Very good. I run a self hosted ZT network with two moons. This is perfect. I really like how you logically went through the process as well as your calm voice. Well done, subscribed straight away!!
I had to work a lot with Sophos XGS Firewall lately and all the headaches with licencing, registration, etc. really makes me appreciate how flexible and customizable OPNsense is. :)
Thanks for this instruction. One question: I am not able to add the ZeroTier interface under zen armours configuration page. It is not listed there. Did you had the same issue? I can see indeed the WireGuard interface at the list.
Hi, thanks for watching, please double check like I show from 8:00 onward in the video, that you have assigned and enabled the Zerotier interface. It should then show in the list of interfaces in the Zenarmor dashboard, hopefully this helps.
Hi, in the latest version of Zenarmor, it’s asking for “Set security zone” before you can add the Zerotier interace. The options are: lan, wifi, guest, wan, dmz and custom. Which option is correct? I’ve tried “guest” and it works but once the router is rebooted, it shows an error in Zenarmor and engine will not start. I have to remove the Zerotier interface in Zenarmor setting to be able to start the engine properly. Zerotier works as per your instructions but it can’t route traffic to Zenarmor because of the error.
thanks for the clear instructions! I've tried it and it run flawlessly except the provider that showed in the Ookla's Speedtest app. it's still showing my mobile provider, not my home ISP. does it mean not all my internet traffic run through my home router? I only get my home ISP IP on Chrome. and I still can't open the restricted websites on my phone. it still restricted by my mobile operator.
Hi Adrian, thanks for watching, please double check that in your Zerotier One mobile app you have selected the "route via Zerotier" option. Also make sure that your route is setup correctly within the Zerotier dashboard and that 0.0.0.0/0 is pointing to your firewall. If your routing is working correctly all traffic will go via your home ISP and that should show in the Ookla speedtest.
Hi Brendan, thanks for watching. Either your connection on the firewall/home side is unstable or the connection on your remote/mobile side is unstable. If possible, try an alternative remote/mobile connection as a process of elimination to find out which connection is giving you issues, then troubleshoot from there.
Thanks for the great video I need help with it. I want to block the internet from all people, with the e-mail turned on only on Outlook imap and exchange email
Thanks for watching Mohamed, so to achieve this you will need to create a policy in Zenarmor that blocks everything except IMAP and exchange, you should be able to achieve this using the Web and Application controls built into Zenarmor, and you can fine tune it by creating custom exceptions (black/white lists). Hopefully this puts you in the right direction.
@@ls111cyberEd Thank you for your reply Or vice versa, it is true to block the Internet and open the ports for e-mail only. This is better, but it does not work. In the past, I used to work on ISA it, and things were better in this regard.
Hi, this is the error (engine configuration error) I have in Zenarmor 1.14.2 (opnsense 23.1.11_1) after a router reboot -> Cannot validate interface: netmap@ztagim5045flu3k^ line: 1, 1, netmap@ztagim5045flu3k^, netmap@ztagim5045flu3k, 0, 2, 4344 What did I missed? Thanks!
Hi, thanks for watching, it looks like after the reboot something changed with the Zerotier interface and Zenarmor did not like this. I would start troubleshooting by first confirming that the Zerotier plugin is functioning correctly and that it is connected to the Zerotier network. I would then check the interface assignments (7:50) and confirm that the Zerotier interface is enabled and that you selected the "prevent interface removal" checkbox. Because the Zerotier interface has been dynamically named, like in your case, "ztagim5045flu3k" check that the name has not changed since the reboot. If it has, update with the correct config. Hopefully, this points you in the right direction.
Thanks for the reply @LS111, I really appreciate it. I checked all my configuration as instructed in your video and Zerotier is working properly - I can access my local devices in my home network using cellular data on my mobile phone. The problem only occurs if I add Zerotier interface to Zenarmor - it works initially (all Zerotier traffic are routed to Zenarmor) but it won’t survive a router reboot (Zerotier interface name remains the same, prevent interface removal is checked). I’m not sure if this is a Zenarmor bug (1.14.3) with OPNsense 23.1.11_1 or if there’s a missing configuration that I need to add.
![Twenty One Pilots - The Line (from Arcane Season 2) [Official Audio]](http://i.ytimg.com/vi/XCz7WUotXs8/mqdefault.jpg)
Very good. I run a self hosted ZT network with two moons. This is perfect. I really like how you logically went through the process as well as your calm voice. Well done, subscribed straight away!!
