Dmitry Spikhalskiy

Members
  • Posts

    53
  • Joined

  • Last visited

Everything posted by Dmitry Spikhalskiy

  1. I'm going to - update to 1.8.x and - expose allowManaged, allowGlobal, allowDefault options in unRAID UI But no specific timelines. When I get some free hands on a weekend.
  2. Not I'm aware of, but I didn't spend any time resolving it. Stuff works just fine and it's safe to ignore. If it bothers you to the extend of looking for a solution, contributions are welcomed!
  3. Hey. Are you sure you are solving the problem from the right end? Quick look at articles and discussions like https://zerotier.atlassian.net/wiki/spaces/SD/pages/193134593/One+Port+Linux+Bridge https://www.google.com/amp/s/amp.reddit.com/r/zerotier/comments/dc03me/having_some_trouble_with_managed_routes_static/ makes me think that you should be playing with your router, not this zeroiter container on your unraid. This symptom “This makes it impossible to access the unraid server from LAN” especially points me in this direction. Playing with managed routes on unraid will change what can be accessed from the unraid. But it shouldn't affect availability of unraid for other computers in local network. This sounds like a router setting problem for me. Let me know. If you want to have basically ‘zerotier-cli set network_id allowManaged=0’ available through the image settings - I can do it for you, no biggie. But I don't think it's a root of your problem and there is a high chance you approach the problem from the wrong end.
  4. "no version information available" messages are fine, you can ignore them, it's not what causes the issue.
  5. The image was updated to use the latest 1.6.2 Zerotier version.
  6. So, you probably want to switch the discussion into Unraid main support threads, because it's a problem with your Unraid linux kernel configuration most likely. Unraid should have this device mounted by default. Some reference that could help: https://unix.stackexchange.com/questions/501403/tun-module-loaded-but-openvpn-dev-net-tun-no-such-file-or-directory I would examine: grep CONFIG_DEVTMPFS /usr/src/<whatever you have here>/.config and ensure that it's CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y (DEVTMPFS should auto-mount devices like /dev/net/tun) Also I would at least try to do rmmod tun modprobe tun to try to reload the module. I think that the output of these commands could be useful for the Unraid support thread anyway.
  7. > Edit: I should also point out that no files, data, etc. is present within the appdata folder for this container. This is ok, Zerotier can't start to put anything there yet. > Yup! Installed it straight from community apps, and it is set to run with privileges. No idea in that case for now. https://zerotier.atlassian.net/wiki/spaces/SD/pages/7536656/Running+ZeroTier+in+a+Docker+Container Here is Zerotier explanation about /dev/net/tun and what should be done to have an access to it. I pass required parameters "--device=/dev/net/tun --cap-add=NET_ADMIN --cap-add=SYS_ADMIN" here in the configuration of the container published in CA: https://github.com/Spikhalskiy/docker-templates/blob/master/zerotier.xml#L40 And usage of these parameters is allowed by Privileged: ON. You will have to debug your own configuration I afraid, because the problem is probably local to your setup and probably your kernel configuration. What does ls -la /dev/net/tun say if you run it in the server terminal?
  8. Did you install the container from CA? Do you run the container with "Privileged: ON"?
  9. @FreeMan I don't know to be honest, at least for me Zerotier by default assigns ZT clients the same IP addresses all the time, never happened that they changed. You need to do what you described just to manually assign the IP you want. But automatically assigned IP is also static, at least in my case.
  10. @Max > okay i somehow fixed it, the only wierd thing that i noticed was that somehow on network that i created on myzerotier website had my local ips too under advanced - managed routes. It's the reason and that why I included this in the manual in the header: "if ZeroTier "Managed routes" intersect with your physical local IPs - better change Zerotier range to be different". I will edit the manual to make it more noticeable. Looks like it's connected now and if it has "Online" status at the Zerotier website UI - everything is done right on the unraid side. Your diagnostic output looks also good. Does the computer you try to access your unraid server from also has "Online" status in the Zerotier UI? Is it Authorized there also? Which IP address do you try to use for your connection? You should use IP in Zerotier network, not in the local network. Anything interesting in the tracert and ping output when you ping unRaid Zerotier IP from your client computer?
  11. @Max I don't have this problem, if you can debug it by attaching a keyboard and a display to your server and investigate why it's unavailable - could be useful, maybe some Zerotier bug on your specific configuration. There is a bug report from one of the users that 1.4.6 misbehaves on MacOS for him: https://github.com/zerotier/ZeroTierOne/issues/1030 Also, if you use the default app config now - you use the latest Zerotier version 1.4.6. To use the old bugfixed one (1.2.12) you can specify 1.2.12 tag in your Zerotier app configuration like "Repository: spikhalskiy/zerotier:1.2.12". It could make sense to rollback this way and test if the old version has the same problem on your host.
  12. 1.4.6 is released for everybody, the CLI instructions in the topic header are updated for the new docker image layout.
  13. @Pducharme I published spikhalskiy/zerotier:1.4.6 with the latest version. If you need the latest release - you can test this tag. I will release it to everybody when I test it for multiple days and check that it's stable.
  14. @Pducharme Yeah, there is a reason for it: But I'm going to update to 1.4.6 some time soon.
