Cannot get 'drop not chr ipauth' to work

Hey, guys, I’m hoping I’m just being a total newbie and missing something here but whenever I try and add the ‘drop not chr ipauth’ rule to my flow rules, it starts dropping everything. I have 2 members on the network - both Ubuntu 20.04 machines - with 1 having a fixed managed IP and the other getting a managed IP from the pool. I’m not manipulating any IPs on either host. My understanding was that I don’t need to do anything special here. Any help would be appreciated!

Here are my flow rules:

# Member tags
tag vpc_gateway
	id 100
	enum 0 No
	enum 1 Yes
	default No
;

# Copy all traffic to another member
# tee -1 some_member_id
# ;

# Whitelist only ARP and IPv4 traffic (since we don't use IPv6)
drop                      # drop cannot be overridden by capabilities
  not ethertype ipv4      # frame is not ipv4
  and not ethertype arp   # AND is not ARP
  #and not ethertype ipv6  # AND is not ipv6
;

# Allow only ZeroTier-assigned IP addresses
#drop
#  not chr ipauth
#;

# Drop any traffic that's not between a member and a VPC gateway or between VPC gateways
break
	not txor vpc_gateway 1
	and not teq vpc_gateway 1
;

# Allow all ICMPv4 traffic
accept
	ipprotocol icmpv4
;

# Allow UDP traffic
accept
	ipprotocol udp
  #and dport 53
;

# Allow TCP traffic
accept
  ipprotocol tcp
  #and dport 22 or dport 3389 or dport 2049
;

# Drop TCP SYN,!ACK packets (new connections) not explicitly whitelisted above
break                     # break can be overridden by a capability
  chr tcp_syn             # TCP SYN (TCP flags will never match non-TCP packets)
  and not chr tcp_ack     # AND not TCP ACK
;

# Accept anything else. This is required since default is 'drop'.
accept;