A laptop is connected to a router
(direct wired ethernet connection).
Both have ZT installed,
and ZT is always running on the router.
If ZT is not running on the laptop,
and I ping the routers ZT address,
I get a response.
This is expected as the router knows its ZT address.
Also, as expected, the laptop and the router can ping each other using their lan addresses.
BUT if I start ZT on the laptop
and ping the router’s ZT address, I get
Destination Host Unreachable
This seems to make no sense.
Also, If I ssh into the router
and ping the laptop - same result:
Destination Host Unreachable
This also makes no sense.
If however the laptop is on a separate network
(eg hotspotted into the mobile network)
it can ping the router and the router can ping the laptop using their ZT addresses.
This is expected.
Also, 2 ZT laptops in the same network can ping each other
by their ZT addresses, as expected.
I have spent many hours testing many different variations of this configuration
and all give the same result:
A device (eg laptop, mobile) and a router on the same network
cannot reach each other using their ZT addresses
and can only reach each other if they are on different wan’s.
So the conundrum is:
why can ZT devices ping each other when they are on different networks
but not when they are on the same network?
(routers running Teltonika’s OpenWrt, Laptops running Ubuntu).
Grateful for any inspiration here
Interesting question.
I can not personally answer this, because I’m new to ZT too, but I guess the pro users will need more data:
- Is the router’s ZT configured to run as a Bridge?
- What are the configuration of the laptop’s ZT ? (Allow Managed, Allow Assignment, etc)
- What are the configuration on the router’s ZT ? (Allow Managed, Allow Assignment, etc)
Settings are below.
the only one that I (knowing little) think could have an impact
is Allow Managed IP.
ZT Network Website
Managed Routes 172.29.0.0/16
no other routes added.
Router
The router is configured as a gateway.
Settings:
Bridge To none
Allow default route off
Allow global IP off
Allow managed IP on
Allow DNS off
Laptop
/var/lib/zerotier-one/local.conf
only setting is to change the default port.
Previous comment deleted because further testing I realised it was wrong
that it worked for mobiles.
In fact, as laid out above, ZT mostly does not work inside a network,
only between networks.
Maybe you know about these thing, but I write it down to make sure:
- If you type
route print -4
you can view the routing table, and guess why is not directing things in that way you like
- You can manually delete or add routes to test things.
- Maybe changing the route entry’s METRIC can help. Lower comes first. Minimum is: 20.
But globally I can not think, that in any scenario it would be possible to connect through your LAN to your router via ZT, if ZT is configured to bridge the same network!
Because that would cause a loop, which ZT (cleverly) auto-disables.
Also I don’t really understand in the first place:
Why would you want to connect to your local router from the same LAN through ZT ?
If you are on the same LAN, simple connect to your router though that!
(You can easily have 2 shortcuts in your browser. 1 for LAN connect, 1 for ZT connect remotely, when you are far away.)
Why would you want to connect to your local router from the same LAN through ZT
Yes, if I am doing it manually, of course I know where I am and can type in the local address.
The point of using ZT is for automated solutions like apps on phones or laptops that move from network to network.
A key reason for using ZT is a device can connect to a resource
whether it is in the same network or another network,
and will reestablish the connection if one of them moves
without needing to manually type in new addresses each time.
Route Output
On a laptop with ZT off:
Destination Gateway Genmask Flags Metric Ref Use Iface
default mcsyd2.mclan 0.0.0.0 UG 100 0 0 enp38s0f1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr2
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 virbr2
192.168.112.0 0.0.0.0 255.255.255.0 U 100 0 0 enp38s0f1
(pinging the router on 172.29.111.1 works.
laptop is 192.168.112.105 on the lan)
On same laptop with ZT on:
Destination Gateway Genmask Flags Metric Ref Use Iface
default xyz.xlan 0.0.0.0 UG 100 0 0 enp38s0f1
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr2
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 virbr2
172.29.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ztcfw36f3v
192.168.112.0 0.0.0.0 255.255.255.0 U 100 0 0 enp38s0f1
(pinging the router on ZT address 172.29.111.1 gives Destination Host Unreachable
laptop is 172.29.112.105 on ZT & 192.168.112.105 on the lan).
Does this tell you anything?