Can Zerotier block network IPs?

marziniconsulting · April 4, 2024, 12:49pm

I had a problem with zerotier not connecting from any of my servers located at server4you (GoDaddy), it was working perfect since few weeks ago, then nothing.
What I found is this: I can’t ping any of these root servers:
https://zerotier.atlassian.net/wiki/spaces/SD/pages/7241732/Root+Server+IP+Addresses

Server4you says that “we don’t block anything…ask to Zerotier”.

So I’m here asking, can the root servers of zerotier ban/block some piece of network ips (92.204.40.0 - 92.204.41.255 in my case)

Thank you.

Best,
Alessandro

zt-grant · April 4, 2024, 3:50pm

We do not block any traffic at our root servers.

marziniconsulting · April 4, 2024, 8:55pm

Thank you for the quick reply.

This is the reply from my provider

I have just checked and found out that the server Zerotier shows as filtered through the IP address that it resolves to

Here is the Nmap report:

malta21088:~# nmap 104.194.8.134 -Pn -p 22
Starting Nmap 7.70 ( https://nmap.org ) at 2024-04-04 21:04 CEST
Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 50.00% done; ETC: 21:04 (0:00:01 remaining)
Stats: 0:00:02 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 99.99% done; ETC: 21:04 (0:00:00 remaining)
Nmap scan report for 104.194.8.134
Host is up.

PORT STATE SERVICE
22/tcp filtered ssh

Nmap done: 1 IP address (1 host up) scanned in 2.13 seconds

Also please send the support team of zerotier the following information aswell to show them that it appears that the issue is from their network

malta21088:~# mtr -r -c 10 104.194.8.134
Start: 2024-04-04T21:08:36+0200
HOST: malta21088 Loss% Snt Last Avg Best Wrst StDev
1.|-- static-ip-92-204-40-2.ina 0.0% 10 0.4 1.4 0.3 6.0 1.9
2.|-- 92.204.12.16 0.0% 10 0.4 0.5 0.3 0.7 0.1
3.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0

As I can see also the server is reachable around the world from all places so the issue is definitely not from our side

Best Regards,
Petar Hristov

zt-grant · April 4, 2024, 9:05pm

There’s something between you & the root that is doing that.

NMap from where I’m currently sitting:

$ nmap 104.194.8.134 -Pn -p 22
Starting Nmap 7.94 ( https://nmap.org ) at 2024-04-04 13:56 PDT
Nmap scan report for 104.194.8.134
Host is up (0.0055s latency).

PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.02 seconds

As I said before, we do no blocking or filtering of traffic at the roots.

marziniconsulting · April 5, 2024, 12:18pm

Thanks again for your reply.
It’s the same things I told the provider that is now investigating with the network provider (GoDaddy).
Also from my internet at home ssh port is open and the root servers are pingable.
I keep you posted just in case it happen to someone else.

Best,
Alessandro