Using Synology as a ZeroTier Bridge

I was introduced to Zero tier a few years ago. I find it pretty solid and the free plan works well as a sort of reverse NAT style VPN’esk solution. Each node gets a multi homed IP that’s always available. This means I can ssh into my laptop no matter where it is, or have it backup to an internal server consistently. You don’t have to open any ports up as your routing traffic through their servers. Additionally you don’t need a static IP to make this work.

Versions tested

Software	Version	OS
DSM	DSM 6.2.2-24922 Update 6	Synology

You need at least one node that’s consistently online to route the traffic from Zero Tier to your devices. You can buy stand alone units for this but I often use my Synology for central services like this. To get started you will need the following:

• Sign up for account: https://my.zerotier.com/
• Download correct Synology Package for your arch https://download.zerotier.com/dist/synology/

Use the Github Wiki to find the right arch

Install Package

Using the Package Center add the package via the Manual Install Button

Join the Zero Tier network

Grab your network ID from https://my.zerotier.com/ and launch the Zero Tier app you installed via Package Center.

Enable Routing & Nat

/etc/sysctl.conf

net.ipv4.conf.all.forwarding=1
net.ipv4.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.default.forwarding=1

ssh into your Synology and edit the sysctl configuration. Then apply your changes

$ sysctl --system

This needs to be automated but I haven’t decided from a gem installed puppet or hacked ansible for managing my synology yet.

Enable IP Tables Rules

sudo -s
/sbin/iptables -t nat -A POSTROUTING -o bond0 -j MASQUERADE
/sbin/iptables -A FORWARD -i bond0 -o eth50 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth50 -o bond0 -j ACCEPT

Where is bond0 is your LAN interface and eth50 is your zerotier interface

I have a bond as I use LACP to bond my 4 Ethernet ports together on my DS1515+

Persistance

These need to be set at reboot to stay persistent so you should add them to /etc/rc.local

Configure Bridging

Add your synology to your network and Allow Ethernet bridging. Create a managed route as shown above.

Zero Tier on Phone

Now that you have an ethernet bridge you can install the Zero Tier app on your phone and join the network.

As you can see I can connect to my arduino project that allows me to lock my car doors at night.

If you followed my DNS Post then you can actually use split DNS here as well by allowing this subnet to make calls to your named service.