Opnsense zerotier

omaldonado · October 22, 2022, 10:45pm

Ask:
I have a two pfsense servers with zerotier site to site. When I restart the server, the p2p connection is lost on the servers. your collaboration please.
Cheers

zt-travis · October 25, 2022, 4:29pm

Hello,
pfsense or opnsense?

Please add this to your “local.conf” on the routers

{
  "physical": {
    "10.0.0.0/8": {
      "blacklist": true
    },
    "172.16.0.0/12": {
      "blacklist": true
    },
    "192.168.0.0/16": {
      "blacklist": true
    }
  }
}

I’m not 100% sure this is the issue, but it’s very common

github.com/zerotier/ZeroTierOne

Packet flooding and high CPU usage

opened 07:22PM - 05 Jun 18 UTC

darkain

Central & Network Management Status: Backlog Windows BSD

I'm trying to create a basic ZT path between two buildings. Each building has a …OPNsense 18.1.9 edge router with the ZT 1.2.8 plugin installed. Building A: LAN 192.168.2.0/24 - ZT 192.168.5.2 Building B: LAN 192.168.3.0/24 - ZT 192.168.5.3 ZT: 192.168.5.0/24 3 ZT managed routes: one for the ZT network, and one for each of the building LANs with the their respective ZT IP listed as their respective gateways. The two OPNsense nodes are the only nodes in the ZT network. Both have bridging enabled, and auto-assign IP disabled. Flow rules in my.zt are all default. Network is idle other than a Windows box on one building's LAN pinging a Windows box on the other building's LAN (less than 2KiB/sec) ZT is generating a MASSIVE amount of packets that is spiking the CPU to 100% regularly, yet the packets never go anywhere, and they're not generated from any of the nodes on either network. When this CPU spike happens, all connectivity over ZT is entirely dropped. Reference: https://drive.google.com/file/d/1NIkdnilV0HSXuytMPn3zHzragyAcEa33/view?usp=sharing You can see in the screen shot from the OPNsense interface stats that ZT has generated over 600GiB of content total, yet WAN has only transfered around 35GiB and LAN only 21GiB. These stats are for around a 24 hour period. Nothing is matching the ZT network at all in pfTop or Firewall log, so at this point I'm not sure where next to investigate this particular issue?

omaldonado · October 26, 2022, 7:05pm

Good afternoon, the configuration was applied to local.conf. but I still have no response from both ends, the icmp ping does not respond, I checked the local firewall. all. any suggestion?

zt-travis · October 27, 2022, 5:33pm

Hello,
it’s difficult to guess what the issue could be. The opnsense article should have all the needed details:
https://docs.opnsense.org/manual/how-tos/zerotier.html

system · November 26, 2022, 5:34pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.