I am trying to set up a zerotier on separate device on my network to act as leaf (bridge), moon and controller. Device is behind single NAT with udp port 9993 forwarded and accessible from internet. Setup is working as expected and really well BUT only when devices are physically out of bridged network and when they are able to access builtin planets.
When mobile device (e.g. laptop) is in the bridged network itself, i experience “RELAY” on both my moon and public planets and links hardly work. I must say, that I added both inner and outer IPs when creating the moon. Tried also hinting them in local.conf with no success.
Another issue (kind of separate): If there are no access to builtin planets (or i blacklist them as routes to check), laptop reports “DIRECT” for moon with correct IP, but connections time out.
How to debug such issue? What settings can be tweaked? Is this an intended behavior to protect from zerotier-over-zerotier that can be disabled? Is it a glitch arising from using single node for multiple roles?
Do I need to go down the path of custom planets to completely untie from public ones? Can I still mix them?