Hi Everyone,
I’m running into an issue with all nodes behind a pfSense firewall relaying while other nodes behind all other firewall vendors have direct connections with each other. I’m self-hosting the network controller with Zero-UI. While ZT central as the network controller has all nodes with a direct connection. Any thoughts?
pfSense settings:
Other routers:
Thanks for your help.
Same problem here. Sometimes the node become OFFLINE, but I see the packets Out and In to the exposed ports.
Sometimes, node become RELAYED.
In other firewalls, all ok.
I described my problem in another post: Diagnosing an OFFLINE machine - #9 by alepaes
If I recall correctly, pfSense’s default NAT type out of the box is a Symmetric NAT, though it has been a while since I’ve looked. What symmetric NAT does is it creates a new NAT port for each local <-> remote host combination. For example:
| Local | NAT port | Remote |
|---|---|---|
| 10.0.0.23 | 23452 | 8.8.8.8 |
| 10.0.0.23 | 25453 | 1.1.1.1 |
This makes the root servers largely ineffective for finding peers, unless relaying. This is because the root sees the node at port 25453, but no other machines running zerotier can contact that node on that port of the pfSense box
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.