Skip to content

Instantly share code, notes, and snippets.

@dch

dch/_zerotier_vpn_on_freebsd.md

Last active November 25, 2022 08:26
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dch/b36dd170209e65677d23f77c44825b5a to your computer and use it in GitHub Desktop.
Save dch/b36dd170209e65677d23f77c44825b5a to your computer and use it in GitHub Desktop.
Download ZIP
how to set up FreeBSD as a zerotier.com vpn
Raw
_zerotier_vpn_on_freebsd.md

I'm using [PORT]net/zerotier[/PORT] for quite some time as a way of getting to my systems from other networks very happily. It works in airports, cafes, and all the usual hostile places we travel to.

It provides a L2 encrypted mesh (a bit like VXLAN I suppose) via a tap interface.

What I'd like to do is to use the ZT network as a VPN - routing all traffic from my FreeBSD laptop and phone through the zerotier layer out to my appointed ZT "VPN Gateway". Basically, translating the linux doc here: https://support.zerotier.com/knowledgebase.php?entry=show&search-for=full&article=ZWFhNWMyMTZjODY1ODcwNmFhZmJjYmRhN2I5MjRhOGQ_ -- into FreeBSD config. BTW https://www.zerotier.com/manual.shtml has a lot of background detail if you're interested.I can get the iphone working, but not the laptop.

What works after configuring zerotier to provide the "default route" is different on each device:

  • the iphone works
  • an apple imac works
  • freebsd laptop drops off the network entirely, presumably some missing route settings

ifconfig on vpn gateway

root@continuity:~ # ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 82:87:41:12:8d:32
        hwaddr 82:87:41:12:8d:32
        inet6 fe80::8087:41ff:fe12:8d32%vtnet0 prefixlen 64 scopeid 0x1
        inet6 1:2:3:4::51db:d001 prefixlen 64
        inet 1.2.3.4 netmask 0xfffff000 broadcast 1.2.3.255
        inet 10.19.0.5 netmask 0xffff0000 broadcast 10.19.255.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
zt1flo98dm17np8: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 5000 mtu 2800
        options=80000<LINKSTATE>
        ether 2a:33:91:24:38:8e
        hwaddr 00:bd:07:f6:f6:09
        inet6 fe80::2bd:7ff:fef6:f609%zt1flo98dm17np8 prefixlen 64 scopeid 0x4
        inet6 fc7b:c4d6:6bec:8248:7b87::1 prefixlen 40
        inet 10.144.0.1 netmask 0xffff0000 broadcast 10.144.255.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
        groups: tap
        Opened by PID 661

firewall on vpn gateway

# /etc/pf.conf
# macros
protocols = "{ tcp, udp, icmp }"

# interfaces
extl_if = "vtnet0"
intl_if = "lo0"
zero_if = "zt1flo98dm17np8"

# networks
intl_net = $intl_if:network
internet = $extl_if:network
zero_net = $zero_if:network

# limits
set limit { states 80000, frags 20000, src-nodes 20000 }
set timeout { adaptive.start 60000, adaptive.end 78000 }

# clean packets are happy packets
scrub in all

# jails are allowed outbound connections but not inbound
nat on !$zero_if inet  from $zero_net to any -> ($extl_if)
nat on !$zero_if inet6 from $zero_net to any -> ($extl_if)

# o ye of little faith
pass in all
pass out all

route tables on laptop

before zt allowDefault=1

root@akai /u/h/dch# route -n show 10.144.0.0/16
   route to: 10.144.0.0
destination: 10.144.0.0
       mask: 255.255.0.0
        fib: 0
  interface: zt1flo98dm17np8
      flags: <UP,DONE,PINNED>
 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      2800         1         0
root@akai /u/h/dch# route -n show default
   route to: 0.0.0.0
destination: 0.0.0.0
       mask: 0.0.0.0
    gateway: 172.16.2.1
        fib: 0
  interface: wlan0
      flags: <UP,GATEWAY,DONE,STATIC>
 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1500         1         0
root@akai /u/h/dch#

