Connecting Two LANs Over VPN, Revisited

I revisited my inter-site VPN setup after migrating off of Windows Server 2012 R2. I explore using ZeroTier as the VPN alongside IP routing on Linux, using an existing VM and Raspberry Pi.
Haachama pointing at her Raspberry Pi.

At the beginning of the year, I talked about using OpenVPN to connect my parent’s network with my new place. The OpenVPN server was hosted on my Windows Server 2012 R2 machine, which I had recently decommissioned due to (1) Microsoft support within the next year, and (2) my brother giving me one of his hand-me-down machines. I took this opportunity to provision “my new machine” with Windows Server 2019. Instead of re-configuring OpenVPN, I decided to try ZeroTier, which is a peer-to-peer VPN, similar to the good old days of Hamachi. Even with this setup, I had trouble with packets getting dropped. It got so flaky that when I had to access my blog and URL shortener (which are located at my parents’) from my place, I had to change my DNS to 1.1.1.1 to pick up my Cloudflare DNS entries and route through Cloudflare instead.

I was convinced that IP routing on Windows Server was causing me headaches, so I switched to Linux for IP routing. The set up process was pretty straightforward. At my parents’ place, I used my pre-existing VM (LuiV-Silica) for IP routing and installed ZeroTier. At my place, I repurposed my Raspberry Pi 3 B+ (named LuiP-Haato like Akai Haato) for IP routing and also installed ZeroTier. Afterwards, I had to enable IP routing by running the following command:

sysctl -w net.ipv4.ip_forward=1

To make IP routing persist across reboots, I also added it to the /etc/sysctl.conf config:

net.ipv4.ip_forward = 1

In the ZeroTier web GUI, I created a 192.168.10.0/24 subnet, assigned static IP addresses, and configured static routes similar to before:

  • A static IP of 192.168.10.21 on the existing VM,
  • A static IP of 192.168.10.10 on the Raspberry Pi,
  • A static route for 192.168.3.0/24 to forward to 192.168.10.21, and
  • A static route for 192.168.5.0/24 to forward to 192.168.10.10.
ZeroTier web GUI route configuration.

With the network adjustments above, the topology now looks like the following:

Updated high level network topology.

The final thing I had to do was adjust the static routes being advertised to clients from my Windows DHCP servers on both local networks so that all clients can route to both networks on their next DHCP lease renewals.

Afterwards, I ran a ping test from my laptop to my local web server, and with 5000 packets, I only lost 2 packets. Compared to the 20+% packet loss I was seeing before, this is pretty damn good.

--- LuiV-Silica.injabie3.moe ping statistics ---
5000 packets transmitted, 4998 received, 0.04% packet loss, time 2504765ms
rtt min/avg/max/mdev = 8.594/22.307/647.368/20.690 ms, pipe 2

In the end, I now have a more reliable inter-site routing solution set up. I might migrate back to OpenVPN at some point later in the future, since I would like to have ownership of this infrastructure myself. I still have to weigh the cost of time with managing this myself (there’s never enough time!), so I’ll leave it on the back burner for now. Bless IP routing on Linux for just working!

As a side note, in that first photo, Haachama, also known as Akai Haato, is a virtual YouTuber I occasionally watch. That’s the Nendoroid version of her pointing at the Raspberry Pi with a sticker of herself, illustrated by MiukiArts. I got the sticker at Anime Revolution 2022 this year.

Anyways, that’s all I have this time around. I hope to do another figure post again soon. I have a few that I’m excited to write about.

Until next time!
~Lui

Injabie3
Injabie3

Just some guy on the Internet that writes scuffed code and collects anime figurines.

Articles: 245

Feel free to leave a reply