I have certain BGP peer that needs to be connected via tunnel. For that I have allowGlobal and allowDefault enabled to be able to reach the other end via tunnel. However, the existing session (to other peer) failed to connect. Does Zerotier route every traffic when these two attribute enabled? If so, how could I let ZeroTier only route specific traffic, or exclude other traffic? I don’t see and thing in the documentation.
PS. I installed ZeroTier via dnf on a RedHat compatible host (Oracle Linux 8).
Hello,
ZeroTier just adds routes to your system. You can check the system routing table to see what is happening. By default only traffic to other zerotier nodes goes over zerotier. Internet traffic works as normal.
You shouldn’t enable AllowDefault unless you have set up a default route on the zerotier network. (0.0.0.0/0 via 10.144.25.x)
I’ve disabled allowDefault now. But it seems to still route my network. Forgot to mention that the network I join isn’t the one I created.
I checked the kernel route table and can find the IPv4 (private IP range) and IPv6 route (multicast range, a /64 unicast prefix to the tunnel I joined). I can also see many traffic from AS399538 and AS7473 (Being filter from my route due to too small prefix, most higher than /80). But since I didn’t keep an log for general traffic I was unable to identify ZeroTier added route.