after zt allowDefault=1

root@akai /u/h/dch# zerotier-cli set 17d709436c13df28 allowDefault=1
{
 "allowDefault": true,
 "allowGlobal": false,
 "allowManaged": true,
 "assignedAddresses": [
  "fc7b:c4d6:6b9b:bbdb:fdd2:0000:0000:0001/40",
  "10.144.49.109/16"
 ],
 "bridge": false,
 "broadcastEnabled": true,
 "dhcp": false,
 "id": "17d709436c13df28",
 "mac": "2a:44:a8:b7:be:db",
 "mtu": 2800,
 "name": "skunkwerks",
 "netconfRevision": 8,
 "nwid": "17d709436c13df28",
 "portDeviceName": "zt1flo98dm17np8",
 "portError": 0,
 "routes": [
  {
   "flags": 0,
   "metric": 0,
   "target": "0.0.0.0/0",
   "via": "10.144.0.1"
  },
  {
   "flags": 0,
   "metric": 0,
   "target": "10.144.0.0/16",
   "via": null
  }
 ],
 "status": "OK",
 "type": "PRIVATE"
root@akai /u/h/dch# route -n show default
   route to: 0.0.0.0
destination: 0.0.0.0
       mask: 0.0.0.0
    gateway: 172.16.2.1
        fib: 0
  interface: wlan0
      flags: <UP,GATEWAY,DONE,STATIC>
 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1500         1         0
root@akai /u/h/dch# route -n show 10.144.0.0/16
   route to: 10.144.0.0
destination: 10.144.0.0
       mask: 255.255.0.0
        fib: 0
  interface: zt1flo98dm17np8
      flags: <UP,DONE,PINNED>
 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      2800         1         0
root@akai /u/h/dch# route -n show 8.8.8.8
   route to: 8.8.8.8
destination: 0.0.0.0
       mask: 128.0.0.0
    gateway: 10.144.0.1
        fib: 0
  interface: zt1flo98dm17np8
      flags: <UP,GATEWAY,DONE,STATIC>
 recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      2800         1         0
root@akai /u/h/dch# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss
root@akai /u/h/dch# curl http://8.8.8.8/
curl: (7) Couldn't connect to server

ngrep on vpn gateway showing iphone DNS traffic

root@continuity:~ # ngrep -tixd zt1flo98dm17np8 ifconfig.io
interface: zt1flo98dm17np8 (10.144.0.0/255.255.0.0)
match: ifconfig.io
########################
U 2017/09/08 10:33:31.510220 10.144.196.52:49721 -> 8.8.8.8:53
  8e 7c 01 00 00 01 00 00    00 00 00 00 08 69 66 63    .|...........ifc
  6f 6e 66 69 67 02 69 6f    00 00 1c 00 01             onfig.io.....   
#
U 2017/09/08 10:33:31.511119 10.144.196.52:59756 -> 8.8.8.8:53
  ea 69 01 00 00 01 00 00    00 00 00 00 08 69 66 63    .i...........ifc
  6f 6e 66 69 67 02 69 6f    00 00 01 00 01             onfig.io.....   
#
Raw
freebsd.md

set up a zt gateway on FreeBSD 11.1R amd64

based off https://support.zerotier.com/knowledgebase.php?entry=show&search-for=&article=ZWFhNWMyMTZjODY1ODcwNmFhZmJjYmRhN2I5MjRhOGQ_

prerequisites for your zt-based vpn

  • install your FreeBSD and ssh in as root
  • use the HEAD branch of FreeBSD ports

install zerotier package

# pkg install -y net/zerotier net/ngrep textproc/jq
# sysrc zerotier_enable=YES
# service zerotier start

join your zt network

# zerotier-cli join 12345678abcedf

200 join OK

root@zt:~# zerotier-cli -j info | jq .
{
 "address": "5bas3cerbc",
 "clock": 1504882287441,
 "cluster": null,
 "config": {
  "physical": null,
  "settings": {
   "portMappingEnabled": true,
   "primaryPort": 9993,
   "softwareUpdate": "disable",
   "softwareUpdateChannel": "release"
  }
 },
 "online": true,
 "planetWorldId": 1235675672,
 "planetWorldTimestamp": 1452708876314,
 "publicIdentity": "a3c456e3a4563c456a3c456:cea567ce4a56f3456a",
 "tcpFallbackActive": false,
 "version": "1.2.4",
 "versionBuild": 0,
 "versionMajor": 1,
 "versionMinor": 2,
 "versionRev": 4
}

zerotier control panel

You'll now need to switch to the zerotier control panel:

