Hello,
I’m a new user to zerotier and have been experiencing some trouble with my Windows 10 hosts. I have 3 Windows 10 machines and my android phone I’ve been testing with. All 4 are on the latest client versions available.
So far my experience has been very mixed. I’m able to ping my phone perfectly fine from any of the Windows PCs, however none of the PCs can ping each other or get pinged by the phone unless Windows firewall is completely turned off.
I’ve checked the whitelist rules, and it looks like all the necessary ones have been added during the client installation, though even with that, I still can’t seem to ping the PCs correctly with the firewall on. I also tried testing total reinstallations, as well as making the zerotier interface on windows a private or public connection through Powershell to no avail.
To clarify, my issue doesn’t end at pings unfortunately. I’ve tried RDP and VNC connections with no luck either unless the firewall is off. Are there any additional firewall rules I should be configuring that weren’t automatically added during zerotier’s installation to allow for pings and remote connections?
ZeroTier only adds firewall exceptions that allow communication for itself in the Windows Firewall. It makes no assumptions about what ports or services a user wants open on virtual networks.
Additionally, each adapter has it’s own “Public” or “Private” default profile in Windows Firewall. The default “Public” is quite restrictive on what is allowed to communicate on that adapter/network connection. When you first join a ZeroTier network on a Windows 10 computer, you’ll get this dialog that pops out on the side of your screen:
Clicking “Yes” sets the profile to “Private” that will allow most things to communicate on the zerotier network. Clicking No, or ignoring it sets the firewall mode to the must more restrictive “Public” setting.
In this case, as stated above, I tested changing ZeroTier’s interface on both Widows PCs to private with Powershell with no change, though once I added the firewall rule allowing private networks to use ICMP it looks like it worked, thank you.
My main question now is, if this is still secure since I’m now explicitly opening those ports on the PC firewalls, and is it possible to configure Windows firewall to more stringently only allow these whitelisted connections through the ZeroTier program?
Adding to that, if I were to change the pre-made firewall rules added during installation to only work on private networks (such as the zerotier x64 binary rule), would this still allow my connections to work?
My main question now is, if this is still secure since I’m now explicitly opening those ports on the PC firewalls, and is it possible to configure Windows firewall to more stringently only allow these whitelisted connections through the ZeroTier program?
Hi there.
When you open ports on the Windows firewall, you’re doing it only on the Zerotier interface, it doesn’t affect any other interfaces you may have, i.e. Internet connection.
