I am running Zerotier 1.12.1 on two Ubuntu 22.04 LTS servers. Each server is behind an ASUS Home router (two separate homes separated by the Atlantic ocean). I have Ethernet Bridging enabled and I am not assigning IP addresses to the Zerotier devices. On the Ubuntu servers, I have the zerotier “ztukuxxqqg” interfaces in a bridge “br0” along with the physical ethernet port on each server. Both Ubuntu servers correctly connect to Zerotier (as seen by running zerotier-cli listnetworks and as seen on the zerotier website).
One ASUS router is the RT-AC86U. UPnP is enabled, and NAT is set to “Full Cone”
The other ASUS router is the RT-AC68U. UPnP is enabled, but NAT type cannot be set. Apparently NAT type is not supported on that router (at least with either stock ASUS or ASUSWRT-MERLIN Firmware)
What I am trying to do is set up a Layer2 bridge for site-to-site VPN.
Behind each ASUS router, I use the same subnet – 192.168.15.x/24. However, I restrict DHCP to a non-overlapping range. This works perfectly with OpenVPN TAP, although it’s a little slow – which is why I am trying to test Zerotier. During Zerotier testing, I turn off the OpenVPN services (which normally run on the routers)\
When running OpenVPN, I have a script running on the ASUS routers that uses “edtables” to block DHCP requests across the VPN – so each router gives out its own range of addresses and one side is not dependent on the other.
Unfortunately, Zerotier is not working reliably. From any computer on either side, I get intermittent results when pinging a computer on the opposite side. About 75% of the time, the ping requests timeout. For instance, out of 40 ping requests, I may get 10 requests in a row that work. Then the next 30 requests fail. Then another 10 that work. Then another 30 that fail. This is symmetrical – same observation on both sides.
Also, when I try to access web pages from one site to the other, I get very poor performance and timeouts.
I do not observe the same problem if I run only one Ubuntu server with Zerotier (on either side, but not both) and then connect one specific computer from the opposite side. That computer gets consistent ping access, and can connect to all computers on the same physical LAN as the running Ubuntu server. (in other words, the Zerotier instance is forwarding my packets to the proper destination).
I am looking for help in troubleshooting this. I have tried changing MTU on the zerotier virtual port to many values between 1300 and 1500 and that hasn’t helped. I have also tried to explicitly forward prot 9993 UDP on each Router to the proper Ubuntu server behind it. That also hasn’t helped.
I’m not sure what to do from here and would appreciate any support
Regards,
Andrew