The NAS at my home is actually not very utilizing,I have important data on cloud disk。However, it is still much more convenient to have a media center at home... For example, when watching a movie。Can be downloaded in the background,Then the TV and other devices can read it directly。
I used an old rmbp to make a server,Place next to the router,Direct connection to the network cable,This download can maximize bandwidth utilization。However, as we all know, macOS supports smb services very badly,Recently, taking advantage of a friend's small host,Just use it to create a home lab,Proxmox VE virtualization technology used,Except for a nvme not recognizing problem for dell,The installation process is actually very simple,I won't go into details here。(Dell needs to go to bios to change the default raid mode to Ahci)
I installed OpenMediaVault in PVE (OMV),Professional Nas system is much better than old rmbp,Not to mention the amount of resources occupied,The transmission speed is also super fast!
of course,There is still a little imperfect now,You can only visit at home。Everyone knows this,What about home network,There are only a few options:
- Spend money to buy static public network IP
- Find the operator to dynamic public network IP and then do ddns
Then make a VPN server...
of course,You can also do a virtual intranet,This was the earliest application in the early years to play LAN games online with classmates.,Hamachi,Of course, it can also be the Haofang battle platform... Now,There are also free options like ZeroTier
He can put your NAS and mobile phones in the same virtual LAN,Then no matter where you are,Just connect,You and Nas are in a virtual LAN。Going further,If you put the router or server that supports forwarding into this virtual LAN,You can also configure it as a network exit,In this way, ZeroTier will run like an ordinary VPN,Very convenient,This way, connect to Wi-Fi and other networks outside,You can also turn it on,Let's easily encrypt network data。
design
My plan here is to directly add the router to ZeroTier,Then configure the routing in ZeroTier,Let my router be the gateway in this virtual LAN,This way, it can forward data and access NAS in the LAN。
Sign up ZeroTier
Go to https://my.zerotier.com/ Register an account,and generate your first network。Free accounts can be created at most 3 A network,Actually, I only need one。Remember to skip the initialization tutorial,Otherwise you need at least two devices to complete the tutorial。
It is noteworthy that,The newly created networks are public,That is, once your network number is leaked,Anyone can join your network,And you can't kick the device out。of course,The advantage is that you can set up routing for the network,Free account private networks cannot add routing entries,Here we will keep the public network first,Switch back to private after configuration,Routing information will be retained。
RouterOS Install ZeroTier
First of all go to Proxy Official website download expansion package https://mikrotik.com/download, Extra packages ,These packages are not included in the default system,Unzip after downloading to zip,Find the zerotier package,Upload to the root directory of your router and restart,This will automatically install the package。Restart to System – Check in the Packages directory,make sure cerot The package exists and has been activated:
Make sure the zerotier package is installed and activated correctly
Use the command: cerot/enable zt1 To activate the default instance,This is actually the official zerotier server。ZeroTier is open source,You can also build your own place for convenience, so I use the official one。
If you are in the country,It's better to build your own node,I'll actually test it,Although using the official server can successfully connect to the network,But the actual transmission speed is not as good as possible,China Mobile Network Speed Testing is only 0.5m Bandwidth。
Then use the command to add the network we just created to the zerotier interface:
|
1 |
zerotier/interface/add network=<network id> instance=zt1 allow-managed=yes |
The default is,The name of this interface is zerotier1
Use the command to view the interface status: cerot/interface/print ,Just see status OK。
Of course this is not enough,We also need to configure a firewall to allow ZeroTier traffic to pass:
|
1 2 |
/ip firewall filter add action=accept chain=forward in-interface=zerotier1 place-before=0 /ip firewall filter add action=accept chain=input in-interface=zerotier1 place-before=0 |
Configure ZeroTier
Then we return to the ZeroTier web control panel,After refreshing, you should be able to see the information about the newly added router,and the virtual address it allocates,For example, I got the router here 10.242.151.88 Such an intranet address,Let's add a routing information,All network requests are routed to the router: 0.0.0.0/0 via 10.242.151.88 ,Meaning to access any address,All go 10.242.151.196 This device。
After successful addition, you can switch the network to private,This way, once new equipment is added,Not only do you need to know your network number,You also need to click Authorization in this panel。
Configure RouterOS as gateway
of course,Now you can actually access the intranet device through the virtual LAN,Next, let's add NAT so that this virtual LAN can also access the real external network.。
|
1 |
/ip firewall nat add chain=srcnat action=masquerade out -interface-list=WAN src-address=<zerotier-subnet> |
Here <cerot-subnet> It is the virtual intranet address you got in ZeroTier,Usually the default one in your routing table,For example, I'm 10.243.0.0/16 (ROLLING)
Such,The router has been configured,Finally, the configuration on your ZeroTier device client。
Configuring the ZeroTier Client
After ZeroTier client is configured,The default is that global routing is not added,You need to enable the default gateway or global routing option in the settings。
In addition, ZeroTier uses native DNS by default,This may cause DNS leaks when using VPN,You need to manually set up your own DNS,For example, I set DNS as the IP address of my router,Since the default route has been configured,So this address can be the IP address issued by ZeroTier,It can also be my own intranet IP address of my router,Can,Because it's the same device。In this way, the DNS request will also be sent to your own router。
An additional benefit is,If you have configured a router to remove ads,,Then you can enjoy the advertising network environment even if you go out hhhh
Original article written by LogStudio:R0uter's Blog » Cerot + RouterOS builds home VPN
Reproduced Please keep the source and description link:https://www.logcg.com/archives/3889.html
