First and foremost: ZeroTier is an incredibile piece of software, very glad I discovered it though the Teltonika forum!
Now, to the issue: I managed to install ZeroTier both on my PC and on 2 Teltonika TRB 142 routers, which run ZeroTier natively though their Package Manager.
The first installation I made ran smoothly and I was able (and still I am) to connect over SSH, from my PC to my first TRB device.
I then made the same steps with another device, same firmware and same model, but whenever I try to connect using SSH or ping the device from my PC I get the “No route to host” or the “Destination unreachable” if I try to use ping.
The strange thing is that I can see all the devices in the zerotier online platform and I can successfully list all peers and networks from each of the connected device, even the “unreachable” one.
I already tried to check if the configs on the two devices were different, but as far as I can see they’re the same (checked iptables, /etc/config, used uci cli to check all the params).
I also tried using 2 different SIMs to see whether it was a problem related to ISP, but I got the same result.
My knowledge about Zerotier is very limited, so I already finished the test case I can run in order to get this thing sorted.
Is there a way to understand a little but more why I cannot reach that device?
Thank you very much for your help, any hint is really appreciated.
Select a suitable IP range on ZeroTier Central, something like 172.30.*.* and statically assign the addresses to your devices there. As an example, use 172.30.0.1, 172.30.0.2, 172.30.0.3, etc. Delete the addresses previously assigned.
Reconnect the devices to ZT and make sure they all obtained the IPs assigned to them on the previous step.
Then check the local routing tables on all the members.
On Windows PC use route print 172.30* and look for a record similar to this one: 172.30.0.0 255.255.0.0 172.30.0.x
On the router use ip r and look for 172.30.0.0/16 dev ztxxxxxx proto kernel scope link src 172.30.0.x
The last address in these examples is your local ZT interface IP that was assigned at the beginning.
Check your router firewall settings - most likely you will need a rule, either existing or new, that allows ICMP messages to be accepted on the ZT interface.
Try to ping between the members. Post the routing information if the problem persists.
I tried the configuration you proposed and something really interesting happened.
I can successfully ping between the two Teltonika’s router but I cannot ping either of the two from my local PC.
It seems a problem related to the firewall in my PC.
How can I solve this issue?
Maybe it is related to the fact that I need to add the ICMP rule to the firewall.
Can you help me with that?
As per all the rest, thank you, your suggestion was the right one!
Your PC is directly attached to ZT network, i.e. you’re running ZT client on this PC - correct?
I don’t remember adding any firewall rules on my PC, but in a similar setup I can ping other members from my PC.
Personally I would run tcpdump on ZT interface on the router and see if any ICMP request [from PC] is coming in.
You can probably temporary disable Windows firewall and see if it makes any difference.
Again thanks for your answer and sorry for not showing up for a while.
Unfortunately the problem is still present, I tried in many different routers and the result is always the same: I can only ping and ssh the first I configured, which seems to have the same config of the news ones.
I tried to tcpdump on both routers and it seems that on the ZT device of the new routers there’s simply no activity at all.
On the first one, instead, there’s plenty of traffic, all the devices acking to each other.
I don’t have a Windows PC, just a Linux box with no firewall (to my knowledge). Btw I don’t think is a problem of my computer, since I’m able to connect to all the other devices on the network.
How can I proceed debugging? Why is the device not showing any activity? Do I have to configure anything else?