[Support] spikhalskiy - ZeroTier


Recommended Posts

15 minutes ago, Hank Moody said:

I have pfsense/baremetal running 12vlans and a 100/60 connection.

 

VLAN 3 (10.1.30.0/24) is the Vlan where my Plex Servers reside (10.1.30.1 & 10.1.30.2). On the same Vlan there are 2 Steam Machines (10.1.30.40 & 10.1.30.41) I'd also like to 'share'.

 

My ZT resides in above Vlan3 (10.1.30.249), and with this Docker I'd just want to share Plex/Steam.

So 10.1.30.249 is the ZT-Client / the ZT-Docker IP on your unraid host?

What network did you choose as transfer network in ZT central?

 

Do you have another client, like a laptop and installed the ZT-client on it and are you able to connect and ping the 10.1.30.249 IP or any other IP on your VLAN3??

Preferably from outside of your own network, via a 3G/4G connection or remote (W)LAN at a friend's or family place?

 

This would be the first step you need to achieve.

 

 

 

 

15 minutes ago, Hank Moody said:

To my understanding it would be possible to use ZT for multiple Vlans, but for simplicity I'd rather start with one Vlan properly set-up 😅

Well, yes...but VLAN tags are not passed accros the ZT network, I think (actually I did not try)...so think of connecting LANs, not especially VLANs.

You should think of a each ZT-network as a Layer 3 Switch

Each ZT-Client, when connected to a ZT-Network is part of a LAN-IP Segment of that network. That means they are already, internally connected to each other.

As each ZT-client has an outside ZT connection, as it also sits in a LAN local to the ZT-client, like your ZT-docker or your Parent's laptop in their local LAN, think of each ZT-Client as a (possible) site-2-site connection gateway, using their internal ZT-network as transfer network.

 

Example (your zt-network IP in the range of 192.168.99.0/255.255.255.0):

 

Your PFsense/VLAN3 (10.1.30.1) - zt-docker (10.1.30.249 + zt-net-ip 192.168.99.2) - zt-central - zt-client-Laptop (zt-net-ip 192.168.99.22 - LAN-IP 192.168.1.120) - remote LAN gateway (192.168.1.1)

 

So, for the laptop to be able to reach your VLAN3, define (in ZT-central) the route to 10.1.30.0/24 with gateway=192.168.99.2 and of course the other path for returns (net 192.168.1.0/24 with gateway 192.168.99.22)

But wait, this is only half of the story ;-)

 

15 minutes ago, Hank Moody said:

Where do the routes have to go? Only ZT-Central? Or do I need to tweak pfsense/vlan-rules too?

...second half of the story:

 

In order for IP packets to be able to reach in return from VLAN3 -net back to remote LAN 192.168.1.0/24, of course the router which is hosting VLAN3 needs to know the routes to zt-central (using the zt-client docker IP as gateway) as well.

That means, your pfsense needs to be part of the game as well ;-)

And should you wish the same for more hosts on the remote network and not just the laptop running zt-client, the remote router as well (which would form a true site2site connection)

 

15 minutes ago, Hank Moody said:

 

As said above I read the entire thread couple of times, especially the posts of @Ford Prefect

about adding routes, but: I intend to only add certain hosts from the Vlan, not the entire network.

 

Zero-Tier is a LAN...in order to limit access to individual hosts in a network/LAN behind a zt-client, you should put the zt-docker in an additional, separate (V)LAN, different from VALN3 and let the firewall rules in your pfense decide which hosts are reachable/allowed from that zt-(V)LAN into your VLAN3.

That is the proper way of doing it, I think and also easier to maintain, should things change.

However, this is routing (performance wise) and might involve more resources on your pfsense box.

 

15 minutes ago, Hank Moody said:

 

I'm at a loss and every help is much appreciated! Especially how the routes should look like as I had a HARD time setting pfsense up.. 🤣

 

...I hope I was able to shed same light to the story. However, I will/can not help with your pfsense...I am a Mikrotik person ;-)

If you already have 12 VLANs running, a 13th shouldn't present a problem, should it?

  • Thanks 1
Link to comment
  • 2 weeks later...

