Mikrotik - SD-WAN / ZeroTrustNetwork with ZeroTier
ZeroTier (https://www.zerotier.com/) is an opensource SD-WAN Network solution for many devices as RaspberryPI, Apple and PfSense. Since the new RouterOS 7 from Mikrotik ZeroTier is also available via extra packages of Mikrotik. (RouterOS 7.2rc3)
The Installation is quite simple (small remark you need a restart of your router) just download the Extra Package.
- Always check the Architecture there are even difference in ARM and ARM64
- Check the version you are running
- Get the Extra packages
You just need to unzip the file and upload the zerotier.npk file to your file directory of the mikrotik via WinBox or SCP, then you need to reboot your device.
After the reboot in the winbox menu there will apear an Zerotier field:
The Zerotier configuration menu will split into three menu items, first select the zerotier and click the + butto to add an interface you can set a name for the connection and you have to place a value at the network this is the zerotier (network code you get generated at the webpage of zerotier after you have loggedin and created an network).
Creating a ZeroTier Account at LINK I have used my GitHub Account for the SignUp to not create new Accounts on the internet.
After the Login you need to create a new Network on Zerotier.
Select your network, on the Basic level you can change the Name of the Network and set an Description for it. The Aceess Control is pretty importlant as if it is Public and someone knows your Network ID he can join your network without further checks.
In your Winbox go to ZeroTier and then select the Instance (1) there will be one Default ZeroTier Central Controller (2) predefined, you need to enable (3) this controller.
After this select the ZeroTier tab (1) and select the + symbol t add an new Interface to your Mikrotik, insert your network-id (2) from the ZeroTier Page and select the Instance zt1 what we have created then press OK (3)
After you have closed the Zerotier Instance it will request the Configuration of Zerotier Network we have setup this will result in an ACCESS_DENIED Status, that error is normal because your network is privat.
You need to login to ZeroTier Page and select your Network and scroll down to the point Members (1) and check the box under Auth? (2) it is also good to place a shortname for the client the know how is joining your Network.
After you selected the Auth? your status on the Mikrotik will be changed to OK and the Networkname will be shown in your WinBox Zerotier, your have successful connectet your Mikrotik to your Zerotier network.
** Upcomming details and Configurations in the next Part **