Good morning everyone.
I’m having this problem, mostly with a Windows PC, but sometimes with a Linux PC as well. The local network is unreachable, but it always works with my smartphone. The Zerotier server is configured as an L2 Bridge.
If I try to run a tracert, I see that after 5 hops, the packets get “lost.”

Any ideas?

Thanks
Traccia instradamento verso 192.168.1.254 su un massimo di 30 punti di passaggio

1 2 ms 2 ms 3 ms 10.245.95.101
2 * * * Richiesta scaduta.
3 34 ms 28 ms 36 ms 192.168.3.30
4 40 ms 54 ms 39 ms 192.168.255.24
5 59 ms 40 ms 45 ms ppp48-paris2.isdnet.net [194.149.182.48]
6 * * * Richiesta scaduta.
7 * * * Richiesta scaduta.
8 * * * Richiesta scaduta.
9 * * * Richiesta scaduta.
10 * * * Richiesta scaduta.
11 * * * Richiesta scaduta.
12 * * * Richiesta scaduta.
13 * * * Richiesta scaduta.
14 * * * Richiesta scaduta.
15 * * * Richiesta scaduta.
16 * * * Richiesta scaduta.
17 * * * Richiesta scaduta.
18 * * * Richiesta scaduta.
19 * * * Richiesta scaduta.
20 * * * Richiesta scaduta.
21 * * * Richiesta scaduta.
22 * * * Richiesta scaduta.
23 * * * Richiesta scaduta.
24 * * * Richiesta scaduta.
25 * * * Richiesta scaduta.
26 * * * Richiesta scaduta.
27 * * * Richiesta scaduta.
28 * * * Richiesta scaduta.
29 * * * Richiesta scaduta.
30 * * * Richiesta scaduta.

Traccia completata.

Your traceroute appears to be following a default route, indicating that somewhere along your path, you’re missing a route to 192.168.1.254

Thanks for the reply, but I don’t understand what you mean. The IP address 192.168.1.254 is my home router, but the same thing happens even when I ping my Raspberry Pi, which acts as an L2 bridge (192.168.1.120).
My smartphone, with the same settings (but a different IP address), works fine with a very good ping, but my PC doesn’t.

Hop 5 in your traceroute is going to the internet. This means that none of the previous hops knew how to get to 192.168.1.254. Which hop in your traceroute should know how to get to 192.168.1.254? You need to look at that device.

If the PC acquires the IP address and all the parameters from the zerotier server and all the other devices work, it can’t be a configuration problem. Am I wrong?

It could be. Is the windows PC meant to be part of the same bridge as the RPi? If it is, you need to see if ZT assigned an IP in that space. Right now it is following the default gateway in windows to get to 192.168.1.254.

I confirm that the Windows PC doesn’t know how to reach my zero-tier network, but I also confirm that the PC is part of the zero-tier network, therefore the bridge, as are other PCs or devices (smartphones, tablets, other PCs), and they all work correctly. On this PC, I tried deleting the network and rejoining it, but nothing changes. It’s now a matter of principle, and I want to understand what’s happening, and above all, why it’s happening.

On your windows PC, run this in a command prompt that is run as admin:

zerotier-cli get <your network id> allowManaged

This is the response:
C:\WINDOWS\system32>zerotier-cli get “MyNetworID” allowManaged
error, unknown property name

That should have worked. You can try zerotier-cli -j listnetworks and find allowManaged in there.

C:\WINDOWS\system32>zerotier-cli -j listnetworks
[
{
“allowDNS”: false,
“allowDefault”: false,
“allowGlobal”: true,
“allowManaged”: true,
“assignedAddresses”: [
“192.168.1.247/24”
],
“bridge”: true,
“broadcastEnabled”: true,
“dhcp”: false,
“dns”: {
“domain”: “”,
“servers”:
},
“id”: “xxxxxxxxxxxxxxxx”,
“mac”: “a6:40:e4:36:37:b2”,
“mtu”: 2800,
“multicastSubscriptions”: [
{
“adi”: 0,
“mac”: “01:00:5e:00:00:01”
},
{
“adi”: 0,
“mac”: “01:00:5e:00:00:fb”
},
{
“adi”: 0,
“mac”: “01:00:5e:00:00:fc”
},
{
“adi”: 0,
“mac”: “01:00:5e:7f:ff:fa”
},
{
“adi”: 0,
“mac”: “33:33:00:00:00:01”
},
{
“adi”: 0,
“mac”: “33:33:00:00:00:0c”
},
{
“adi”: 0,
“mac”: “33:33:00:00:00:fb”
},
{
“adi”: 0,
“mac”: “33:33:00:01:00:03”
},
{
“adi”: 0,
“mac”: “33:33:ff:06:34:2b”
},
{
“adi”: 3232236023,
“mac”: “ff:ff:ff:ff:ff:ff”
}
],
“name”: “IV3AZV”,
“netconfRevision”: 37,
“nwid”: “xxxxxxxxxxxxxxx”,
“portDeviceName”: “ethernet_32773”,
“portError”: 0,
“routes”: [
{
“flags”: 0,
“metric”: 0,
“target”: “192.168.1.0/24”,
“via”: null
}
],
“status”: “OK”,
“type”: “PRIVATE”
}
]

Everything looks good there. Just to make sure, the only device you setup as a bridge was the RPi correct? You didn’t configure every client as a bridge right?

If you do ipconfig in command prompt, do you see the 192.168.1.0/24 address in there? Or in route print?

