Accessing device management interface over ZT network

We are trying to move our remote management access/vpn to Zerotier. I have created a ZT network, joined our office Mikrotik router to the network and setup all of the managed routes in ZT Central. From a remote machine joined to the ZT network I can ping all of our Cambium gear, I can SSH into our Cambium gear, but if I try to access the web interface it times out and packet captures show out of order packets. we have some UBNT backhauls that I have no problem accessing their web UI and I can access our Netonix switches with no issues.

we have about 150 Cambium Epmp APs and SM’s and they all seem to suffer from this same thing. Does anyone have any ideas as to what might be going on here?

Hello. That’s strange. Are you getting “direct” connections to the Cambium devices?
sudo zerotier-cli peers

@zt-travis I am not 100% sure where I am supposed to check that. I am running ZeroTier on a Mikrotik router connected to our network and a Windows PC as the remote computer.

This will help with Windows. Not sure how to get into a cli on mikrotik. They might just have the info available on one of the web ui pages.

the cli is showing a direct peer to my Mikrotik router from my windows PC. The mikrotik Zerotier-CLI does not seem to show if peers are direct or not.

I just setup wireguard VPN and everything is working as expected.

I would really like to use ZeroTier is the setup for our remote people would be much easier for me to manage.

OK. Great. That means it’s direct in the other direction too.

We’ve seen similar reports with some http servers, but haven’t really been able to reproduce.

The mikrotik zerotier service is heavily modified by mikrotik, so I’m not sure how relevant.

Is zerotier using all of the cpu on the router? Can you rate limit the zerotier interface? just some guesses.

CPU usage is sitting at 0%. I am not seeing a way to rate limit the interface. Could the issue be caused by the compression? I don’t see a way to disable that either.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.