Coma Bug Update

After working with a user directly experiencing the issue and tracing packets from his machine to our roots & back, I’m pretty sure we’ve discovered the cause of the coma issue that some users are having where the PLANET/root servers are showing RELAYED in the zerotier-cli peers output. The culprit? Your routers.

What is happening is that your router likely has some “security” software on it that is classifying ZeroTier traffic as “malicious” and therefore blocking it. This explains why changing your Node ID resolves the issue as well. ZeroTier opens multiple ports on startup to help deal crappy NAT implementations. The secondary & tertiary ports are deterministically chosen based on the Node ID. Once a new port is being used, the traffic starts flowing again.

I’ve pushed a new change to the dev branch (4fed564) that makes the secondary & tertiary ports completely randomized on startup and no longer deterministic based on the node ID. We’re also investigating ways to detect when all the PLANET/roots go to the RELAYED state and re-randomize the ports automatically so that it won’t require a restart. No ETA on that 2nd patch, though.

Immediate workarounds:

  1. Download & build the dev branch.
  2. You can alter the ports ZeroTier uses via local.conf

The conf file can be found (if you’ve already created one) in one of these places depending on your OS:

  • Windows: C:\ProgramData\ZeroTier\One
  • Macintosh: /Library/Application Support/ZeroTier/One
  • Linux: /var/lib/zerotier-one
  • FreeBSD/OpenBSD: /var/db/zerotier-one

If the file doesn’t exist, simply create it. In there you can set one or all of the following options:

  • primaryPort
  • secondaryPort
  • tertiaryPort

Caveats:

  • this is a JSON file and must be valid JSON. Stray commas, missing commas, missing quotes, etc will cause parse errors and ZeroTier’s defaults will be used instead (or ZeroTier may not start at all)
  • changing primaryPort from 9993 will break the UI app on Windows and macOS. Try setting ONLY the “secondaryPort” option first.

example local.conf file setting only the “secondaryPort” option:

{
  "settings": {
    "secondaryPort": 21234
  }
}
2 Likes