You can also tap on an existing network in the app to bring up the config screen to enable it.
I only have a general “Route via Zerotier”. And that does not seem to work. But it worked on a Windows Client.
Also, when I want to add a new network the option is greyed out. External configuration required.
You have to enter the network ID before the option will be available when joining a new network. And if you have IPv6 available on your phone, you’ll also need to configure IPv6 forwarding through your ZeroTier network. Pretty much the same process, just longer IP addresses. More information available in the same link Travis posted above.
Hmmm.
I deleted the app data and then setup the app again.
I disabled IPv6, enabled routing all traffic.
Still no internet access from my mobile. Windows and Linux are both working.
Hello everyone,
so, first and most important of all:
thank you Grant! Your managed route worked for my Linux client!
Less important but also relevant:
it does not seem to work on Android. I adjusted everything the way you said but internet does not work at all.
So, with the new setting I cannot access the internet at all. The new managed route kills the internet for Android devices but works for Windows and Linux. Is this a bug maybe in the Android app?
Tested on Samsung S10+ running Android 10.
Hello again,
I have to unmark this topic as solved because I somehow cannot get my Linux client to work now.
The Server seems to be setup correctly because my Windows Notebook works (both LAN and internet are being router through my router at home).
But on my Linux machine I cannot get it to work because there only the LAN is reachable but I cannot access the internet at all. If I disable allowManaged, then I can access the internet but it is not routed through my home network.
I am obsiously missing something.
Am I missing something?
My procedure was:
curl -s https://install.zerotier.com | sudo bash
sudo zerotier-cli join xxxxxx
zerotier-cli set xxxxxxx allowDefault=1
Is there something else needed? I then tried setting allowDefault and allowManaged to their opposite values just to exhaust all possibilities but it is still not working.
This is the output when I et allowDefault and allowManaged to 1:
root@piclient:/home/pi# zerotier-cli set xxxxxx allowManaged=1{
“allowDefault”: true,
“allowGlobal”: false,
“allowManaged”: true,
“assignedAddresses”: [
“192.168.0.3/23”
],
“bridge”: true,
“broadcastEnabled”: true,
“dhcp”: false,
“id”: “xxxxxxxxxxx”,
“mac”: “76:xx:xx:ca:92:cc”,
“mtu”: 2800,
“multicastSubscriptions”: [
{
“adi”: 0,
“mac”: “01:xx:xx:00:00:01”
},
{
“adi”: 0,
“mac”: “01:xx:xx:00:00:fb”
},
{
“adi”: 0,
“mac”: “33:xx:xx:00:00:01”
},
{
“adi”: 0,
“mac”: “33:xx:xx:00:00:fb”
},
{
“adi”: 0,
“mac”: “33:xx:xx:ca:92:cc”
}
],
“name”: “Whatever”,
“netconfRevision”: 36,
“nwid”: “XXXXXXXXXXX”,
“portDeviceName”: “ztwdjlnlsc”,
“portError”: 0,
“routes”: [
{
“flags”: 0,
“metric”: 0,
“target”: “0.0.0.0/0”,
“via”: “192.168.0.1”
},
{
“flags”: 0,
“metric”: 0,
“target”: “192.168.0.0/23”,
“via”: null
}
],
“status”: “OK”,
“type”: “PRIVATE”
}root@piclient:/home/pi#
Does anybody see the problem? I am sure it is something realllllly simple. But I cannot see it.
And as I said, Windows Notebook works.
By the way, iptables-save shows up blank. So absolutely no rules.
When I run route with allowManaged=0 it is fast and shows:
}root@piclient:/home/pi# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 202 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
root@piclient:/home/pi#
but with allowManaged=1 (as it should be), it is surprisingly slow and shows
root@piclient:/home/pi# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 128.0.0.0 UG 0 0 0 ztwdjlnlsc
default 192.168.1.1 0.0.0.0 UG 202 0 0 eth0
128.0.0.0 192.168.0.1 128.0.0.0 UG 0 0 0 ztwdjlnlsc
192.168.0.0 0.0.0.0 255.255.254.0 U 0 0 0 ztwdjlnlsc
192.168.1.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
root@piclient:/home/pi#
I manually set bot net.ipv4.ip_forward = 1 and net.ipv4.conf.all.rp_filter=2 in /etc/sysctl.conf. Still just LAN access (home) but no internet access.
I started from a clean Raspberry Pi OS and only ran the commands mentioned in my previous post plus adjusted the sysctl.conf.
