I’ve got a network that absolutely blocks all UDP traffic, but does not restrict TCP in any way.
When I put an otherwise working ZeroTier client on that network, it never connects. Client 1.10.2. Happens with MacOS or Linux.
Mac:
200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers [redacted net prefix] - -1 1.10.2 LEAF
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET
Linux:
200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers [redacted net prefix] - -1 1.10.2 LEAF
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET
From either:
$ sudo zerotier-cli status -j|grep -i tcp
"allowTcpFallbackRelay": true,
"tcpFallbackActive": false,
How do I go about troubleshooting why it’s not falling back to TCP?
adekker
February 28, 2023, 2:35pm
#2
Might be worth updating, there are some TCP relay changes in 1.10.3.
ZeroTier Release Notes
======
# 2023-02-15 -- Version 1.10.3
* Fix for duplicate paths in client. Could cause connectivity issues. Affects all platforms.
* Fix for Ethernet Tap MTU setting, would not properly apply on Linux.
* Fix default route bugs (macOS.)
* Enable Ping automatically for ZeroTier Adapters (Windows.)
* SSO updates and minor bugfixes.
* Add low-bandwidth mode.
* Add forceTcpRelay mode (optionally enabled.)
* Fix bug that prevented setting of custom TCP relay address.
* Build script improvements and bug fixes.
# 2022-11-01 -- Version 1.10.2
* Fix another SSO "stuck client" issue in zeroidc.
* Expose root-reported external IP/port information via the local JSON API for better diagnostics.
* Multipath: CLI output improvement for inspecting bonds
This file has been truncated. show original
Yeah, please upgrade. There’s also a forceTcpRelay property in local.conf you can set to true.
{
"settings": {
"forceTcpRelay": true
}
}
You can also run your own relay though this is a little DIY at the moment:
It looks like 1.10.4 on Linux, forceTcpRelay set to true, with a private relay as suggested does work, but takes literal minutes to fully connect. It talks with the proxy immediately, exchanges some UDP packets, and then sits for over a minute like this with no network traffic -
200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET
… but does eventually start communicating properly.
Thanks for the pointer.