  15. @FreeMan It's really hard to tell, never had anything like that. You can get really a lot of useful information about the zerotier current state running these 3 commands: ./zerotier-cli info ./zerotier-cli listnetworks ./zerotier-cli listpeers But Zerotier client doesn't produce a lot of logs at all, so it's hard to get a history of states and reasons of their changes. There is a build flag that allows to build Zerotier in a "trace" mode, but it's PITA. Can you get an output of these commands when your servers are shown as off in Zerotier console? You obviously need to be in a local network for it. Also, are you sure that it's not legitimate network disruptions? Did you check this theory? You also can give it a try and check 1.4.2 tag that I published for testing: It works stably for me for a long time already.
  16. In the head post of the thread there are examples of specific commands that are working in this docker after opening a CLI to it: ./zerotier-cli info ./zerotier-cli listnetworks ./zerotier-cli listpeers
  17. @mikefallen Yeah, if it's really what you want to do - it should work. 1. "Pretty sure Ford is right i just need to add a static route on my lan router pointing back to the zerotier network." Adding a static route on your router will make Zerotier hosts available for your local hosts. 2. "setup ZeroTier on my openwrt router at home." This will bring your router to the ZT network and you will be able to add a static rule to your ZT network setup where to route your requests from ZT network for local network IP addresses, so it will expose your local network IPs to the ZT hosts. For what you describe "But i cannot ping anything else from awayPC to anything else on 192.168.2.0/24 only unRAID address (192.168.2.100)" you need to go by the second scenario, not the first one. But be mindful that if you do that, your Wi-Fi smart home lock for example will be exposed to any device added to your Zerotier network.
  18. @mikefallen You likely got a wrong understanding how ZT works. It creates own "virtual" network. Devices that are part of this network are accessible to each other using ZT IP addresses and work like they are in it's own network. So, your awayPCzt is able to access unRAIDzt using ZT IP address (172.22.0.100) and reverse - that's what ZT gives you and looks like it's working. ZT installed on one host doesn't bring your whole home network to Zerotier virtual network and don't merge them into one network, it brings only this one device into it. ZT installed on one network host thankfully can't expose all devices in this network outside and can't reroute traffic from other local hosts outside. Imagine buying a smart bulb that after turning on just automatically tunnel all your traffic from all your devices in the network to some third party server? What you want could be achievable by changing settings of your router, but I definitely wouldn't recommend to do it. If you want to access some other devices in your network - use a browser (which will see your home network) installed on your ZT server that you access using ZT IP address or ssh / make an ssh port forwarding to you ZT server and from that server you can ssh / access other devices in your home network.
  19. @tillkruegerI think the easiest thing to do is to open your my.zerotier.com network and take a look what internal Zerotier IP does your NAS have. After that try to ping this IP from your Mac. If ping looks ok - try to just connect to NAS Samba file server from MacOs Finder directly using the IP address. Like it's described here https://support.apple.com/en-us/HT204445 after words "To connect to a file server directly". If this works fine and you get an access to your server - maybe you don't need it inside the Network section? If you really do maybe try to look into settings of Avahi daemon on your Unraid box that is responsible for service discovery or at least try to run /etc/rc.d/rc.avahidaemon restart on your Unraid, which could help.
  20. @argonaut @ice pube Hey, I released a separate tag for you with some dirty hacks, but looks like it's working. You can use the tag spikhalskiy/zerotier:1.4.2 and it will give you the latest Zerotier version. Give it a try if you are in the mood for some experiments It's an experimental tag and the docker image for this build contains hacks that are not in the Zerotier upstream, so I don't recommend to switch on it until you understand that it could not work for you. I made a ticket for Zerotier team: https://github.com/zerotier/ZeroTierOne/issues/1013. When it's resolved in the upstream in a reasonable manner I will update the main docker with Zerotier 1.4.2 or newer for everybody.
  21. @argonaut It looks like Zerotier removed all prepackaged docker images from their dockerhub repo, so I will need to do some job to build it from scratch or find their sources for it. I will try to make a fresh build when I have time, yeah. UPDATE I built an image and released an update for this docker to include Zerotier version 1.2.12 I wasn't able to use current Zerotier containerized docker build code to launch 1.4.2 for now. I will try to investigate in a spare time and submit a build fix to the Zerotier upstream repo first. I will release an update for this image when it's resolved.
  22. @Chris Reilly I don't know your unraid.net subdomain setup, it's not a part of Zerotier setup likely and should not work thru it. You should try two things: 1) Just use the server name that you see in UI in the top right corner and add a ".local" to it. See an attached screenshot, I use http://spikhalskiy-nas.local/Main to access UI. 2) Obtain an IP address of your Unraid in Zerotier control panel of your virtual network and call it directly. See an attached screenshot, I use http://10.147.17.49/Main to access UI.
  23. If by static here you mean public static (because IP can be static under NAT too) and you don't have any layer of NAT - no, no way. So, the article is saying about how Zerotier deals with NAT because the NAT is usually an issue why you can't just access your server using a static IP address and why people even start to do all this port forwarding or VPN connection things. If a server has a public static IP - it's just not a problem in this setup to overcome NAT. If your server has a static IP and you verified on your virtual network management page doesn't see your server connected, likely your issue is somewhere in company firewall settings and you maybe should start something around this part of manual: