I’m having issue with internet speed when Zerotier virtual is enabled.
Issue is seen in both ZT ver 1.8.6 and latest for windows 11
ISP speed 1Gbps, windows 11 directly connect to ISP router 1G LAN port
Speedtest results when ZT virtual port enabled = 50Mbps
Speedtest results when ZT virtual port disabled = 800Mbps +
What is the issue and how to troubleshoot
Are you routing all traffic through ZeroTier? I looked up your networks, and one indeed does have the default route overridden.
From there it could be one of several things:
zerotier-cli peers to see if the router’s ZeroTier ID has RELAY in the line. If so, you need to loosen some firewall restrictions that are preventing peer to peer communication.I’m connecting my windows system with ZT installed via ISP router.
I have opnsense router with ZT interface where routing all traffic is take place and while testing internet speed i have not connected via opnsense router.
Opnsense 1 WAN interface is connected to ISP router
zerotier-cli peers shows all links direct
is it ok to share all the output here or need to mask data before sharing
Should be fine to post data here. Masking Network IDs and public IP addresses would be prudent, though.
Are you configuring all traffic to go through ZeroTier? As I stated before, you have a default route on your network. If, “Allow Default” is set on your Windows client, then ALL traffic will go over ZeroTier to your router (I’m guessing that’s the Opensense router?).
Second, what kind of machine is Opensense running on?
C:\Program Files\ZeroTier>zerotier-cli peers
200 peers
<ztaddr> <ver> <role> <lat> <link> <lastTX> <lastRX> <path>
36xxxxxxxx 1.4.6 LEAF 15 DIRECT -270 -280 192.168.8.200/40589
62xxxxxxxx - PLANET 94 DIRECT 1596 2638 50.7.252.138/9993
7xxxxxxxxx - PLANET 434 DIRECT 2232 1740 103.195.103.66/9993
8axxxxxxxx 1.8.6 LEAF 34 DIRECT 462 2208 192.168.8.200/29994 (Opnsense ZT Interface)
caxxxxxxxx - PLANET 277 DIRECT 1770 2474 84.17.53.155/9993
caxxxxxxxx - PLANET -1 DIRECT 7300 2632 104.194.8.134/9993
e5xxxxxxxx 1.8.9 LEAF 499 DIRECT 1596 2272 34.xx.xx.xx/21025
Yes, devices who are connecting via 4G/5G are routed through ZT.
I got your point since i’m still inside the network and not connecting from external public network for no reason i have checked Allow default.
I assume that’s the issue you have identified.
Let me try to uncheck, meantime and reply you back with results.
Yeah, if your windows machine is on the same Physical network as the OpenSense box, there’s no reason to have it route traffic through ZeroTIer. It just adds an unnecessary step that will introduce additional overhead as you’re seeing
You mentioned correctly.
But right now i’m not connected via opnsense
I’m testing via ISP Huawei router , ZT is not into play here
I unchecked the Allow Default Override and restarted ZT services no improvement
As soon as i disabled zt virtual interface in windows the Internet speed rocks!!
You must not have disabled the default route completely, or not given it enough time to effect things. There’s 0 possible way for ZeroTier to affect your network throughput when your traffic is not going over zerotier.
Try Leaving & Re-Joining the network, but ensure that you do NOT select “Allow Default”
What options are available for enabling and disabling default routes.
I just unchecked for Allow Default Route Override ZT windows client console.
It looks that your last fix of leaving and re-joining is showing improvement in speed.
But i will wait for sometime and run few more speed test and update you here
New update is that the issue is still persisting.
Internet speed reaches upto 882Mbps, if ZT virtual port is disabled in windows.
Thats quite strange, i will try to uninstall and reinstall the ZT client application.
Im not sure where is the problem of interference in throughput
While zerotier is fully running, please open an Administrator command prompt and paste the output of this command: zerotier-cli listnetworks -j. If you wish, comment out the network IDs in the listing.
Microsoft Windows [Version 10.0.22000.613]
(c) Microsoft Corporation. All rights reserved.
C:\WINDOWS\system32>zerotier-cli listnetworks -j
[
{
"allowDNS": false,
"allowDefault": false,
"allowGlobal": false,
"allowManaged": true,
"assignedAddresses": [
"192.168.193.100/24"
],
"bridge": false,
"broadcastEnabled": true,
"dhcp": false,
"dns": {
"domain": "mydomainname.com",
"servers": [
"192.168.193.250"
]
},
"id": "#################",
"mac": "6a:1b:95:xx:xx:xx",
"mtu": 2800,
"multicastSubscriptions": [
{
"adi": 0,
"mac": "01:00:5e:00:00:01"
},
{
"adi": 0,
"mac": "01:00:5e:00:00:fb"
},
{
"adi": 0,
"mac": "01:00:5e:00:00:fc"
},
{
"adi": 0,
"mac": "01:00:5e:7f:ff:fa"
},
{
"adi": 0,
"mac": "33:33:00:00:00:01"
},
{
"adi": 0,
"mac": "33:33:00:00:00:0c"
},
{
"adi": 0,
"mac": "33:33:00:00:00:fb"
},
{
"adi": 0,
"mac": "33:33:00:01:00:03"
},
{
"adi": 0,
"mac": "33:33:ff:d6:19:71"
},
{
"adi": 3232285028,
"mac": "ff:ff:ff:ff:ff:ff"
}
],
"name": "XXXX",
"netconfRevision": 67,
"nwid": "###################",
"portDeviceName": "ethernet_32778",
"portError": 0,
"routes": [
{
"flags": 0,
"metric": 0,
"target": "0.0.0.0/0",
"via": "192.168.193.250"
},
{
"flags": 0,
"metric": 0,
"target": "192.168.10.0/23",
"via": "192.168.193.250"
},
{
"flags": 0,
"metric": 0,
"target": "192.168.193.0/24",
"via": null
},
{
"flags": 0,
"metric": 0,
"target": "192.168.8.0/23",
"via": "192.168.193.250"
}
],
"status": "OK",
"type": "PRIVATE"
}
]
C:\WINDOWS\system32>
some data is masked of the output
Does your Opensense router have a public IPv6 address from your ISP?
Does the ZeroTier network adapter on your windows machine have an IPv6 address assigned to it?
I know you don’t have IPv6 addresses enabled on your network, but since you’re combining things with ZeroTier running on a router, I have a sneaking suspicion that IPV6 NDP is getting involved and automagically setting things up to route IPv6 traffic over your ZeroTier network through your Opensense router.
If your ZeroTier adapter does indeed have an IPv6 address assigned to it, and your IPv6 traffic is being routed through your Opensense router, try adding this block to the rules on your network (anywhere before the final accept;
drop
icmp 133 -1 or
icmp 134 -1 or
icmp 137 -1
;
This blocks ICMPv6 types:
This will effectively stop ICMPv6 packets on your ZeroTier network that routers use to advertise themselves, and clients use to find the routers.
See here for more about ICMP for IPv6.
Opnsense router is serving internal network only.
One leg is connected to ISP router.
ISP router does not use IPv6 nor do i use IPv6 in my network.
For all interfaces in Opnsense including ZT, and WAN IPv6 is disabled
IPv6 is now disabled in windows ZT interface
I checked speed test after this change it speed was improved to only 160Mbps.
Additionally i have unchecked default route option in my windows ZT client console.
Where to add the block you mentioned for IPv6
At last i had to uninstall ZT latest ver from windows
Internet speed results are as expected, the same results i got when disabling virtual port (800Mbps +)
not sure if this is network or software side issue caused by ZT
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.