Hi all,

I have succesfully configured ZeroTier and can access my Unraid server from my mobile phone outside of my wifi. But I need some help to define the route to the rest of the network outside of the Unraid IP.

 

Unraid is part of 192.168.1.x, I can access all services running on the Unraid services but not any other IPs in the subnet.

I have tried to run the user script/commands to setup a route with IPtables but it did not work. I would like to use the GUI to have better control over this but I am not sure what do I need to add in the "Routing table" under "Network settings".

Thanks in advance!

Link to comment
  • 2 weeks later...

zerotier-cli: /usr/lib/libstdc++.so.6: no version information available (required by zerotier-cli)  

 

UNRAID can access other devices and other devices cannot access UNRAID

Edited by xukai
Link to comment

Hi,

Are there plans to upgrade the Zerotier version to 1.6.5 any time soon?

 

I'm having the Zerotier 'Coma' problem where some hosts can't communicate with others in the same network, and the upgrade to 1.6.5 is recommended.  I've tried downgrading one other host to 1.6.2 and it fixed the problem, for a while.

 

Cheers,

Russell

Edit: new version available.

Edited by Russell_C
Version update
Link to comment
  • 2 weeks later...
On 4/13/2021 at 10:16 AM, Russell_C said:

Hi,

Are there plans to upgrade the Zerotier version to 1.6.4 any time soon?

 

I'm having the Zerotier 'Coma' problem where some hosts can't communicate with others in the same network, and the upgrade to 1.6.4 is recommended.  I've tried downgrading one other host to 1.6.2 and it fixed the problem, for a while.

 

Cheers,

Russell

Same. It was working but after one day, I cannot connect to my unraid server anymore. An upgrade will be very much helpful.

Link to comment
On 4/1/2021 at 7:14 PM, chortya said:

Hi all,

I have succesfully configured ZeroTier and can access my Unraid server from my mobile phone outside of my wifi. But I need some help to define the route to the rest of the network outside of the Unraid IP.

 

Unraid is part of 192.168.1.x, I can access all services running on the Unraid services but not any other IPs in the subnet.

I have tried to run the user script/commands to setup a route with IPtables but it did not work. I would like to use the GUI to have better control over this but I am not sure what do I need to add in the "Routing table" under "Network settings".

Thanks in advance!

This cannot be solved with unraid network settings.

In order for other clients in your IP-Segment, their gateway (aka your router, 192.168.1.1), needs to know the route back to the zt-transfer net and the zt-client on unraid as the gateway to the "other side"..

 

  • Thanks 1
Link to comment

Thank you Dmitry!

 

That's fixed my connectivity issue.

 

Hint for those who are having similar issues:  Stop the new Zerotier container and empty the peers.d directory (/mnt/user/appdata/zerotier/zerotier-one/peers.d in the Unraid command window).

Once restarted, Zerotier will repopulate this directory.  The same thing may be necessary at the other end(s) too.

In my instance, success was indicated by my peers no longer appearing as RELAY hosts, but as DIRECT.

 

1ffxxxx11d 1.6.5  LEAF      -1 RELAY

becomes:

ddfxxxxc57 1.6.5  LEAF      -1 DIRECT 6090     16835    192.168.1.xxx/20052

 

Happy sailing,

Russell.

 

  • Like 1
  • Thanks 1
Link to comment
  • 1 month later...

 Sorry for not getting back any sooner, I really tried it a lot of times but can't get to the desired results; to recap: 

On 3/23/2021 at 2:04 PM, Ford Prefect said:

So 10.1.30.249 is the ZT-Client / the ZT-Docker IP on your unraid host?

What network did you choose as transfer network in ZT central?

The ZT-Node/docker resides on my unraid-box with a bridged-connection

- 10.1.100.201 vlan-100

- ZT-IP 192.168.191.2

 

 

Quote

Do you have another client, like a laptop and installed the ZT-client on it and are you able to connect and ping the 10.1.30.249 IP or any other IP on your VLAN3??

Preferably from outside of your own network, via a 3G/4G connection or remote (W)LAN at a friend's or family place?

