Hi there!
I have an office with a 10.0.0.0/24 LAN and a zerotier vm on 10.0.0.169 doing Routing on a zerotier net 192.168.5.0.
Everything works fine, I push the route to my Client at home and have Routing enabled at the vm. So that’s ready configured and I can access all my Devices from home.
Now I would like to install zerotier also on some Notebooks of Co workers that work mostly from home. Because I configured that at my.zeroter Account they would also receive the Route to my 10.0.0.0 net. Of course I am fine with that.
But sometimes they work at the office and connect their Notebook to the LAN physically. Do I have to expect problems then when they have the zerotier Client running and are also connected physically to the net? Would the traffic go through my zerotier VM allthough not necessary because of the physical connection?
I ran into this tonight, although I am setting up a route to a /16 network in-house insetad of /24. I was so happy to have gotten it configured with an on-LAN host routing the network out to ZeroTier, and it was working fine for me remotely, but then I received reports that the in-office systems configured with ZeroTier started having problems getting to in-house network resources. It turns out the system was trying to route the physical network connections over ZeroTier and causing lots of problems.
While I haven’t done conclusive testing, initial tests show that if I make the ZeroTier managed route be a /15 it does seem to be working remotely for me and in-office as best as I can tell.
While I wish there were a “cleaner” way to do this, as in six months I may not remember why I used a /15 and may think I messed up and go back into this cycle again (LoL), I’m glad at least this does get us back up and running.
BTW: Using a combination of ZeroTier networks and tags with rulesets to limit specific traffic, I am feeling pretty comfortable with using ZeroTier to replace the VPN systems we were using, they were due to be replaced anyway so this really simplifies things.
I think the Problem with travis’ strategy is that you put a fake Route that might disturb other routes you might have (sorry for my bad english, cant say it better at the moment).
However, by now it seems that maybe no workaround is necessesary. I played around a bit since my first post. I gave the clients the “real Route” with no workaround Route and they had no problems when they were at the office. Seems that most OSes are smart enough to access the local network directly in this Situation. I even did a traceroute to some local hosts and saw that no zerotier was involved.
Still, Something that would also help would be a end User friendly way to Start and stop zerotier on demand. At the moment if you stop zerotier for example on Mac, it seems that only the gui is Stopped but the host is still connected to zerotier network. If there was a end User friendly way to stop and start zerotier, just like you do it with traditional vpn clients, they would not even start zerotier when they are inside the office and there would be no problems at all.
I just created a new post about this, it creates real problems for our LAN users, they were blocked until they rebooted. And you will see in the other thread with more detail, the pushed routes from ZT don’t get applied on reboot, but only if they leave/join the ZT network, and then it messes up their LAN routes. So even the /15 instead of /16 really wasn’t working, it just seemed that way because after a reboot that route was not even being applied.