  • find your vpn gateway and authorise it
  • note down its zerotier ipv4 address, subnet, and netmask
  • add a zt default route for 0.0.0.0/0 -> your vpn gateway ip

set up firewall NAT

  • make sure you update it below for your network
# /etc/pf.conf
# macros
protocols = "{ tcp, udp, icmp }"

# interfaces
intl_if = "lo0"
extl_if = "vtnet0"
zero_if =  "zt1flo1234abcd"

# networks
intl_net = $intl_if:network
internet = $extl_if:network
zero_net = $zero_if:network

# clean packets are happy packets
scrub in all

nat on !$zero_if inet  from $zero_net to any -> ($extl_if)
nat on !$zero_if inet6 from $zero_net to any -> ($extl_if)

pass in all
pass out al

start the firewall

# sysrc pf_enable=YES
# service pf start

enable routing

# sysctl net.inet.ip.forwarding=1
# sysrc gateway_enable=YES

profit

  • reboot and confirm everything is visible in the zerotier control panel
  • use a client (phone, laptop, whatever) and confirm you can see traffic flowing
  • I use http://ifconfig.io/ and ngrep -qixtd vtnet0 ifconfig.io on client & gateway respectively
Raw
netstat-r_default_off.txt
# netstat -rn4
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 172.16.2.1 UGS wlan0
10.144.0.0/16 link#3 U zt1flo98
10.144.49.109 link#3 UHS lo0
127.0.0.1 link#1 UH lo0
172.16.2.0/24 link#2 U wlan0
172.16.2.15 link#2 UHS lo0
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:28:f8:d0:91:52
inet6 fe80::228:f8ff:fed0:9152%wlan0 prefixlen 64 scopeid 0x2
inet 172.16.2.15 netmask 0xffffff00 broadcast 172.16.2.255
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g
status: associated
ssid skunkwerks channel 11 (2462 MHz 11g) bssid 80:2a:a8:5a:bd:3f
regdomain ETSI country AT authmode WPA2/802.11i privacy ON
deftxkey UNDEF AES-CCM 2:128-bit txpower 30 bmiss 10 scanvalid 60
protmode CTS wme roaming MANUAL
groups: wlan
zt1flo98dm17np8: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 5000 mtu 2800
options=80000<LINKSTATE>
ether 2a:44:a8:b7:be:db
hwaddr 00:bd:1d:19:ff:09
inet6 fe80::2bd:1dff:fe19:ff09%zt1flo98dm17np8 prefixlen 64 scopeid 0x3
inet6 fc7b:c4d6:6b9b:bbdb:fdd2::1 prefixlen 40
inet 10.144.49.109 netmask 0xffff0000 broadcast 10.144.255.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
groups: tap
Opened by PID 762
Raw
netstat-r_default_on.txt
# netstat -rn4
Routing tables
Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 10.144.0.1 UGS zt1flo98
default 172.16.2.1 UGS wlan0
10.144.0.0/16 link#3 U zt1flo98
10.144.49.109 link#3 UHS lo0
127.0.0.1 link#1 UH lo0
128.0.0.0/1 10.144.0.1 UGS zt1flo98
172.16.2.0/24 link#2 U wlan0
172.16.2.15 link#2 UHS lo0
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:28:f8:d0:91:52
inet6 fe80::228:f8ff:fed0:9152%wlan0 prefixlen 64 scopeid 0x2
inet 172.16.2.15 netmask 0xffffff00 broadcast 172.16.2.255
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g
status: associated
ssid skunkwerks channel 11 (2462 MHz 11g) bssid 80:2a:a8:5a:bd:3f