 

This would be the first step you need to achieve.

I have 3 ZT-Nodes

- ZT-Docker on unraid

--10.1.100.201 vlan-100

--ZT 192.168.191.2

 

- ZT-App on Windows

--192.168.90.1 vlan-90 / Mobile 4G Hotspot

--ZT 192.168.191.3

 

- ZT-App on Android

--Mobile 4G

--ZT 192.168.191.4

 

All on Version 1.6.5, Online, with Public-IP listed (wasn't the case when the zt-docker was in a vpn'd vlan);

All devices can ping each other trough their ZT-IP with ping not higher than 128ms.

 

Quote

Zero-Tier is a LAN...in order to limit access to individual hosts in a network/LAN behind a zt-client, you should put the zt-docker in an additional, separate (V)LAN, different from VALN3 and let the firewall rules in your pfense decide which hosts are reachable/allowed from that zt-(V)LAN into your VLAN3.

My Plex-Server on unraid

- 10.1.30.1 vlan-30

 

My ZT-Node on unraid

--10.1.100.201 vlan-100

 

pfSense let's pass traffic from vlan-100 to Plex-IP in vlan-30; this is now setup and working without problems. The ZT-docker can ping Plex.

 

Quote

Example (your zt-network IP in the range of 192.168.99.0/255.255.255.0):

 

Your PFsense/VLAN3 (10.1.30.1) - zt-docker (10.1.30.249 + zt-net-ip 192.168.99.2) - zt-central - zt-client-Laptop (zt-net-ip 192.168.99.22 - LAN-IP 192.168.1.120) - remote LAN gateway (192.168.1.1)

 

So, for the laptop to be able to reach your VLAN3, define (in ZT-central) the route to 10.1.30.0/24 with gateway=192.168.99.2 and of course the other path for returns (net 192.168.1.0/24 with gateway 192.168.99.22)

But wait, this is only half of the story ;-)

 

...second half of the story:

 

In order for IP packets to be able to reach in return from VLAN3 -net back to remote LAN 192.168.1.0/24, of course the router which is hosting VLAN3 needs to know the routes to zt-central (using the zt-client docker IP as gateway) as well.

That means, your pfsense needs to be part of the game as well ;-)

And should you wish the same for more hosts on the remote network and not just the laptop running zt-client, the remote router as well (which would form a true site2site connection)

 

That is the proper way of doing it, I think and also easier to maintain, should things change.

 

...I hope I was able to shed same light to the story. However, I will/can not help with your pfsense...I am a Mikrotik person ;-)

And here I'm stuck: In my desired scenario I'd like to have this one and only ZT-Node/docker to route all the other ZT-Nodes to my Plex instance; as much as I understand from your statements (marked bold) do I need to setup a route for every node I let into my private-sdn?

 

In it's core all I want to accomplish is to use the ZT-Node on Unraid (vlan-100) let all other ZT-Nodes access Plex (vlan-30) without much more than confirming those ZT-Nodes in ZT-Central.

Thanks for your help so far @Ford Prefect!

Thanks a lot for reading so far

Edited by Hank Moody
Link to comment
30 minutes ago, Hank Moody said:

 Sorry for not getting back any sooner, I really tried it a lot of times but can't get to the desired results; to recap: 

The ZT-Node/docker resides on my unraid-box with a bridged-connection

- 10.1.100.201 vlan-100

- ZT-IP 192.168.191.2

...so, this has moved since last time.

Nevertheless, this means that from inside your ZT-network, each ZT-client will have to use IP 192.168.191.2 as gateway for any host or network you would like to access via the ZT-docker.

 

30 minutes ago, Hank Moody said:

- ZT-App on Windows

--192.168.90.1 vlan-90 / Mobile 4G Hotspot

--ZT 192.168.191.3

just to clarify...vlan-90 also resides somewhere in your network and this client will connect, when on a premise local to that network i.e. via WLAN to vlan-90 or will it use a VPN as well when abroad?

When abroad, what networks will it connect to simultaneously - vlan-90 via VPN *PLUS* ZT via zt-client or only one at a time?

