Zerotier-cli 401

Sometimes you may encounter prompts when executing the CLI.

401 info invalid JSON response (parse error - unexpected end of input)

If you are sure that you are running with root privileges, congratulations, you have encountered this bug.

The cause of this bug is unknown, but currently I can reproduce it by installing shadowvpn or having an IPSec site-to-site connection set up.

The principle of this bug is that the cli actually controls it by sending requests to port 9993 on the local machine via HTTP. However, for security reasons, usually only requests sent from 127.0.0.1 to 9993 will be accepted, while external IPs will be blocked with a 401 error. The strange thing is that even when running cli locally, it still gets intercepted.

The solution is quite simple, just add your IP to the whitelist…

Create a file named local.conf under /var/lib/zerotier-one, and write the following content into it.

{
    "settings": {
        "allowManagementFrom": ["127.0.0.0/8", "10.xx.xx.xx/32"]
    }
}