regdomain ETSI country AT authmode WPA2/802.11i privacy ON
deftxkey UNDEF AES-CCM 2:128-bit txpower 30 bmiss 10 scanvalid 60
protmode CTS wme roaming MANUAL
groups: wlan
zt1flo98dm17np8: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 5000 mtu 2800
options=80000<LINKSTATE>
ether 2a:44:a8:b7:be:db
hwaddr 00:bd:1d:19:ff:09
inet6 fe80::2bd:1dff:fe19:ff09%zt1flo98dm17np8 prefixlen 64 scopeid 0x3
inet6 fc7b:c4d6:6b9b:bbdb:fdd2::1 prefixlen 40
inet 10.144.49.109 netmask 0xffff0000 broadcast 10.144.255.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
groups: tap
Opened by PID 762
Raw
osx_netstat-r_default_off.txt
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 172.16.2.1 UGSc 37 7 en1
10.144/16 link#9 UC 3 0 zt2
10.144.0.1 2a:33:91:24:38:8e UHLWIr 0 0 zt2 948
10.144.255.255 ff:ff:ff:ff:ff:ff UHLWbI 0 5 zt2
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 11 1300654 lo0
169.254 link#5 UCS 0 0 en1
172.16.1/24 link#15 UC 2 0 vmnet3
172.16.1.1 0:50:56:c0:0:3 UHLWIi 1 20 lo0
172.16.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 5 vmnet3
172.16.2/24 link#5 UCS 2 0 en1
172.16.2.1/32 link#5 UCS 1 0 en1
172.16.2.1 0:90:b:4d:67:9a UHLWIir 31 11087 en1 318
172.16.2.14 80:ed:2c:45:8e:f7 UHLWI 0 2 en1 1124
172.16.2.34/32 link#5 UCS 0 0 en1
172.16.2.255 ff:ff:ff:ff:ff:ff UHLWbI 0 3 en1
172.16.143/24 link#13 UC 2 0 vmnet1
172.16.143.255 ff:ff:ff:ff:ff:ff UHLWbI 0 5 vmnet1
172.16.213/24 link#16 UC 2 0 vmnet8
172.16.213.255 ff:ff:ff:ff:ff:ff UHLWbI 0 5 vmnet8
192.168.33 link#14 UC 2 0 vmnet2
192.168.33.255 ff:ff:ff:ff:ff:ff UHLWbI 0 5 vmnet2
224.0.0/4 link#5 UmCS 2 0 en1
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en1
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI 0 718 en1
255.255.255.255/32 link#5 UCS 1 0 en1
255.255.255.255 ff:ff:ff:ff:ff:ff UHLWbI 0 3 en1
Internet6:
Destination Gateway Flags Netif Expire
default fe80::%utun0 UGcI utun0
::1 ::1 UHL lo0
fc7b:c4d6:6b00::/40 link#9 UC zt2
fc7b:c4d6:6b0e:2967:7bdd::1 2a:d1:3a:b:38:d4 UHL lo0
fc7b:c4d6:6be2:8e50:6c98::1 2a:3d:9d:3c:2f:91 UHLWI zt2
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en1/64 link#5 UCI en1
fe80::42c:b047:9f09:ab8b%en1 8c:2d:aa:3e:3:9b UHLI lo0
fe80::4fa:b01f:2014:21d4%en1 e8:b2:ac:63:b0:7 UHLWI en1
fe80::1c63:925e:3546:cefe%en1 80:ed:2c:45:8e:f7 UHLWIi en1
fe80::4a0f:cfff:fe22:f3a4%en1 48:f:cf:22:f3:a4 UHLWI en1
fe80::%zt2/64 link#9 UCI zt2
fe80::28d1:3aff:fe0b:38d4%zt2 2a:d1:3a:b:38:d4 UHLI lo0
fe80::%awdl0/64 link#11 UCI awdl0
fe80::2cb1:b7ff:fecc:11e4%awdl0 2e:b1:b7:cc:11:e4 UHLI lo0
fe80::%utun0/64 fe80::7e12:d177:5784:cbf4%utun0 UcI utun0
fe80::7e12:d177:5784:cbf4%utun0 link#12 UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en1/32 link#5 UmCI en1
ff01::%zt2/32 link#9 UmCI zt2
ff01::%awdl0/32 link#11 UmCI awdl0
ff01::%utun0/32 fe80::7e12:d177:5784:cbf4%utun0 UmCI utun0