When connected to vlan-90 only, do you wish it to be able to connect to plex as well?

 

30 minutes ago, Hank Moody said:

- ZT-App on Android

--Mobile 4G

--ZT 192.168.191.4

OK, this is the one parent, with a remote devioce that should be able to access plex, right?

 

30 minutes ago, Hank Moody said:

All on Version 1.6.5, Online, with Public-IP listed (wasn't the case when the zt-docker was in a vpn'd vlan);

All devices can ping each other trough their ZT-IP with ping not higher than 128ms.

...good.

30 minutes ago, Hank Moody said:

 

My Plex-Server on unraid

- 10.1.30.1 vlan-30

 

My ZT-Node on unraid

--10.1.100.201 vlan-100

 

pfSense let's pass traffic from vlan-100 to Plex-IP in vlan-30; this is now setup and working without problems. 

OK, see me remark regarding clients in vlan-90 above.

Also: ZT is not doing NAT, so ZT clients will connect to any service with IPs from the 192.-168.191.0/24 range.

So you want pfsense to allow traffic originating from 192.168.191.0/24 and destination 10.1.30.1 (plex)

 

30 minutes ago, Hank Moody said:

In it's core all I want to accomplish is to use the ZT-Node on Unraid (vlan-100) let all other ZT-Nodes access Plex (vlan-30) without much more than confirming those ZT-Nodes in ZT-Central.

...then, in ZT central add a single route to the plex host 10.1.30.1/32 with gateway 192.168.191.2 (which is your zt-docker).

Note: since plex-docker and zt-docker do reside on the same unraid box, unraid (might) have a direct/local route available.

See my next response, below.

 

30 minutes ago, Hank Moody said:

And here I'm stuck: In my desired scenario I'd like to have this one and only ZT-Node/docker to route all the other ZT-Nodes to my Plex instance; as much as I understand from your statements (marked bold) do I need to setup a route for every node I let into my private-sdn?

 

please Check the routes on unraid host (what is the output of "route -n" via command line)?

 

We need to find out which path packets from zt-clients go when trying to reach plex and also which way return packets from plex go, trying to get back to a zt-client. Here the correct gateway is 10.1.100.201 (the "iunraid"-side/IP of your zt-docker). 

All will depend on the routing table if unraid can identify the route/path locally or will use the default gateway (your pfsense).

  • Thanks 1
Link to comment
2 hours ago, Ford Prefect said:

...so, this has moved since last time.

Nevertheless, this means that from inside your ZT-network, each ZT-client will have to use IP 192.168.191.2 as gateway for any host or network you would like to access via the ZT-docker.

Do I have to toggle anything in the ZT-Clients or is this done via ZT-Central?
TM9am0d.png

 

Quote

just to clarify...vlan-90 also resides somewhere in your network and this client will connect, when on a premise local to that network i.e. via WLAN to vlan-90 or will it use a VPN as well when abroad?

This is a local vlan, every client when away would connect via ZT.

 

Quote

When abroad, what networks will it connect to simultaneously - vlan-90 via VPN *PLUS* ZT via zt-client or only one at a time?

^Only one at a time

 

Quote

When connected to vlan-90 only, do you wish it to be able to connect to plex as well?

When I'm connected to vlan90 locally I have the fw-rules allowing me access to plex on vlan30

 

Quote

OK, this is the one parent, with a remote devioce that should be able to access plex, right?

Exactly

 

Quote

Also: ZT is not doing NAT, so ZT clients will connect to any service with IPs from the 192.-168.191.0/24 range.

So you want pfsense to allow traffic originating from 192.168.191.0/24 and destination 10.1.30.1 (plex)

I tried my best, is this rule ok?
Alias zt_net_plex = 192.168.191.0/24
Alias media = 10.1.30.1

I'm unable to ping plex over zerotier..:/

HcZTREq.png

 

Quote

...then, in ZT central add a single route to the plex host 10.1.30.1/32 with gateway 192.168.191.2 (which is your zt-docker).

Note: since plex-docker and zt-docker do reside on the same unraid box, unraid (might) have a direct/local route available.

