How can I make ZeroTier more reliable while using a VPN?

Hello. I’m on OS X 10.13.6, ZeroTier 1.4.6 and I use a VPN (AirVPN for being more precise). When I’m not connected to the VPN, ZeroTier works as it should. The moment I connect to the VPN, ZeroTier can’t connect to my ZeroTier network (though the GUI still says that is connected). Sometimes after a long period of time (maybe one day or more) ZeroTier can establish a connection. Is there something that I can do or check in order to make it work more stable?
I can provide all the information required, but for the moment I’m lost and don’t know from where to start or continue ;·) Any help will be appreciate it.

Hello!
The VPN takes over the networking for the system, and probably blocks the UDP ports ZeroTier needs to make direct connections. Not sure if there’s anything you can do about it.

Networking Info

Thanks Travis(?) for your answer. I’ll try to investigate a little bit more and see if I can make it work more reliably. If I find some solution I’ll report back. And if anybody has any suggestions, I’m all ears ;·)

I’ll been looking around (sorry nut I’m not an expert) and the VPN client has the option to route IP’s outside the tunnel. Does anybody knows which IP’s I have to route in order to connect to ZeroTier. Maybe this can work, and I’m willing to try ;·)

That’s tricky for ZeroTier because it’s peer to peer. The IPs of your peers (and the network controllers) change frequently.
The airvpn landing page says they are p2p friendly, so maybe you can find some docs or help related to p2p.

Hello Travis, thanks for your answer. Yes, AirVPN is p2p friendly and I can open ports. They have more info about it here. So for me the question is… Let’s say that I have opened port 44444 of the VPN that redirects to local port 9993… is there a way in ZeroTier Central to make that the traffic for my computer IP in ZeroTier (192.168.111.100 for example) redirects to the VPN server exit-IP and on port 44444 (which is redirected to my computer at port 9993). Does that make any sense?
Maybe using a flow rule? I’ve seen that there are Actions and Matches like redirect, ipdest, ipsrc, dport, etc. As I said before I’m not a network expert, but eager to learn and share my learnings with others. Any help will be appreciate it. Thanks.

(While I’m connected to the VPN, “zerotier-cli peers” shows some ztaddr and the link is RELAY. Does that mean that I’m reaching them but they can not reach me, correct? That is the reasoning behind my question of a flow rule.)

Hello
the flow rules won’t help you. They apply to the virtual network, not the underlying physical connection.

Relay means the connection between the two peers is bouncing through ZeroTier Inc servers. This can be slow.

You could try allowing port 9993 and mapping it to 9993.
Still very skeptical you’ll have much success. Good luck.

Hello, thanks for your answer!
OK, I see. I will try to investigate a little bit further and if I make any progress I’ll share it here.
Thanks again ;·)

Hi

I use airvpn as well. I have a router running at my parents house thats running airvpn, where I also have servers running zerotier. I haven’t had any major problems at all lately, but I have had some RDP problems before from my place.

I recently updated to the newest zerotier update. I currently can ping my devices and use ssh, and connect a little to my dockers webpages but the speed is extremely slow and it loses communication. I also cant RDP to my device. Everything worked fast and great on the previous zerotier update.

Update: I solved the issue. Everything works fine now.

Second update: Currently now sometimes it works and sometimes it doesn’t, anyone else having these issues. This newest update has defiantly caused zerotier to behave differently. I will probably have to wait and see. Sometimes it comes and sometimes it goes. When my devices connect to each other its also extremely slow.

Here are some potential causes and steps you can take to diagnose and improve the situation:
Steps:

  • If your VPN offers split tunneling like PureVPN or AirVPN offer this feature, enable it for ZeroTier. This allows ZeroTier traffic to bypass the VPN tunnel and utilize your regular internet connection.
  • Try setting ZeroTier’s DNS configuration to “Network DNS” in the client options. Alternatively, try using Google Public DNS (8.8.8.8 and 8.8.4.4) on both your system and the ZeroTier client.
  • Ensure your system and VPN firewalls are allowing traffic for ZeroTier’s port (9993). You might need to create specific firewall rules for UDP communication on this port.
  • Try tweaking the MTU setting on your ZeroTier interface to match the VPN interface MTU. Most VPNs have instructions for adjusting MTU within their documentation.
  • Enable ZeroTier to debug logging (instructions: https://my.zerotier.com/) and check the logs for any error messages while connected to the VPN. This might provide clues about the specific issue.
  • Ensure you’re running the latest versions of your VPN software and ZeroTier client. Updates often address compatibility issues and performance improvements.

Or you can:
Disconnect and reconnect your VPN after making any configuration changes.
Reboot your device after updating the software or adjusting settings.
Consult the ZeroTier community forums and documentation for help from other users and developers.