AIO Ep2. Router Preparation & Configuring Zerotier for WAN Access to LAN

This article mainly covers the router configuration process.

My original home router was a Mercury D196G, which was acceptable in terms of signal and speed. However, its hardware limitations made it impossible to flash any third-party firmware, and it doesn’t support Wi-Fi 6 or 160 MHz channel width.

Although the HP Gen10+ has four network ports, I decided against using it as a soft router—after all, All In One, one failure means total failure.

I also don’t have a strong need for global outbound internet access, so router performance doesn’t need to be top-tier. To ensure network stability, I opted for a dedicated OpenWRT-compatible hardware router for PPPoE dial-up and as an access point (AP), while upgrading my wireless speed at the same time.

Considering budget constraints, I eventually went with the well-reviewed Redmi AC2100, which can be flashed with custom firmware to unlock 160 MHz Wi-Fi. (It’s a bit of a shame it doesn’t support Wi-Fi 6, though…)

I flashed the AP version firmware of OpenWRT. The AP version strips out all unnecessary features—you can add back what you need. I personally installed the Zerotier plugin to enable external access to my local network.

Web Interface

The official firmware of this router has a known command injection vulnerability, making it relatively easy to flash Breed and other third-party firmware. You can find the detailed guide here~

Now, let’s briefly go over methods for accessing the LAN from the WAN.

My home internet is provided by China Mobile, and I currently cannot obtain a public IPv4 address.

There are several ways to access your local network from the outside:

• IPv6 Public Address + DDNS
  Pros: Fast access speed
  Cons: All accessing devices must support IPv6; poor compatibility

• P2P Tunneling (e.g., Hamachi, Zerotier, or Oray’s PogoPlug)
  Pros: Secure (requires network authorization), full port access, fast when direct connection is established
  Cons: Requires client software; slower when relayed through a middle server

• Internal Network Forwarding (e.g., Frp, ngrok,花生壳, or nat123)
  Pros: No client required, easy to use, highly compatible
  Cons: Limited to fixed ports, speed depends on server bandwidth, requires a server with public IP, and traffic may incur costs

• Third-party services (e.g., Synology QuickConnect)
  Pros: Deeply integrated with the system, convenient to use, free (after verification)
  Cons: Slow speed, only works with Synology’s official packages

Given that my main need is to conveniently access my own server from my phone and laptop, and my network uses Full Cone NAT (see NAT types here), P2P hole punching usually succeeds. Therefore, I chose a hybrid approach: QuickConnect + Zerotier. Zerotier allows my applications to access internal IPs seamlessly from outside without any code changes, while QuickConnect offers a more convenient way to access my Synology photo library from my phone without keeping the Zerotier app constantly connected.

Zerotier Installation Process

1. Install Zerotier on OpenWRT.
   SSH into the router and run opkg install luci-app-zerotier, which will automatically install Zerotier, the LuCI web interface, and all dependencies.

   p.s. There seems to be an issue with the dynamic library version in my firmware—after direct installation, Zerotier fails to start. I had to compile a statically-linked version and replace the original executable in /usr/bin/ to get it working properly.

2. Register an account at the Zerotier official website, create a network, get your Network ID, and enter it into the OpenWRT router settings. Also check the Allow NAT Clients option.

   Screenshot

   Screenshot

3. On the Zerotier website, locate your router’s client entry, check the Auth? box to authorize the device, and note down the Managed IP. Then configure Managed Routes.

   Screenshot

   How to set it up: For example, if your LAN subnet is 192.168.1.0/24 and your router’s Managed IP is 192.168.194.123, enter the LAN subnet in the Destination field, and the router’s Managed IP in the (via) field. After submission, it should look like the image below. This ensures that all devices in this Zerotier network will route traffic destined for 192.168.1.0/24 through your router—even when accessing from outside your home network.

   Screenshot

4. Install the Zerotier client on other devices (phone, laptop, etc.) and join the network. Remember to log in to your Zerotier account online to authorize each new device.

After completing these steps, you can seamlessly switch between internal and external networks. From anywhere on the internet, you can access your local servers using their internal IP addresses—very convenient and straightforward to use.