一、直接ssh到LEDE命令行,运行命令安装
# opkg update && opkg install zerotier
二、到openwrt的 系统-软件包-过滤器“zerotier”
如果使用官方源很大概率会更新不到zerotier的软件包(不知道为什么,反正我没有更新到)
下面就要考虑更换镜像源,国内有人推荐一个大学的安装源,是可以找到zerotier软件包,但是安装失败。
下面放上我成功使用的镜像源地址:
src/gz openwrt_koolshare_mod_core http://openwrt.rinvay.cc/snapshots/targets/x86/64/packages
src/gz openwrt_koolshare_mod_base http://openwrt.rinvay.cc/snapshots/packages/x86_64/base
src/gz openwrt_koolshare_mod_luci http://openwrt.rinvay.cc/snapshots/packages/x86_64/luci
src/gz openwrt_koolshare_mod_packages http://openwrt.rinvay.cc/snapshots/packages/x86_64/packages
src/gz openwrt_koolshare_mod_routing http://openwrt.rinvay.cc/snapshots/packages/x86_64/routing
src/gz openwrt_koolshare_mod_telephony http://openwrt.rinvay.cc/snapshots/packages/x86_64/telephony
更换镜像源的方法:
1、登陆ssh vi /etc/opkg/distfeeds.conf
进入后按键盘“insert”键,删除官方镜像源,复制上方的六条 镜像源到ssh
然后按“esc”,接着英文输入法状态“:wq”,然后重启“reboot”
重启完成登陆ssh,执行 opkg update && opkg install zerotier
2、进入openwrt路由页面:进入系统
,然后软件包
,找到配置OPKG
,更改opkg/distfeeds.conf
删除文本框中的内容
复制上边镜像源后保存即可,完成后更新列表 ,就可以安装zerotier。
还有以下未经我本人测试的LEDE安装镜像源 地址:
1.国内
src/gz openwrt_koolshare_mod_core https://openwrt.proxy.ustclug.org/snapshots/targets/x86/64/packages
src/gz openwrt_koolshare_mod_base https://openwrt.proxy.ustclug.org/snapshots/packages/x86_64/base
src/gz openwrt_koolshare_mod_luci https://openwrt.proxy.ustclug.org/snapshots/packages/x86_64/luci
src/gz openwrt_koolshare_mod_packages https://openwrt.proxy.ustclug.org/snapshots/packages/x86_64/packages
src/gz openwrt_koolshare_mod_routing https://openwrt.proxy.ustclug.org/snapshots/packages/x86_64/routing
src/gz openwrt_koolshare_mod_telephony https://openwrt.proxy.ustclug.org/snapshots/packages/x86_64/telephony
2.官方
src/gz openwrt_koolshare_mod_core https://downloads.openwrt.org/snapshots/targets/x86/64/packages
src/gz openwrt_koolshare_mod_base https://downloads.openwrt.org/snapshots/packages/x86_64/base
src/gz openwrt_koolshare_mod_luci https://downloads.openwrt.org/snapshots/packages/x86_64/luci
src/gz openwrt_koolshare_mod_packages https://downloads.openwrt.org/snapshots/packages/x86_64/packages
src/gz openwrt_koolshare_mod_routing https://downloads.openwrt.org/snapshots/packages/x86_64/routing/
src/gz openwrt_koolshare_mod_telephony https://downloads.openwrt.org/snapshots/packages/x86_64/telephony/
3.新加坡 适合联通
src/gz openwrt_koolshare_mod_core https://mirror.0x.sg/openwrt/snapshots/targets/x86/64/packages
src/gz openwrt_koolshare_mod_base https://mirror.0x.sg/openwrt/snapshots/packages/x86_64/base
src/gz openwrt_koolshare_mod_luci https://mirror.0x.sg/openwrt/snapshots/packages/x86_64/luci
src/gz openwrt_koolshare_mod_packages https://mirror.0x.sg/openwrt/snapshots/packages/x86_64/packages
src/gz openwrt_koolshare_mod_routing https://mirror.0x.sg/openwrt/snapshots/packages/x86_64/routing
src/gz openwrt_koolshare_mod_telephony https://mirror.0x.sg/openwrt/snapshots/packages/x86_64/telephony
4.
