I always forget that a friend of mine uses Verizon Cellular for his home’s Internet access. I set up a new Shari PiHat for him which worked perfectly here (fiber Internet) but doesn’t when he takes it home. The port forwarding is correct at his home:
As he is 25 miles away, I often install ZeroTier (ZT) on devices that I provide help with and ZT is installed and working on his ASL node. I can access the node easily through ZT and perform all menu functions, etc. So as I understand things my options might be to use a reverse SSH connection, a VPN, or perhaps ZT? Since ZT is installed and working, is that possible and how would I use it for the node to use ZT as it’s source of Internet but not route all of his home’s Internet traffic through a ZT connection?
I haven’t used ZT in that configuration before, so some guidance and wisdom would be appreciated. Thank you.
There are threads in the ZeroTier forums that address passing traffic out of an exit node; but if you want true two-way ASL connectivity to that SHARI node, it would probably be easier to stand up a VPN server outside the CGNAT and put a Wireguard connection on the node, alongside the ZT connection.
You could limit SSH access to the ethernet address of the ZT adapter itself in sshd_config.
Linuxbabe has a good tutorial on standing up VPNs and WG tunnels…
I have home Verizon 4G LTE box and a 5G box. They work fine for ASL/HV for outbound connections. I don’t use port forwarding for these nodes. I have two other ways to have people connect to me. First, I have a Cloud node set up on Vult.com using ASL. I connect my home nodes to it and outside people connect to it… works good! If I need a direct connect between inside and outside nodes, I use a Mikrotik router that is programmed with Ham44 net static ip’s that tunnel thru my home router to allow two way connects and control.