I am still surprised that iptables-save shows nothing. Is that okay?
Does the server somehow remember which client ran the allowDefault and then only allows one client to do so? I am just asking because of the comment in the last paragraph of step 3.
you may need allowGlobal=1 as well since you’ll be routing to global IP addresses.
I will try tomorrow, but on Windows I do not need it. Or rather, when I emable it my internet is not routed through my router at home but instead goes directly to the internet here.
Well from your ip addr output in a post above, and as I stated might be the case in a previous reply, you’re on a dual stack network. IPv4 and IPv6. So that means if your system prefers IPv6 (most do these days), then IPv6 traffic is not going to through the IPv4 configured default route. You’ll have to configure your network to route IPv6 traffic as well, or disable IPv6.
Is this client or server based?
My server at home is connected to a pure IPv6 only internet connection. But can I remotely determine the IPv6 of my router? The router is, after all, not connected to Zerotier. Only my Raspberry Pi at home is connected to Zerotier and at the same time to the router.
I will post another ip addr when I get home later. Because the one above is from before resetting my OS.
It seems easier to disable IPv6 for the Zerotier network. Is there a simple setting for that in Zerotier? Or is this an actual “outside” IPv6, e.g. when my ISP only offers IPv6?
EDIT:
root@piclient:/home/pi# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether dc:xx:xx:b6:1a:87 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.107/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0
valid_lft 3492sec preferred_lft 3042sec
inet6 fe80::xxxx:f794:61e4:a1c7/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether dc:xx:xx:b6:1a:88 brd ff:ff:ff:ff:ff:ff
4: ztwdjlnlsc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 76:xx:xx:ca:92:cc brd ff:ff:ff:ff:ff:ff
inet6 2a02:xxxx:9040:3eb4:744d:aaff:feca:92cc/64 scope global dynamic mngtmpaddr
valid_lft 5398sec preferred_lft 2698sec
inet6 fe80::744d:aaff:feca:92cc/64 scope link
valid_lft forever preferred_lft forever
root@piclient:/home/pi#
P.S.: I am less familiar with the IPv6 syntax, that’s why I would prefer to stick to IPv4, if that is possible and force “internal” use of only IPv4 (within Zerotier, as I obviously cannot change whether my ISP gives me a IPv4-only or IPv6-only connection).
P.P.S.: In your examples, you mention the “default gateway”. In my case, would that be the zerotier server (Raspberry Pi) running zerotier or would it be the actual router? Bcause right now the managed route for IPv4 goes to the router and not the Raspberry Pi zerotier server (which works on my Windows client).
If your internet connection is IPv6 only, then attempting to route only IPv4 traffic to the internet makes no sense at all. That’s not going to work.
Home ISP = IPv6 only
Mobile phone network = IPv4 only
Most hotels = IPv4 only
Current apartment network = no idea.
If you can help me figure out how to make my network capable of both, then I would be very happy to set it up accordingly:)
But I am not so familiar with IPv6.
How can I figure out the IPv6 of my router? I mean the static IPv6 of my router. Because the static LAN IPv4 is 192.168.0.1. But I guess I would need the matching IPv6 for the managed route, correct?
You’re going to have to read up & learn IPv6. Same basic concept as IPv4, but there are 128-bits in an IPv6 address instead of 32 in an IPv4 address.
But if home is IPv6 only, there’s no way to route IPv4 through that without some extra stuff that’s way beyond the scope of support we can offer.
But it is already working. My Windows notebook is being routed through it.
P.S.: Windows Notebook and Linux Raspberry Pi Client are both here with me in the remote apartment. So both are using exactly the same network.
P.P.S: Is the WAN IPv6 adress of my router any use?
Okay, so, important question:
what is the difference between the Zerotier Windows 10 app and the linux cli/Android app?
There has to be one main difference that prevents Android&Linux from routing to the internet but let’s Windows access the internet through my home network.
The Zerotier WebUI is the same after all.
And in Windows you only have very very little choice in what you click. But the exact same settings do absolutely nothing in Linux or Android. On those two only the intranet can be access but not the internet.
Win, Linux and Android are all connected to the same router. So it is not a network issue. It has to be something that is not being set by the zerotier-cli automatically. At least not in the same manner the Windows app does.
Anybody?
There must be something here that is causing this. I cannot be the only one with this issue.
Isn’t anybody else trying to use a Linux device with Zerotier as VPN?
This topic was automatically closed after 14 days. New replies are no longer allowed.