multiple IPs from different nets problem


I want to use to nets 172.25/16 and 10.90/16 (for example) and give some hosts IPs in both, other hosts only in one of them.

I’ve set the ranges, I have both nets in the managed routes. When a host has IPs in both networks it’s local routing table is OK and it can ping both subnets.

When a (ubuntu) host has IP in only one of the networks, it’s routing table misses the rule for the other network and logically there’s no connectivity.

Feature or bug?

Welcome to teh forum.

Are you using two zerotier networks, or 1 network with 2 subnets configured?


One ZT “network” with two ip ranges.

In essence I’m asking if it’s expected that ZT would not add the route for the 2nd range when a host has address only in the first range.

Of course I could add the route myself but would’ve preferred if ZT does this. Also I’m probably not understanding correct what managed routes are supossed to do.

Attached is my config for reference. I’d expect to see both subnets routed to the ZT interface on the ubuntu host, but when only 1 IP is assigned (regardless which subnet) only the respective route is present.

Thanks! That makes sense.

ZeroTier is probably not assigning the route and/or address unless both exists. If there is a reason for it to act this way, I don’t remember what it is.

What are you trying to do, at a higher level? There may be a better way to accomplish the same goal.

update: did the same experiment on OSX and it works as I expected it to: whatever manager route I add, it gets added to the routing table immediately. Regardless if it applies to ip range listed in the UI. On Ubuntu this is not the case. No manage route ever added unless I assign IP in that range.

verified both have allowManaged=1

my managed routes:

ubuntu’s routing table:

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         _gateway         UG        0 0          0 eth0     U         0 0          0 wg0 UH        0 0          0 wg0 UH        0 0          0 wg0 UH        0 0          0 wg0     U         0 0          0 docker0     U         0 0          0 br-1141be4f8397     U         0 0          0 ztyqb6mt4e
_gateway UH        0 0          0 eth0   U         0 0          0 wg0   U         0 0          0 wg0   U         0 0          0 br-25c911f160a6

OSX routing table excerpt:

Destination        Gateway            Flags        Refs      Use   Netif Expire
default          UGSc          129        4     en1
default          UGScI           4        0     en0
10.90/16           link#10            UCSc            0        0 feth322      !
127                localhost          UCS             0        0     lo0
172.25             link#10            UC              1        0 feth322      !
192.168.33         link#10            UCSc            0        0 feth322      !
192.168.222      UGSc            0        0     en1

interesting how the 222 subnet got assigned to en1, interested how that’s determined? but I guess that’s bit of a hack?

Re what I aim: I’m used to have 10.x network for backbone and 192 or 172 network for “user space” so to say. I can do it by using one range, yes, but I’m learning and if you offer me >1 subnet I’m gonna test it out :slight_smile: and I feel like I caught a bug?

You may have!
I think you will probably run into issues if you do things this way. Which is fine if you want to, but it might not get addressed quickly.

Some alternatives are

  • use multiple zerotier networks.
  • use a 1 network and 1 subnet, but use the rules engine to isolate things

I’d appreciate also link to the documentation where managed routes are explained. I searched but could not find good explanation how this is supposed to work.

Could just be a limitation of Linux. I’m not sure off the top of my head. It may not allow LAN routes to be added without an interface assigned with an address on that LAN.

nope, no problems adding such route manually.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.