Help needed with zerotier vpn routing issue

I’m trying to get two device to talk to eachother through two teltonika RUTX routers connected via Zerotier VPN. The VPN part is working ok, but the routing part is difficult and I might by trying something that can not be achieved.

Site A: cable modem ↔ Fritz Box router ↔ RUTX08 → PTZ camera

Site B: 5G modem ↔ RUTX10 ↔ PTZ controller and encoder

When I’m connected to the Zerotier VPN from another PC on site A (running ZT connected to tthe Fritzbox) I can ping the camera at and open the internal web UI. I can also ping the controller at and the control software says it connects to the controller as well as the camera. Also I can reach the web ui of the encoder

When I ping from the web ui of the RUTX10 at site B to and they both respond. If I ping the camera or encoder from a PC connected to the RUTX10 it won’t respond.

The PTZ controller als does not connect to the camera

Routes in ZT:
VPN range LAN set to VPN IP address of RUTX10 to VPN address of RUTX08 to VPN address of RUTX10

My guess is the cause of the issue lies in the fact that I’m using overlapping IP addresses. The reason for that is that I use the camera’s in 10.10.0.x range on multiple sites that have local devices in 10.10.x.x range so that the camera’s are interchangable between sites (wich happens on weekly base). I think because the camera and controller think the addresses are local they never try to connect to the gateway to look elsewere.

Is it possible to force the router to respond? Or is it possible to set netmask to /24 and still be able to connect to camera from PC by setting routes locally?

any advice would be welcome.

Hello mkusmic,

I can try to assist.

Below is image I created for your network topology.

Please let me know if this looks correct to you, so that I can clarify we are on the same page to start with.

What I understand you are able to ping from a PC on Site A:

  • PC IP can Ping Camera at

  • PC IP can Ping Controller at

  • PC IP can Ping Encoder at

What I understand you are able to ping from a PC on Site B:

  • PC at cannot Ping Camera at

  • PC at cannot Ping Encoder at

  • RUTX10 at can Ping Camera at

  • RUTX10 at can Ping Controller

Questions I have about your setup:

  1. What is the PC IP when on Site A?

  2. You mentioned a control software. Does that run on the PC you are testing with?

I ask because you mention for Site B the controller does not connect to the camera, but it did on Site A.

I would check your routes on your PC when connected on Site B. If both the RUTX10 & RUTX08 are able to ping all the devices from both sites then the PC should be able to as well. And since it is not, it might be the routes on the PC itself that is causing issues.

  1. I definitely understand wanting to keep the 10.10.0.x network if you need to drop & replace devices on the regular.

Does your use-case require so many IPs that you need a /8 or a /16? If not I would recommend scaling back to a /24 or smaller if possible. This can help with clearly defining routes to devices in specific subnets.

  1. I am not sure what you mean by “force the router to respond”. Could you clarify?

  2. There is not one “right” way of doing the routing here. You can do the routing through the ZeroTier VPN, or through the RUT devices themselves.

For example with the routing done through the VPN a benefit is that as soon as your PC connects to the VPN remotely anywhere, ideally it should already have the routes to access LAN devices behind the RUT devices.

Your /32 routes are good examples of this because they point directly to the LAN devices you want to manage remotely. Which should mean you can have a PC join the ZT network remotely and instantly be able to access the Camera & Controller.

If you do the routing on the RUT devices you are only really using the ZeroTier VPN IP to directly communicate with each other. So you could add static routes to handle the specific device routing.

For example you could setup on RUTX10 a static route to via RUTX08 ZT VPN IP. This would make other LAN devices connected to the RUTX10 able to reach the camera via the RUTX08. But if you connected a PC remotely it would not have the routes to automatically reach the camera itself. You would need to add the same static route on the PC at that point to point to the RUTX08.

The method you choose really depends more on the use-case you are trying to achieve.

  1. From your PC I would be curious if you could access the Camera & Controller while not on Site A or B. As it could be a problem routing while the PC is connected via the ZT VPN while also leased to the RUT devices that are also members of the ZT VPN.

  2. What is your ideal scenario when trying to configure the 2xRUT devices & PC as ZT members?

Are you trying to achieve easier remote support when active locally on either site? Or are you trying to setup a long term site-site communication?


Regardless of the setup I would recommend installing Tcpdump on both RUT devices to take pcaps. Then review/confirm pings going back and forth from the devices with the Wireshark tool.

And I would start by confirming that both RUT devices can access each other’s LAN devices through the ZT VPN.

If the RUTX08 can ping the LAN ips (, & RUTX10 can ping the LAN ips ( from the ZT VPN tunnel then I would say the VPN routing is working fine. If you cannot then the routing for the ZT VPN needs to be checked & the routes on the individual RUTs need to be checked.

Then I would confirm that the PC in a remote setting can access the RUT device’s VPN IP. Then the LAN ips.

If the PC cannot reach the RUT VPN IPs you need to check the PC routes for issues.

If you are using the PC locally where it is connected to either RUT device on site, I would suggest not using the VPN on the device itself and changing routes on the PC as needed to access devices.
As the VPN routes & routes when connected locally could cause conflicts.

Additionally here is more information about ZeroTier configurations (ZeroTier Configuration - Teltonika Networks Wiki) that may help.

I can assist further once you have answered the above questions.
Please feel free to ask for further clarification on any of my questions as well.

This topic was automatically closed after 15 days. New replies are no longer allowed.