get the Windows 2008 VM setup to fulfill its role as a middle-man/router.

Some additional information: In addition to the Windows 2008 VM I also have an Ubuntu Server VM on my home network. If it’s easier to use the Linux box as the middle-man in this scenario then I can do that. I included the Windows box in the virtual network because I wanted the VPSs to be able to easily access its services, but if we can get the two subnets joined then they’ll obviously be able to do that anyway.

Can anyone help guide me? If my approach is fundamentally flawed somehow then I’m open to other suggestions on how to accomplish what I’m trying to do.

Jason Williams
  • 63
  • 8
  • Do you have a diagram of your network? I'm having a hard time following. – Geruta Jul 14 '15 at 17:04
  • [Sure thing!](http://i.imgur.com/HzXKLI6.png) Apologies in advance for my crappy diagramming skills. The home network (192.168.1.x) is connected to the internet through the router. The VPSs all have their own public IP in addition to the 192.168.2.x address on the virtual interface. – Jason Williams Jul 14 '15 at 18:05
  • Thanks for the diagram. Its making figuring this out a bit easier. Now, another question for you. How is your Windows server at 192.168.1.52 able to communicate with your ZeroTier virtual network? Ive never came across this service before. Is it an application that you install on your PCs to form a virtual network? – Geruta Jul 14 '15 at 20:12
  • So i just looked at it a bit more in detail. Are you able to install the ZeroTier application on your Windows Client's and Linux Server? If you do, it will give you two interfaces. 1 interface will connect to the 192.168.1.x network and the other will connect to the 192.168.2.x network. The PC will forward all traffic destined for the 2.x network out of the NetTier virtual interface and everything else will forward out of the proper real interface. – Geruta Jul 14 '15 at 20:16
  • I think that may be the way I have to go. I'm going to play around a little more with defining static routes, and maybe install routing services on the Windows 2008 box. We'll see! – Jason Williams Jul 15 '15 at 00:07
  • Yeah, that works as well. The idea with that, if you choose to do it is create a static route on your pcs and Linux server that says to forward all 192.168.2.x traffic to 192.168.1.53. Then using the routing and remote access, create a virtual "router" that fordwards traffic between the two networks. Keep in mind that you will need to add static routes to the other servers outside your house that point back to your house so everything can communicate with each other. – Geruta Jul 15 '15 at 03:03
  • You could also use the Layer 2 bridging feature in ZeroTier https://support.zerotier.com/knowledgebase.php?entry=show&search-for=&article=N2ViNmQxZmZiMDRkM2UzODZlOWJiOWFiODFkOGRlZDE_ – tladuke Aug 22 '17 at 22:25

0 Answers0