Hi Guys,
I have been using ZeroTier on our EdgeRouter for quite some time using the method described by Dennis Kruyt (https://blog.kruyt.org/zerotier-on-a-ubiquiti-edgerouter/) this works great but it doesnt survive an upgrade.
There was a recent article added to the knowledge base which describes using a different build of the ZeroTier client and a different (and simpler) method to install and setup the client on a router. This method does survive an upgrade but has some annoying issues (for my usage anyway), this is probably more specific to EdgeRouters connected to multiple networks as we use devices as hubs to bridge networks or to allow remote management of multiple customer networks. These issues I have seen are as follows:
-
vti allocation is not persistent accross reboots of the device - If you label the interfaces after they have been created the labels are persistent with the vti number but the vti may have been allocated to a different ZeroTier network so the label doesnt match the addressing etc… This isnt a massive problem unless you are using SNMP for monitring and pulling back interface descriptions or firewall policies to restrict traffic flows, if you create a policy for vti0 for example to allow ssh inbound, the next time you reboot the device the firewall policy remains the same but the vti may have been allocated to a different network.
-
If you have routes that appear in multiple ZT networks (as we do for hub devices) the route from the last network added appears to replace any other routes added with the same subnet. This means that the route for network A may have an entry to route via network B. Examples below, this is the same router (my home device) using both methods of the install and configuration:
Dennis Kruyt Method - routes via the network they belong to
K *> 100.64.100.0/24 [0/0] via 100.64.9.249, eth99
K *> 100.64.101.0/24 [0/0] via 100.64.9.249, eth99
ZeroTier Method - routes via owned network and new network
K *> 100.64.100.0/24 [0/0] via 100.64.15.249, vti1
K *> 100.64.101.0/24 [0/0] via 100.64.9.249, vti0
(This is difficult to explain, apologies)
- Only a minor issue, the vti interfaces dont show in the gui until you have added a description to them. Not a massive issue as we manage devices via CLI but just a cosmetic annoyance.
Im still testing this method of configuring ZT on an EdgeRouter and will probably stick with the Kruyt method for the foreseable but I’ll add to this if I discover any other oddities.
For reference, im using a mix of devices but my dev device is an EdgeRouter PoE running 2.0.8 hotfix 1 with 5 connected ZeroTier networks