C:\WINDOWS\system32>ipconfig /all

Configurazione IP di Windows

Nome host . . . . . . . . . . . . . . : PC-MASTER
Suffisso DNS primario . . . . . . . . : POSTAZIONE-1
Tipo nodo . . . . . . . . . . . . . . : Peer-to-peer
Routing IP abilitato. . . . . . . . . : No
Proxy WINS abilitato . . . . . . . . : No
Elenco di ricerca suffissi DNS. . . . : POSTAZIONE-1
lan

Scheda Ethernet ZeroTier One [56374ac9a4b672a4]:

Suffisso DNS specifico per connessione: lan
Descrizione . . . . . . . . . . . . . : ZeroTier Virtual Port
Indirizzo fisico. . . . . . . . . . . : A6-40-E4-36-37-B2
DHCP abilitato. . . . . . . . . . . . : No
Configurazione automatica abilitata : Sì
Indirizzo IPv6 locale rispetto al collegamento . : fe80::1592:20b5:d06:342b%22(Preferenziale)
Indirizzo IPv4. . . . . . . . . . . . : 192.168.1.247(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Gateway predefinito . . . . . . . . . : 25.255.255.254
IAID DHCPv6 . . . . . . . . . . . : 379994340
DUID Client DHCPv6. . . . . . . . : 00-01-00-01-2B-C1-C8-8C-00-1E-EC-70-FC-34
Server DNS . . . . . . . . . . . . . : 2001:b07:a56:f2c5::1
NetBIOS su TCP/IP . . . . . . . . . . : Attivato
Elenco di ricerca suffissi DNS specifici della connessione:
lan

Scheda LAN wireless Wi-Fi:

Suffisso DNS specifico per connessione:
Descrizione . . . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Indirizzo fisico. . . . . . . . . . . : 00-1F-3B-78-7B-39
DHCP abilitato. . . . . . . . . . . . : Sì
Configurazione automatica abilitata : Sì
Indirizzo IPv6 locale rispetto al collegamento . : fe80::78cf:6e9e:dc6c:e64c%12(Preferenziale)
Indirizzo IPv4. . . . . . . . . . . . : 10.245.95.134(Preferenziale)
Subnet mask . . . . . . . . . . . . . : 255.255.255.0
Lease ottenuto. . . . . . . . . . . . : domenica 24 agosto 2025 15:10:45
Scadenza lease . . . . . . . . . . . : domenica 24 agosto 2025 16:40:41
Gateway predefinito . . . . . . . . . : 10.245.95.101
Server DHCP . . . . . . . . . . . . . : 10.245.95.101
IAID DHCPv6 . . . . . . . . . . . : 201334587
DUID Client DHCPv6. . . . . . . . : 00-01-00-01-2B-C1-C8-8C-00-1E-EC-70-FC-34
Server DNS . . . . . . . . . . . . . : 10.245.95.101
NetBIOS su TCP/IP . . . . . . . . . . : Attivato

C:\WINDOWS\system32>
C:\WINDOWS\system32>
C:\WINDOWS\system32>
C:\WINDOWS\system32>route print

Elenco interfacce
22…a6 40 e4 36 37 b2 …ZeroTier Virtual Port
12…00 1f 3b 78 7b 39 …Intel(R) Wireless WiFi Link 4965AGN
1…Software Loopback Interface 1

IPv4 Tabella route

Route attive:
Indirizzo rete Mask Gateway Interfaccia Metrica
0.0.0.0 0.0.0.0 10.245.95.101 10.245.95.134 55
0.0.0.0 0.0.0.0 25.255.255.254 192.168.1.247 10034
0.0.0.0 255.255.255.0 93.41.0.189 10.245.95.134 56
10.245.95.0 255.255.255.0 On-link 10.245.95.134 311
10.245.95.134 255.255.255.255 On-link 10.245.95.134 311
10.245.95.255 255.255.255.255 On-link 10.245.95.134 311
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.247 291
192.168.1.247 255.255.255.255 On-link 192.168.1.247 291
192.168.1.255 255.255.255.255 On-link 192.168.1.247 291
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.245.95.134 311
224.0.0.0 240.0.0.0 On-link 192.168.1.247 291
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.245.95.134 311
255.255.255.255 255.255.255.255 On-link 192.168.1.247 291

Route permanenti:
Nessuna

IPv6 Tabella route

Route attive:
Interf Metrica Rete Destinazione Gateway
1 331 ::1/128 On-link
12 311 fe80::/64 On-link
22 291 fe80::/64 On-link
22 291 fe80::1592:20b5:d06:342b/128
On-link
12 311 fe80::78cf:6e9e:dc6c:e64c/128
On-link
1 331 ff00::/8 On-link
12 311 ff00::/8 On-link
22 291 ff00::/8 On-link

Route permanenti:
Nessuna

C:\WINDOWS\system32>

But if you try to trace to .254 right now from that same PC, it will follow the same path as before? By all indications, you should be good. At the very least, the windows PC should know how to get to other hosts in the 192.168.1.0/24 subnet. Routing shouldn’t occur at all for that traffic. It should be all L2 a that point.

One note, I doubt this causes any issues. But remove allowGlobal from the windows PC. That isn’t needed. That’s only if you want Zerotier to assign a public IP as a managed address.

yes
the traceroute remains the same

I disabled the option but nothing changes.

I don’t understand why it doesn’t work

Windows may be punting the traffic to the default if ARP fails. You can try statically setting ARP for .254 and see if it stops trying to route. If it does, then ARP resolution would be your problem.

Looks like Windows added a feature called NUD back in Vista that sends out the default if ARP fails, so that may very well be the issue. It appears to be the default behavior for a while now.

Good idea but…
it didn’t help solve the problem

Any other advice you can give me?