Hello,
I have a relayed zerotier 1.6.6 on opnsense 21.7.4.
I have added a moon (seen as direct) hoping to improve ping but nothing changed.
Why?
Thanks,
Mario
This is a big problem if the node is relaying is so slow to be unusable. There must be a way to use a moon to make it faster.
I have read many threads about moons and they get no replies. It seems there is a secret nobody wants to tell.
I have read threads of 2019 that say that 2.0 version is almost ready but we are near 2022 and I need to start a big project now. But unfortunately when I dig in zerotier I get no replies I am very sad about this, expecially because I see that many people have the same problems I have and they get no replies.
With moons, I took the following approach:
Install Zerotier on each target virtual which will act as a moon.
Select a moon that will be the master, and assemble the json file from the docs on this moon.
Populate it with the details of the other systems which will act as moons.
Generate the moon file which will be used by each moon.
Copy this file to each moon.
Join each client system to the new set of moons using the orbit command (zerotier-cli orbit WorldID MoonID)
This is very much going from what I remember of the process, and it was done using the provided Zerotier documentation. In most cases, I suspect you don’t get replies because people don’t know, or have not tried it. I personally don’t care if I get things slightly wrong, the objective here is to point you roughly in the right direction.
However, I’m going to point out some things you need to do to get a better response:
- People are not telepathic, you need to tell them everything you have done, and what you currently have running. Without those details, no one really knows what is going on with your setup.
- We need to know what docs you followed so that we’re all on the same page.
- We need to know the objective of the setup, what infrastructure are you working with, what are you trying to do with it?
I’m hoping this will help a bit, or at least give you some pointers. With a bit more info it should be possible to help you.
Ok following your suggestions the problem is this:
After reading documentation and many threads I discovered this problem:
- zerotier with DIRECT connection is very fast
- if I cannot have a direct connection (for example firewall without upnp that is very common) zerotier is RELAYED and so unusable slow because traffic goes to USA root server
- documentation says that in this case you can build you moon so zerotier will use it for relayed nodes
- documentation and web site says also that 2.0 is incoming (two years ago) and it will solve the problem
I have installed moon following documentation and adding to orbit. I am quite sure that it works (I see it listed as moon in two places).
My problem is that:
- even if there is a moon the relayed connection is very very slow
- I cannot check where traffic is going (moon or root)
- I have no documentation that says for sure that adding a moon can solve the problem.
Thanks,
Mario
I too have an OPNSense configuration this end, but the layout is fairly different. For the Moon nodes, I have a two IP configuration; these are VMs after all.
So, each moon is a bridge node, one IP is present on the net, and the other is internal. This allows for seamless traffic via the moon for Zerotier only; you configure your firewall on each node accordingly, allowing the default zerotier port, and the additional UDP ports used by Zerotier on the node. That should come to about 3 ports you need to open to the outside world.
Internal IP <—> Moon <—> External IP
With this, there is no messy NAT, or port forwarding, just a continuous tunnel for each Moon node.
Another thing to keep in mind, Moons are only used as a relay when the systems concerned are unable to open a direct UDP link with one another. This does rely on both systems then switching to the Moon to talk to one another. This will introduce latency as you are now talking 3 ways. When you introduce NAT into the mix, things get very bad very quickly.
I also configured an internal-only moon node, this is for when internet access fails, but I want zerotier to still function between LAN clients.
Over this end I have access to a /27 IP range, you may have much less, but I can assure you using the Nodes as a bridge works wonders.
Thanks for reply.
In your case moon seems it is working. But you are lucky that traffic must passes through the moon.
In my case it seems that relayed clients prefer the root server.
I have no idea (there is no documentation) to change priority.
Thanks,
Mario
I have also read how to build my network controller but:
- I prefer to use (and pay) official zerotier
- I am not sure that even using mine controller I can force nodes to use my moon
it won’t force them to use your moons instead of the planets, but it is possible to make custom Zerotier clients which use a set of planets you make yourself. However, that’s a pretty involved process and not one I’ve tried.
I’m wondering, with your moons, are they able to talk to the servers you have zerotier installed on? The point being, if they can’t reply to a system, then the moon won’t be used as it cannot relay traffic.
You could run the “zerotier-cli listpeers” command on each client to see if they both see the moon, and can communicate with it. It would also be worth running “zerotier-cli listmoons” on each system to see if they have the correct moon configuration; you never know, they might not be able to get the configuration of static addresses for some reason, and it is possible to have an old configuration if the json file was not signed correctly.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.