shows an example with a parameter [role] in it that isn’t actually listed in the “settings available” bit.
I have tried googling this but “role”, “upstream”, “virtual”, are seemingly too generic to come up with anything useful.
I am trying to come up with a way to get a ZT user behind a restricted firewall working. By restricted, I mean one that only allows a limited set of ports, eg 53/80/443. This is not a completely uncommon scenario.
I have got ZT1 working on a host in a datacentre, with its ZT port set to 443 and TCP/UDP 443 forwarded to it. This works fine when the client has unrestricted internet access, but once I move it behind a test router that only allows out 53/80/443, it stops.
So I thought perhaps creating a local.conf on the client to tell it how to reach this one specific host would do the trick [per comment from documentation “Hints on where to reach this peer if no upstreams/roots are online”]:
{
"virtual": {
"beef99cafe": {
"try": [ "192.0.2.1/443" ]
}
}
}
I know the zerotier-one service is reading this file fine [because with a syntax error in the service won’t start], but as far as I can tell with a packet capture, it just ignores it. The client never sends any packets to 192.0.2.1 so long as it can’t reach anything else.
I can’t be the only person trying to get this working from networks that don’t allow a great many services out to the internet.
