WTF, Zerotier is using my backup wan

I’ve got an openwrt router with a main WAN and a 3G backup WAN with higher metrics.
After installing Zerotier I noticed about 1GB/month 3G data usage. Investigating it was traffic generated by Zerotier, I filtered all Zerotier IPs through this secondary WAN with an iptables rule and traffic has stopped.

The problem is that now, in case of downfall of main WAN I loss Zerotier VPN.

Why? How can I restrict Zerotier to use only the active WAN with lower metrics?

ZeroTier monitors and uses all available connections to the internet and uses the best one available. To do this it must send a bit of traffic over each connection to monitor it. Since you have ZeroTier on the same device that the 3G connection is attached to, ZeroTier sees it and sees there is a route to the internet on it. Unless told not to via the configuration file’s interface blacklist, it will make that an available route to send ZeroTier packets over. This would give a pretty instant failover if your main WAN connection is down since the 3G address endpoint is already registered with that node.

If you install ZeroTier on a separate device, then it won’t be able to see the 3G device at all. The cost of this will be when there’s a failover, other devices on the ZeroTier may take up to a few minutes to be able to connect to the one inside your LAN again.

This topic was automatically closed after 14 days. New replies are no longer allowed.