Full tunnel with IPv6 suddenly quit working

I’ve had an IPv4/IPv6 full tunnel working for a few years.
Suddenly, in the last two days it stopped working.
I have a server in colocation acting as a gateway. I’ve done some troubleshooting with the provider.
I did have some trouble with ndppd once, a while ago…I thought maybe this was the same thing.
I’ve tried everything I can think to try, but it’s no longer working.
Has something changed?

We haven’t rolled out any changes this week.

I’ve had it running for a few years, like I said… so I’ve forgotten some details of the original setup.
How could I best troubleshoot this? Zerotier starts fine, I see no errors. The devices show as online in my.zerotier yet they can no longer get to the internet. My most common device is on two zt networks.
I’ve noticed that even though my internet breaks I can get to the devices on the non-tunneled zt network, but I can’t get to the devices on the full-tunnel network when zt is on. I can’t even use the zt address and ssh to any of the devices on the tunnel network.

Best I can point you to is our knowledgebase. It does indeed sound like an issue with ndppd but there’s no way for us to tell for sure from our end.


When I start zerotier on my client device (zt address I’ve just realized I can’t ping my gateway node I would think that maybe some update on my ubuntu client caused the problem accept that the network isn’t working on my android device either.

I think I’m zeroing in on the problem. I brought up my android device and I logged into my gateway machine. Both show as “online” in my.zerotier, yet I can’t ping the 172. address of the android device from the gateway. Also, I can’t ping the gateway 172 address from the gateway itself. Any ideas what could cause this? I checked all my configuration against the full tunnel instructions and all setting are still in place as expected. It seems like a bigger problem than just the full tunnel. I seems like this entire zt network is not functioning.

I’m seeing this message in centos 7 /var/log/messages
warning: `zerotier-one’ uses 32-bit capabilities (legacy support in use)
I greped the historical message files and it has no other occurrence.

This is a normal warning printed by Centos 7 based installs. I’ve seen it before myself but doesn’t affect anything.

Other than that, I can’t say what the issue could be as we have no visibility into your network, the traffic going over it, or the configuration of the individual machines on it. It’s likely something with your exit node, however.

I tried an uninstall - re-install it fixed nothing… I believe I’m dealing with some kind of firewall / routing issue now. My “exit node” is in colocation and it has a public static v4 and v6 IP (as well as a range of v6 addresses). In MyZT it shows it’s IP to be it’s static v6 address. I’ve noticed that I can’t even ping its v4 private zt address from some nodes. I’ve also noticed that v6 behavior on my T-mobile android device has gotten very screwy… I can’t ping v6 addresses at all, not even google dns servers.

I don’t know what to tell you but the issue isn’t on our end. We also use an IPv6 tunnel for things internally. Working fine. I also use T-Mobile on my phone. Also working fine.

That’s good to know… I think there is some traffic blocking happening on some of the networks being traversed. I may back off the ipv6 on the gateway node for the tunnel to see if routing into it on its v4 address gets the full tunnel working again.

I did make a bit of a discovery from the nodes I’m testing.
I have my laptop on comcast cable and it’s IPv6 behavior is significantly different from my phone on T-Mobile. Comcast seems to be blocking my IPv6 traffic in a way they weren’t last week.

This topic was automatically closed after 14 days. New replies are no longer allowed.