See my next response, below.

qlOJeQA.png

Quote

please Check the routes on unraid host (what is the output of "route -n" via command line)?

 

We need to find out which path packets from zt-clients go when trying to reach plex and also which way return packets from plex go, trying to get back to a zt-client. Here the correct gateway is 10.1.100.201 (the "iunraid"-side/IP of your zt-docker). 

All will depend on the routing table if unraid can identify the route/path locally or will use the default gateway (your pfsense).

ExXgjpR.png

FYI I'm using 3 eth-ports, whereas only port-1 is used/bridged for docker;
- I have absolutely no clue where 172.17.0.0 and 192.168.122.0 come from (sweating a little bit..)


Man, THANK YOU!! :) I owe you a lot

Edited by Hank Moody
Link to comment
1 hour ago, Hank Moody said:

Do I have to toggle anything in the ZT-Clients or is this done via ZT-Central?
TM9am0d.png

NO, this should be OK on client side. 

 

1 hour ago, Hank Moody said:

I tried my best, is this rule ok?
Alias zt_net_plex = 192.168.191.0/24
Alias media = 10.1.30.1

...this is with pfsense? I have no clue how routes are defined or even worse, firewall rules....BSD-style is something that never got sticky in my head, sorry.

 

This is the required logic...if an alais will help, just do/use it.

You need, in your pfsense firewall, to (if not allowed by default):

 

- allow forwarding of packets originating from zt_net_plex (state=new, incoming over vlan-100) to plex/media, IP 10.1.30.1.

- allow forwarding packets originating (state=established, =related, not=new, not=invalid) from plex/media to zt_net_plex 

 

Also, in your pfsense routing table:

- create a static route to zt-net_plex 192.168.191.0/24 with gateway 10.1.100.201 (unraid-zt-docker).

 

1 hour ago, Hank Moody said:

I'm unable to ping plex over zerotier..:/

because each connection needs a path towards its destination and for returns as well.

See my remarks above....at least that static route via zt-docker seems to be missing in pfsense.

 

1 hour ago, Hank Moody said:

 

qlOJeQA.png

...that looks OK now. Every zt-client trying to reach plex will direct the connection via zt-docker interface ... just make sure, that this IP 192.168.191.2 is allocated as static in zt-centtal ;-)

 

1 hour ago, Hank Moody said:

ExXgjpR.png

here you can see, that on the unraid host, there is no known route to zt-network (192.168.191.0/255.255.255.0).

Hence you need to route traffic via your pfsense...create the static route as described above....plex and zt-clients will, based on that routing table on your unraid host, direct outgoing traffic to your pfsense (the default gateways 10.1.30.254 / 10.1.100.254).

 

1 hour ago, Hank Moody said:

- I have absolutely no clue where 172.17.0.0 and 192.168.122.0 come from (sweating a little bit..)

these are default interfaces/IP-nets for Docker and Virtual-Machines, for when no custom network is used ... don't worry. 

 

....looks like you "only" need to get your pfsense setup updated. Unfortunately, I am not familiar with these, sorry.

  • Thanks 1
Link to comment
  • 2 months later...
3 hours ago, Braulio said:

I started the ZeroTier container in unraid and now I can't connect through the web to manage the unraid.

How to solve this? I can't restart the unraid because it doesn't access anything.

 

Hi Braulio, connect a Keyboard and monitor to your unraid server and stop zerotier container through the terminal console.

 

Link to comment
3 hours ago, DjBill said:

 

Hi Braulio, connect a Keyboard and monitor to your unraid server and stop zerotier container through the terminal console.

 

I didn't make it. Start in visual mode (second option) and it doesn't open.

Inside the pendrive, what is the docker file? I can delete?

 

Maybe I can edit the zerotier XML on the flash USB and change "load auto" to false.

Do you know where in xml?

Edited by Braulio
Link to comment
  • 3 weeks later...

Hi! Thanks to bring this app to Unraid, It's a great solution for people like me that don't want to deal with more complex VPNs.

