Hello mkusmic,
I can try to assist.
Below is image I created for your network topology.
Please let me know if this looks correct to you, so that I can clarify we are on the same page to start with.
What I understand you are able to ping from a PC on Site A:
-
PC IP can Ping Camera at 10.10.0.145
-
PC IP can Ping Controller at 10.10.0.120
-
PC IP can Ping Encoder at 10.10.2.252
What I understand you are able to ping from a PC on Site B:
-
PC at 10.10.2.6/16 cannot Ping Camera at 10.10.0.145
-
PC at 10.10.2.6/16 cannot Ping Encoder at 10.10.2.252
-
RUTX10 at 10.10.10.2.1 can Ping Camera at 10.10.0.145
-
RUTX10 at 10.10.10.2.1 can Ping Controller 10.10.0.120
Questions I have about your setup:
-
What is the PC IP when on Site A?
-
You mentioned a control software. Does that run on the PC you are testing with?
I ask because you mention for Site B the controller does not connect to the camera, but it did on Site A.
I would check your routes on your PC when connected on Site B. If both the RUTX10 & RUTX08 are able to ping all the devices from both sites then the PC should be able to as well. And since it is not, it might be the routes on the PC itself that is causing issues.
- I definitely understand wanting to keep the 10.10.0.x network if you need to drop & replace devices on the regular.
Does your use-case require so many IPs that you need a /8 or a /16? If not I would recommend scaling back to a /24 or smaller if possible. This can help with clearly defining routes to devices in specific subnets.
-
I am not sure what you mean by “force the router to respond”. Could you clarify?
-
There is not one “right” way of doing the routing here. You can do the routing through the ZeroTier VPN, or through the RUT devices themselves.
For example with the routing done through the VPN a benefit is that as soon as your PC connects to the VPN remotely anywhere, ideally it should already have the routes to access LAN devices behind the RUT devices.
Your /32 routes are good examples of this because they point directly to the LAN devices you want to manage remotely. Which should mean you can have a PC join the ZT network remotely and instantly be able to access the Camera & Controller.
If you do the routing on the RUT devices you are only really using the ZeroTier VPN IP to directly communicate with each other. So you could add static routes to handle the specific device routing.
For example you could setup on RUTX10 a static route to 10.10.0.145/32 via RUTX08 ZT VPN IP. This would make other LAN devices connected to the RUTX10 able to reach the camera via the RUTX08. But if you connected a PC remotely it would not have the routes to automatically reach the camera itself. You would need to add the same static route on the PC at that point to point to the RUTX08.
The method you choose really depends more on the use-case you are trying to achieve.
-
From your PC I would be curious if you could access the Camera & Controller while not on Site A or B. As it could be a problem routing while the PC is connected via the ZT VPN while also leased to the RUT devices that are also members of the ZT VPN.
-
What is your ideal scenario when trying to configure the 2xRUT devices & PC as ZT members?
Are you trying to achieve easier remote support when active locally on either site? Or are you trying to setup a long term site-site communication?
********************************************************************************
Regardless of the setup I would recommend installing Tcpdump on both RUT devices to take pcaps. Then review/confirm pings going back and forth from the devices with the Wireshark tool.
And I would start by confirming that both RUT devices can access each other’s LAN devices through the ZT VPN.
If the RUTX08 can ping the LAN ips (10.10.0.120, 10.10.2.252) & RUTX10 can ping the LAN ips (10.10.0.145) from the ZT VPN tunnel then I would say the VPN routing is working fine. If you cannot then the routing for the ZT VPN needs to be checked & the routes on the individual RUTs need to be checked.
Then I would confirm that the PC in a remote setting can access the RUT device’s VPN IP. Then the LAN ips.
If the PC cannot reach the RUT VPN IPs you need to check the PC routes for issues.
If you are using the PC locally where it is connected to either RUT device on site, I would suggest not using the VPN on the device itself and changing routes on the PC as needed to access devices.
As the VPN routes & routes when connected locally could cause conflicts.
Additionally here is more information about ZeroTier configurations (ZeroTier Configuration - Teltonika Networks Wiki) that may help.
I can assist further once you have answered the above questions.
Please feel free to ask for further clarification on any of my questions as well.
