Skip to main content

OPNsense

OPNSense#

OPNsense is an open source, easy-to-use and easy-to-build HardenedBSD based firewall and routing platform. They maintain a ZeroTier package.

If you're using more than one OPNsense router with ZeroTier for a site-to-site style VPN. The work-around is to paste this into the local.conf text box in the opnsense UI:

{
"physical": {
"10.0.0.0/8": {
"blacklist": true
},
"172.16.0.0/12": {
"blacklist": true
},
"192.168.0.0/16": {
"blacklist": true
}
}
}

This prevents zerotier from sending zerotier traffic over zerotier.

See this discussion for more information.

Some more settings you may find helpful for your firewall rules:

{
"physical": {
"10.0.0.0/8": {
"blacklist": true
},
"172.16.0.0/12": {
"blacklist": true
},
"192.168.0.0/16": {
"blacklist": true
}
},
"settings": {
"primaryPort": 9993,
"portMappingEnabled": false,
"allowSecondaryPort": false,
"allowTcpFallbackRelay": false
}
}

This prevents ZeroTier from binding to multiple ports.