IPv4 Auto-Assign

Can I use any IP range for IPv4?
I tried adding a Managed Route 1.1.1.0/32
And Auto-Assign Pool 1.1.1.1 - 1.1.1.9
and assigning Managed IPs 1.1.1.1, 1.1.1.2 etc
But they don’t seem to work.

Those are globally routed IPs. In order to prevent hijacking of someones traffic just by joining a network, each client has to allow the setting of globally routed IPs & routes.

In the UI see the “Allow Global Internet IPs” checkbox in the control panel.
image

Or from the command line, you can do: zerotier-cli set $networkID allowGlobal=1. Note that if you leave & re-join the network you will need to reset the global addressing setting.

1 Like

Thanks, that worked!

Is allowing Global Internet IPs less secure?

I wouldn’t say “Less Secure”, but it’s definitely not recommended unless you know what you’re doing. It’s best to stick with the RFC1918 address ranges since those aren’t routed over the internet to begin with.

For an example, by overwriting 1.1.0.0/16, you’re essentially removing normal internet access to all addresses from 1.1.0.0 to 1.1.255.255 on the machines where you’ve joined this network & allowed global addressing. Cloudflare’s DNS lives at 1.1.1.1, and that’s one thing that won’t be accessible on a machine joined to your network in this configuration.

1 Like

Ah, I get it now. Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.