TCP fallback ... doesn't

I’ve got a network that absolutely blocks all UDP traffic, but does not restrict TCP in any way.

When I put an otherwise working ZeroTier client on that network, it never connects. Client 1.10.2. Happens with MacOS or Linux.

Mac:

200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers [redacted net prefix] - -1 1.10.2 LEAF
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET

Linux:

200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers [redacted net prefix] - -1 1.10.2 LEAF
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET

From either:

$ sudo zerotier-cli status -j|grep -i tcp
   "allowTcpFallbackRelay": true,
 "tcpFallbackActive": false,

How do I go about troubleshooting why it’s not falling back to TCP?

Might be worth updating, there are some TCP relay changes in 1.10.3.

Yeah, please upgrade. There’s also a forceTcpRelay property in local.conf you can set to true.

{
  "settings": {
    "forceTcpRelay": true
  }
}

You can also run your own relay though this is a little DIY at the moment:

It looks like 1.10.4 on Linux, forceTcpRelay set to true, with a private relay as suggested does work, but takes literal minutes to fully connect. It talks with the proxy immediately, exchanges some UDP packets, and then sits for over a minute like this with no network traffic -

200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET

… but does eventually start communicating properly.

Thanks for the pointer.