I had to work a lot with Sophos XGS Firewall lately and all the headaches with licencing, registration, etc. really makes me appreciate how flexible and customizable OPNsense is. :)
^^ Yup !
Crystal clear guide! Thanks.
thanks a lot! this is way more easier than setting up a wireguard tunnel ^^
Glad it helped!
Thanks for this instruction.
One question:
I am not able to add the ZeroTier interface under zen armours configuration page. It is not listed there. Did you had the same issue? I can see indeed the WireGuard interface at the list.
Hi, thanks for watching, please double check like I show from 8:00 onward in the video, that you have assigned and enabled the Zerotier interface. It should then show in the list of interfaces in the Zenarmor dashboard, hopefully this helps.
Hi, in the latest version of Zenarmor, it’s asking for “Set security zone” before you can add the Zerotier interace. The options are: lan, wifi, guest, wan, dmz and custom. Which option is correct? I’ve tried “guest” and it works but once the router is rebooted, it shows an error in Zenarmor and engine will not start. I have to remove the Zerotier interface in Zenarmor setting to be able to start the engine properly. Zerotier works as per your instructions but it can’t route traffic to Zenarmor because of the error.
excellent, works perfectly!
Thanks sir ! Good video !!
thanks for the clear instructions! I've tried it and it run flawlessly except the provider that showed in the Ookla's Speedtest app. it's still showing my mobile provider, not my home ISP. does it mean not all my internet traffic run through my home router? I only get my home ISP IP on Chrome. and I still can't open the restricted websites on my phone. it still restricted by my mobile operator.
Hi Adrian, thanks for watching, please double check that in your Zerotier One mobile app you have selected the "route via Zerotier" option. Also make sure that your route is setup correctly within the Zerotier dashboard and that 0.0.0.0/0 is pointing to your firewall. If your routing is working correctly all traffic will go via your home ISP and that should show in the Ookla speedtest.
Maraming salamat.
Thanks for the great video!
Glad you liked it!
Tried every guide on the internet, but can't seem to keep a reliable connection going. Pinging is more miss than hit. Any ideas?
Hi Brendan, thanks for watching. Either your connection on the firewall/home side is unstable or the connection on your remote/mobile side is unstable. If possible, try an alternative remote/mobile connection as a process of elimination to find out which connection is giving you issues, then troubleshoot from there.
Thanks for the great video I need help with it. I want to block the internet from all people, with the e-mail turned on only on Outlook imap and exchange email
Thanks for watching Mohamed, so to achieve this you will need to create a policy in Zenarmor that blocks everything except IMAP and exchange, you should be able to achieve this using the Web and Application controls built into Zenarmor, and you can fine tune it by creating custom exceptions (black/white lists). Hopefully this puts you in the right direction.
@@ls111cyberEd Thank you for your reply
Or vice versa, it is true to block the Internet and open the ports for e-mail only. This is better, but it does not work. In the past, I used to work on ISA it, and things were better in this regard.
Hi, this is the error (engine configuration error) I have in Zenarmor 1.14.2 (opnsense 23.1.11_1) after a router reboot ->
Cannot validate interface:
netmap@ztagim5045flu3k^ line: 1, 1,
netmap@ztagim5045flu3k^,
netmap@ztagim5045flu3k, 0, 2, 4344
What did I missed? Thanks!
Hi, thanks for watching, it looks like after the reboot something changed with the Zerotier interface and Zenarmor did not like this. I would start troubleshooting by first confirming that the Zerotier plugin is functioning correctly and that it is connected to the Zerotier network. I would then check the interface assignments (7:50) and confirm that the Zerotier interface is enabled and that you selected the "prevent interface removal" checkbox. Because the Zerotier interface has been dynamically named, like in your case, "ztagim5045flu3k" check that the name has not changed since the reboot. If it has, update with the correct config. Hopefully, this points you in the right direction.
Thanks for the reply @LS111, I really appreciate it. I checked all my configuration as instructed in your video and Zerotier is working properly - I can access my local devices in my home network using cellular data on my mobile phone. The problem only occurs if I add Zerotier interface to Zenarmor - it works initially (all Zerotier traffic are routed to Zenarmor) but it won’t survive a router reboot (Zerotier interface name remains the same, prevent interface removal is checked). I’m not sure if this is a Zenarmor bug (1.14.3) with OPNsense 23.1.11_1 or if there’s a missing configuration that I need to add.