Downloads 10x slower if Zerotier is on - Need help evaluating Wireshark Capture

Hi,

we have been using Zerotier for the last year sucessfully to let our employees working from home feel like they are in the office. The connection itself works like a charm but we noticed that downloads outside of the Zerotier Network (ex. Dropbox, WeTransfer) across Windows and Mac are 10x slower if Zerotier is turned on. Usually we get full speed, thats 100mbit but if ZeroTier is turned one its usually around 500kbit/s. A download of 200mb takes 20 minutes and its driving us crazy.
I can’t find the problem and I already checked most things that came to my mind.

  1. Upnp is on
  2. IPv6 is on and devices can open ports by themselves
  3. All devices connect directly and do not relay
  4. The flowconfiguration is standard.

I captured a dropbox download from one our macbooks directly in the router but I do not have any experience in analyzing this traffic. So if someone could have a quick look at it maybe this could lead to a solution.
Here is the link -> https://we.tl/t-Xt9PdaPVHz
If you have any other why this is please tell me.
Our network id is 6ab565387a834a03 , if you want to check something specific please tell me beforhand what that is and I can approve you then.

Every help is appreciated!
Thank you very much!

Best wishes from Berlin

Luis Dinnebier

Update: The problems lies somewhere in our IPv6 configuration. After deactivating it speeds are back to normal. I will investigate it further. If you want to stay updated look at this thread here: Reddit

Saw your post on reddit, too. I’ve run into a similar issue before on my home network. What’s likely happening is that your router is sending out IPv6 Router Advertisement packets to the ZeroTier network. This is part of IPv6’s Neighbor Discovery Protocol (NDP).

What’s happening is that the machines connected to ZeroTier are seeing an IPv6 route advertised on the network and the OS is configuring itself to use it! Now all of your IPv6 traffic is going to that router over ZeroTier.

If you wish to have IPv6 on your network, but block the Router Advertisement packets from going over the ZeroTier network, you can add the following to your network’s Flow Rules before the final accept;:

drop
  icmp 133 -1 or
  icmp 134 -1 or
  icmp 137 -1
;

Thank you, unfortunately, this did not help. Now, the problem is also present if I have IPv6 turned on but Zerotier not.

This post was flagged by the community and is temporarily hidden.

If the issue is present when ZeroTier is not running, then ZeroTier can’t be the issue by definition.