src/gz openwrt_koolshare_mod_core https://mirrors.a-m-v.pl/downloads.openwrt.org/snapshots/targets/x86/64/packages
src/gz openwrt_koolshare_mod_base https://mirrors.a-m-v.pl/downloads.openwrt.org/snapshots/packages/x86_64/base
src/gz openwrt_koolshare_mod_luci https://mirrors.a-m-v.pl/downloads.openwrt.org/snapshots/packages/x86_64/luci
src/gz openwrt_koolshare_mod_packages https://mirrors.a-m-v.pl/downloads.openwrt.org/snapshots/packages/x86_64/packages
src/gz openwrt_koolshare_mod_routing https://mirrors.a-m-v.pl/downloads.openwrt.org/snapshots/packages/x86_64/routing
src/gz openwrt_koolshare_mod_telephony https://mirrors.a-m-v.pl/downloads.openwrt.org/snapshots/packages/x86_64/telephony
zerotier 安装完以后,修改配置文件:
# vi /etc/config/zerotier
需要修改的地方有两个:
config zerotier sample_config
option enabled 0 (这里把0替换成1,让zerotier使能)
# persistent configuration folder (for ZT controller mode)
#option config_path ‘/etc/zerotier’
#option port ‘9993’
# Generate secret on first start
option secret ‘generate’
# Join a public network called Earth
list join ‘6756c2e21c430001’ (这里替换你自己的网络ID)
接下去保存,退出vi编辑界面。
然后命令行直接打reboot,重启LEDE
重启完以后,直接去zerotier.com,接受LEDE提出的入网申请,有时候根据网络波动可能要过几分钟才会显示申请。
接下来LEDE要做防火墙配置,这个过程是在LEDE的web界面下完成:
记住,不用去创建新接口,也不要去桥接什么网口,那样的做法是用来把zerotier作为二层转发,
我这里推荐的是把zerotier作为三层路由的做法。直接点网络->防火墙,
在第一个界面里,把你基本设置里的“”转发“”点“接受”
然后下面“区域”里面三个框(出站,入站,转发)都选接受,后面两个IP动态伪装和MSS钳制保持不选
再去防火墙->自定义规则页面,输入下面三条,然后点“重启防火墙”
iptables -I FORWARD -i ztc3qwyx5l -j ACCEPT
iptables -I FORWARD -o ztc3qwyx5l -j ACCEPT
iptables -t nat -I POSTROUTING -o ztc3qwyx5l -j MASQUERADE
红色的是你的zerotier虚拟接口的名字,在命令行下用ifconfig命令或者ip add 可以看到,
然后把上面红色部分替换成你自己LEDE中的虚拟接口的名字。
最后,在zerotier.com上设置路由:比如10.0.0.0/24是我的内网网段,
后面那个地址是我LEDE里面zerotier获取的地址(可以LEDE中用命令行zerotier-cli listnetworks获取),
如果有多个LEDE,可以把多个子网都通过zerotier链接在一起。
这样基本就好了。这样做的是用zerotier三层路由,另外一种是用zerotier做2层转发,
那样需要把zerotier虚拟接口和lan口做桥接,不推荐(有可能会造成网络的混乱,DHCP满街窜)。
2020年2月份注:在OpenWrt18.06版本上配置的时候,需要在防火墙配置页面把FullCone-NAT关闭,
不然可能会在几十分钟或者随机时间后出现诡异的对方网络某些地址不能访问的问题。切记切记。另外在做旁路由的时候,这个NAT也没什么用。
允许随意转载;但,请点赞!点赞-NMBHOST:NMB HOST » LEDE旁路由安装zerotier,内网穿透,访问局域网 LEDE Openwrt 更换镜像源