 

I spent some days reading this topic but I'm having trouble to set up your container. If I used it as a Host network it goes always as Offline mode, if I use it as Bridge it connects and I can ping it from other devices with the ZT ip for the container, but I don't have access to Unraid webgui, I only can access to containers that I use with the parameter "-net=container:ZeroTier" but seems not to comunicate with Unraid it self.

 

I can access, without problem, other servers at home that I install ZeroTier as a service, like one server that has OMV 5 installed (Raspberry Pi Debian). And my computers (Macos) can access each other wihtout problem with the ZT lan. I can share files, remote control display...)

 

Maybe is something related to that my LAN is behind a double-nat router system. As I got connected by an Ubiquiti "LiteBeam 5AC Gen2" antenna that I don't control, which is plugged to my pfSense router on the WAN port.

For example to use Plex remotely I had to ask my ISP to open the Plex port and port-forward it to my Unraid server on the pfSense router.

But if this is the case, I don't get why my Raspberry Pi with ZeroTier as services conects fine.

 

I also tried to use the 1.6.2 tag but without luck, so I guess is something related to my setup.

 

Hope someone can get me on the right direction. Thanks in advance!

Captura de pantalla 2021-09-12 a las 12.32.54.png

Captura de pantalla 2021-09-12 a las 12.33.28.png

Captura de pantalla 2021-09-12 a las 12.38.27.png

 

EDIT:

After one hour running the docker container on Host mode, seems to be connected right now. Maybe in my case it took longer to connect on Host mode, strange. I have access to Unraid Webgui and can ssh using 4g phone connection.

 

Hope it still running without problems.

I'm going to leave this post as maybe someone with same problem can just try to leave it running for a while.

 

EDIT 2:

Now seems not be connecting again. For no reason.

Edited by guillelopez
Link to comment
  • 3 weeks later...

Hi guys, 

 

just installed zero tier today and i can ping and can access the server via ssh, but I have no access to the web interface to manage the sever.

Maybe the MyServers plug-in stays in the way? Any suggestions? 
 

EDIT: 

Found a solution myself. 
I have to disable the SSL/TLS in Management Access unser Settings. I used the Unraid my servers plugin, that’s because I used the SSL/TLS. 

Edited by DiaboloVampire
Link to comment
  • 2 weeks later...

Hi. I found a serious issue of this docker container when used in conjunction with an OpenWrt VM. Auto-start of this docker container makes me unable to access the unraid server after rebooting.

 

I used an OpenWrt VM as my router for internet access as well as a gateway for Zerotier virtual network. As shown below, the IP of the router in Zerotier is 10.147.17.131 and my physical subnet is 192.168.31.0/24. I have a Zerotier docker container on my unraid as a backup.

 image.thumb.png.7a81d64658d7061da8048089914b1fe4.png

 

When I reboot, as the unraid server boots before the OpenWrt VM, it is not able to get the correct route information for the physical NIC. Instead, it places the route acquired from Zerotier first. This makes it impossible to access the unraid server from LAN or from Web, as the route is wrong and it will keep trying to connect to anything in the subnet including the OpenWrt router through the Zerotier gateway at 10.147.17.131. 

 

I speculate this behaviour can be avoided if either 1. like other clients, add an option to disallow route through zerotier 2.. the container configures the route table after the correct one is acquired.

Link to comment
Posted (edited)
34 minutes ago, rrr01 said:

Hi. I found a serious issue of this docker container when used in conjunction with an OpenWrt VM. Auto-start of this docker container makes me unable to access the unraid server after rebooting.

 

I used an OpenWrt VM as my router for internet access as well as a gateway for Zerotier virtual network. As shown below, the IP of the router in Zerotier is 10.147.17.131 and my physical subnet is 192.168.31.0/24. I have a Zerotier docker container on my unraid as a backup.

 image.thumb.png.7a81d64658d7061da8048089914b1fe4.png

 

When I reboot, as the unraid server boots before the OpenWrt VM, it is not able to get the correct route information for the physical NIC. Instead, it places the route acquired from Zerotier first. This makes it impossible to access the unraid server from LAN or from Web, as the route is wrong and it will keep trying to connect to anything in the subnet including the OpenWrt router through the Zerotier gateway at 10.147.17.131. 

