Windows Ethernet to 4G/LTE Failover with ZeroTier
Dec 8, 2024

You will need a VPS that can act as the exit node. This allows TCP connections to remain active and not disconnect during the failover process. I recommend Linode, but any option where the host is near your phsysical location is good. Check the latency and run a speed test between you and the server.

Linux

  1. sudo zerotier-cli join <nwid>
  2. sudo echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
  3. sudo sysctl -p
  4. sudo apt install iptables-persistent
  5. /etc/iptables/rules.v4
  6. /var/lib/zerotier-one/local.conf 
    • {
 "settings": {
   "defaultBondingPolicy": "custom-active-backup",
   "policies": {
       "custom-active-backup": {
           "basePolicy": "active-backup",
           "failoverInterval": 500,
           "linkSelectMethod": "always"
       }
   }
 }
}
  7. Reboot
  8. Create firewall rules with your hosting provider, if possible:
    • 22/tcp (for SSH)
    • 9993/udp (for ZeroTier)

ZeroTier

  1. Add the network IDs of the Linux and Windows machines.
  2. Add a “managed route” for 0.0.0.0/0 -> <linux zt ip>

Windows

  1. Enable Allow Default Route Override in the ZeroTier UI.
  2. C:\ProgramData\ZeroTier\One\local.conf
    • If links are specified in the JSON, active-backup no longer functions. Set the network metric in each interface so failover works correctly.
    • {
 "settings": {
   "defaultBondingPolicy": "custom-active-backup",
   "policies": {
       "custom-active-backup": {
           "basePolicy": "active-backup",
           "failoverInterval": 500,
           "linkSelectMethod": "always"
       }
   }
 }
}
  3. Restart the ZeroTier service (or reboot).
  4. zerotier-cli bond list should return the peer as the Linux machine and links should not be 0/0.
vpn Related
Comments