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en1/32 link#5 UmCI en1
ff02::%zt2/32 link#9 UmCI zt2
ff02::%awdl0/32 link#11 UmCI awdl0
ff02::%utun0/32 fe80::7e12:d177:5784:cbf4%utun0 UmCI utun0
Raw
osx_netstat-r_default_on.txt
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
0/1 10.144.0.1 UGSc 1 0 zt2
default 172.16.2.1 UGSc 20 7 en1
0/1 172.16.2.1 UGScI 11 0 en1
10.144/16 link#9 UC 3 0 zt2
10.144.0.1 2a:33:91:24:38:8e UHLWIir 4 0 zt2 908
10.144.255.255 ff:ff:ff:ff:ff:ff UHLWbI 0 7 zt2
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 13 1300960 lo0
128.0/1 10.144.0.1 UGSc 1 0 zt2
128.0/1 172.16.2.1 UGScI 8 0 en1
169.254 link#5 UCS 0 0 en1
172.16.1/24 link#15 UC 2 0 vmnet3
172.16.1.1 0:50:56:c0:0:3 UHLWIi 1 20 lo0
172.16.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 7 vmnet3
172.16.2/24 link#5 UCS 2 0 en1
172.16.2.1/32 link#5 UCS 1 0 en1
172.16.2.1 0:90:b:4d:67:9a UHLWIir 31 11093 en1 1192
172.16.2.14 80:ed:2c:45:8e:f7 UHLWI 0 2 en1 1084
172.16.2.34/32 link#5 UCS 0 0 en1
172.16.2.255 ff:ff:ff:ff:ff:ff UHLWbI 0 5 en1
172.16.143/24 link#13 UC 2 0 vmnet1
172.16.143.255 ff:ff:ff:ff:ff:ff UHLWbI 0 7 vmnet1
172.16.213/24 link#16 UC 2 0 vmnet8
172.16.213.255 ff:ff:ff:ff:ff:ff UHLWbI 0 7 vmnet8
192.168.33 link#14 UC 2 0 vmnet2
192.168.33.255 ff:ff:ff:ff:ff:ff UHLWbI 0 7 vmnet2
224.0.0/4 link#5 UmCS 2 0 en1
224.0.0.251 1:0:5e:0:0:fb UHmLWI 0 0 en1
239.255.255.250 1:0:5e:7f:ff:fa UHmLWI 0 721 en1
255.255.255.255/32 link#5 UCS 1 0 en1
255.255.255.255 ff:ff:ff:ff:ff:ff UHLWbI 0 5 en1
Internet6:
Destination Gateway Flags Netif Expire
default fe80::%utun0 UGcI utun0
::1 ::1 UHL lo0
fc7b:c4d6:6b00::/40 link#9 UC zt2
fc7b:c4d6:6b0e:2967:7bdd::1 2a:d1:3a:b:38:d4 UHL lo0
fc7b:c4d6:6be2:8e50:6c98::1 2a:3d:9d:3c:2f:91 UHLWI zt2
fe80::%lo0/64 fe80::1%lo0 UcI lo0
fe80::1%lo0 link#1 UHLI lo0
fe80::%en1/64 link#5 UCI en1
fe80::42c:b047:9f09:ab8b%en1 8c:2d:aa:3e:3:9b UHLI lo0
fe80::4fa:b01f:2014:21d4%en1 e8:b2:ac:63:b0:7 UHLWI en1
fe80::1c63:925e:3546:cefe%en1 80:ed:2c:45:8e:f7 UHLWIi en1
fe80::4a0f:cfff:fe22:f3a4%en1 48:f:cf:22:f3:a4 UHLWI en1
fe80::%zt2/64 link#9 UCI zt2
fe80::28d1:3aff:fe0b:38d4%zt2 2a:d1:3a:b:38:d4 UHLI lo0
fe80::%awdl0/64 link#11 UCI awdl0
fe80::2cb1:b7ff:fecc:11e4%awdl0 2e:b1:b7:cc:11:e4 UHLI lo0
fe80::%utun0/64 fe80::7e12:d177:5784:cbf4%utun0 UcI utun0
fe80::7e12:d177:5784:cbf4%utun0 link#12 UHLI lo0
ff01::%lo0/32 ::1 UmCI lo0
ff01::%en1/32 link#5 UmCI en1
ff01::%zt2/32 link#9 UmCI zt2
ff01::%awdl0/32 link#11 UmCI awdl0
ff01::%utun0/32 fe80::7e12:d177:5784:cbf4%utun0 UmCI utun0
ff02::%lo0/32 ::1 UmCI lo0
ff02::%en1/32 link#5 UmCI en1
ff02::%zt2/32 link#9 UmCI zt2
ff02::%awdl0/32 link#11 UmCI awdl0
ff02::%utun0/32 fe80::7e12:d177:5784:cbf4%utun0 UmCI utun0
@xpader
Copy link

xpader commented Feb 26, 2020

How to config NAT using ipfw??

@paulofragoso
Copy link

Link to zerotier site is broken

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment