I’ve got a network that absolutely blocks all UDP traffic, but does not restrict TCP in any way.
When I put an otherwise working ZeroTier client on that network, it never connects. Client 1.10.2. Happens with MacOS or Linux.
Mac:
200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers [redacted net prefix] - -1 1.10.2 LEAF
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET
Linux:
200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers [redacted net prefix] - -1 1.10.2 LEAF
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET
From either:
$ sudo zerotier-cli status -j|grep -i tcp
"allowTcpFallbackRelay": true,
"tcpFallbackActive": false,
How do I go about troubleshooting why it’s not falling back to TCP?
adekker
February 28, 2023, 2:35pm
2
Might be worth updating, there are some TCP relay changes in 1.10.3.
ZeroTier Release Notes
======
# 2023-02-15 -- Version 1.10.3
* Fix for duplicate paths in client. Could cause connectivity issues. Affects all platforms.
* Fix for Ethernet Tap MTU setting, would not properly apply on Linux.
* Fix default route bugs (macOS.)
* Enable Ping automatically for ZeroTier Adapters (Windows.)
* SSO updates and minor bugfixes.
* Add low-bandwidth mode.
* Add forceTcpRelay mode (optionally enabled.)
* Fix bug that prevented setting of custom TCP relay address.
* Build script improvements and bug fixes.
# 2022-11-01 -- Version 1.10.2
* Fix another SSO "stuck client" issue in zeroidc.
* Expose root-reported external IP/port information via the local JSON API for better diagnostics.
* Multipath: CLI output improvement for inspecting bonds
This file has been truncated. show original
Yeah, please upgrade. There’s also a forceTcpRelay property in local.conf you can set to true.
{
"settings": {
"forceTcpRelay": true
}
}
You can also run your own relay though this is a little DIY at the moment:
It looks like 1.10.4 on Linux, forceTcpRelay set to true, with a private relay as suggested does work, but takes literal minutes to fully connect. It talks with the proxy immediately, exchanges some UDP packets, and then sits for over a minute like this with no network traffic -
200 listpeers <ztaddr> <path> <latency> <version> <role>
200 listpeers 62f865ae71 - -1 - PLANET
200 listpeers 778cde7190 - -1 - PLANET
200 listpeers cafe04eba9 - -1 - PLANET
200 listpeers cafe9efeb9 - -1 - PLANET
… but does eventually start communicating properly.
Thanks for the pointer.
When I force to use TCP mode, the network is unreachable, but if I use UDP he is normal.
root@localhost:/var/lib/zerotier-one# ping 11.2.0.11
PING 11.2.0.11 (11.2.0.11) 56(84) bytes of data.
From 11.2.0.12 icmp_seq=1 Destination Host Unreachable
From 11.2.0.12 icmp_seq=2 Destination Host Unreachable
From 11.2.0.12 icmp_seq=3 Destination Host Unreachable
^C
— 11.2.0.11 ping statistics —
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3050ms
pipe 3
root@localhost:/var/lib/zerotier-one# mv local.conf local.conf.bak
root@localhost:/var/lib/zerotier-one# systemctl restart zerotier-one.service
root@localhost:/var/lib/zerotier-one# ping 11.2.0.11
PING 11.2.0.11 (11.2.0.11) 56(84) bytes of data.
64 bytes from 11.2.0.11: icmp_seq=1 ttl=64 time=665 ms
64 bytes from 11.2.0.11: icmp_seq=3 ttl=64 time=324 ms
^C
— 11.2.0.11 ping statistics —
4 packets transmitted, 2 received, 50% packet loss, time 3029ms
rtt min/avg/max/mdev = 324.275/494.548/664.821/170.273 ms
root@localhost:/var/lib/zerotier-one# cat local.conf.bak
{
"settings": {
"forceTcpRelay": true
}
}
Because ISP will block UDP from time to time, I need to let him work in TCP mode for a long time.
system
Closed
April 30, 2023, 7:44am
7
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.