 

I speculate this behaviour can be avoided if either 1. like other clients, add an option to disallow route through zerotier 2.. the container configures the route table after the correct one is acquired.

Hey.
 

Are you sure you are solving the problem from the right end?

 

Quick look at articles and discussions like https://zerotier.atlassian.net/wiki/spaces/SD/pages/193134593/One+Port+Linux+Bridge

https://www.google.com/amp/s/amp.reddit.com/r/zerotier/comments/dc03me/having_some_trouble_with_managed_routes_static/

makes me think that you should be playing with your router, not this zeroiter container on your unraid.

 

This symptom “This makes it impossible to access the unraid server from LAN” especially points me in this direction. Playing with managed routes on unraid will change what can be accessed from the unraid. But it shouldn't affect availability of unraid for other computers in local network. This sounds like a router setting problem for me.
 

Let me know. If you want to have basically ‘zerotier-cli set network_id allowManaged=0’ available through the image settings - I can do it for you, no biggie. But I don't think it's a root of your problem and there is a high chance you approach the problem from the wrong end.

Edited by Dmitry Spikhalskiy
Link to comment
7 hours ago, Dmitry Spikhalskiy said:

Hey.
 

Are you sure you are solving the problem from the right end?

 

Quick look at articles and discussions like https://zerotier.atlassian.net/wiki/spaces/SD/pages/193134593/One+Port+Linux+Bridge

https://www.google.com/amp/s/amp.reddit.com/r/zerotier/comments/dc03me/having_some_trouble_with_managed_routes_static/

makes me think that you should be playing with your router, not this zeroiter container on your unraid.

 

This symptom “This makes it impossible to access the unraid server from LAN” especially points me in this direction. Playing with managed routes on unraid will change what can be accessed from the unraid. But it shouldn't affect availability of unraid for other computers in local network. This sounds like a router setting problem for me.
 

Let me know. If you want to have basically ‘zerotier-cli set network_id allowManaged=0’ available through the image settings - I can do it for you, no biggie. But I don't think it's a root of your problem and there is a high chance you approach the problem from the wrong end.

Hello

 

Thank you for the prompt reply. 

 

I feel it should be an issue within Unraid. To summarise the problem, once there is no available router or DHCP server in the network, as they actually boot after unraid and dockers, unraid server will acquire route rules for the physical subnet from Zerotier, instead of getting those later from router and DHCP servers. Therefore, as long as the router is added after unraid booting, it does not matter what router or what setting I have on the router. The unraid server simply wouldn't communicate with anything in the subnet, including the router, as it route all the traffic through the zerotier virtual nic.

 

The most comprehensive solution might be avoiding adding to the route table until the physical nic gets the right information in the route table. But I guess it is a lot of work. To prevent this from happening, I speculate adding an option to disable this 'adding to route table' behaviour will be sufficient. 

Link to comment
23 hours ago, Dmitry Spikhalskiy said:

Hey.
 

Are you sure you are solving the problem from the right end?

 

Quick look at articles and discussions like https://zerotier.atlassian.net/wiki/spaces/SD/pages/193134593/One+Port+Linux+Bridge

https://www.google.com/amp/s/amp.reddit.com/r/zerotier/comments/dc03me/having_some_trouble_with_managed_routes_static/

makes me think that you should be playing with your router, not this zeroiter container on your unraid.

 

This symptom “This makes it impossible to access the unraid server from LAN” especially points me in this direction. Playing with managed routes on unraid will change what can be accessed from the unraid. But it shouldn't affect availability of unraid for other computers in local network. This sounds like a router setting problem for me.
 

Let me know. If you want to have basically ‘zerotier-cli set network_id allowManaged=0’ available through the image settings - I can do it for you, no biggie. But I don't think it's a root of your problem and there is a high chance you approach the problem from the wrong end.

FYI there are people having similar issue as me https://github.com/zerotier/ZeroTierOne/issues/787

 

One solution is to disable allowmanaged, but that means there needs to be a way to manually specify the IP address of the zerotier adapter, either a script in the container or a script in userscript maybe.

 

Thanks!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.