Zerotier on RPi keeps dropping packages

AleXSR700 · May 10, 2022, 5:04pm

Hello Grant,

yes, it is just another machine. So like my Android and Windows devices, I simply want to have full access to LAN and internet through my server at home.

I installed with

#!/bin/bash

echo "Install zerotier (y/n)?"
read user_input
if [ "$user_input" = "y" ]; then
	curl -s https://install.zerotier.com | sudo bash
	sudo zerotier-cli join MYNETWORK
	sleep 2
	sudo zerotier-cli listnetworks
fi

And then rebooted.
I cannot ping or reach anything on my home network. Cannot even ping the server IP.
Setup the server as mentioned above. So maybe I need one of the allow* set to true (or false)?

Here some info (redacted for some parts)

{
 "address": "3167REDACTED",
 "clock": 1652202157554,
 "config": {
  "settings": {
   "allowTcpFallbackRelay": true,
   "listeningOn": [
    "192.168.0.39/9993",
    "192.168.0.39/48795",
    "192.168.0.39/58617"
   ],
   "portMappingEnabled": true,
   "primaryPort": 9993,
   "secondaryPort": 28934,
   "softwareUpdate": "disable",
   "softwareUpdateChannel": "release",
   "tertiaryPort": 0
  }
 },
 "online": true,
 "planetWorldId": 14960REDACTED,
 "planetWorldTimestamp": 1644592324813,
 "publicIdentity": "3REDACTED69be26998ac9cREDACTEDbf4699f85a893797b6c545531REDACTED2f186521a0a74f06670364acd5929cbdREDACTED91a473",
 "tcpFallbackActive": false,
 "version": "1.8.9",
 "versionBuild": 0,
 "versionMajor": 1,
 "versionMinor": 8,
 "versionRev": 9
}

AleXSR700 · May 10, 2022, 5:19pm

Installed the Linux GUI now also

zt-grant · May 10, 2022, 5:23pm

We don’t make a linux gui right now

zt-grant · May 10, 2022, 5:25pm

So it appears your network is joined. I see it in the control panel. It’s contacting the controller.

Everything appears configured correctly. Ensure you’re attempting to ping the correct addresses, and the machines you’re trying to ping aren’t configured to block ping requests

AleXSR700 · May 10, 2022, 5:41pm

It’s the GUI from tralph3.
The IP is correct and I have been able to ping it before. I also tried reaching my NAS via browser (working from Android phone but not the RPi).

Do I need to enable IP4 forwarding? Or do I need to disable IPv6? Only IPv4 should be used. But since I am pinging an IPv4, it should work without disabling v6, correct?
Any information I can supply from server side? Except that I installed using the bridge instruction I posted earlier?

AleXSR700 · May 10, 2022, 7:01pm

Okay, I am 90% there.

I found out that I have to setup a bridge to be able to access my home network. BUT I cannot access the internet through it. So only the LAN behind the server but not the internet.
What am I missing?
Am I configuring that one IP incorrectly (see comment)?

cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0.network
[Match]
Name=br0

[Network]
Address=192.168.0.2/24  #must this be the IP of my client or my server? Or should it be the home router?
Gateway=192.168.0.1
DNS=192.168.0.1
EOF

cat << EOF | sudo tee /etc/systemd/network/br0.netdev
[NetDev]
Name=br0
Kind=bridge
EOF

cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0-zt.network
[Match]
Name=ztwBLABLA

[Network]
Bridge=br0
EOF

cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0-wlan0.network   
[Match]
Name=wlan0

[Network]
Bridge=br0
EOF

sudo systemctl enable systemd-networkd;
sudo systemctl enable systemd-resolved;
sudo systemctl enable systemd-timesyncd;

Or do I need to add a route or something?

zt-grant · May 10, 2022, 7:36pm

So your bridge is already configured, and you can access the machines behind it?

Now, from your remote device, you also want to override the default route so that all traffic goes through the node on your home network? I see you have a 0.0.0.0 default route on your home network, so I’m assuming that’s what you’re asking.

First, you need to enable Allow Default route, and Allow Global IPs on the client machine(s).

Second, since you said the remote machine in question is a linux machine, you may need to do Step 3a from this knowledge base article.

AleXSR700 · May 11, 2022, 3:54pm

Thank you for the suggestion Grant,
I set the filters=2 but I still cannot access the internet. Or more correctly, it seems DNS is not working.

I tried pinging 8.8.8.8 and was successful. So it neems DNS is not working properly and I see

DNS_PROBE_FINISHED_BAD_CONFIG

I tried allowDNS=1, but that did not help. Can you think of a setting that needs to be changed for this last step to work?

Just to be sure, the bridge IP address is the IP address that I have assigned to my client, correct?
So in zerotier I set my client to 192.168.0.3. The IP of the server at home is 192.168.0.2.
I’m guessing this is then correct, since all except internet is working, but just to be sure

cat << EOF | sudo tee /etc/systemd/network/25-bridge-br0.network
[Match]
Name=br0

[Network]
Address=192.168.0.3/24
Gateway=192.168.0.1
DNS=192.168.0.1
EOF

zt-grant · May 11, 2022, 3:56pm

I’m afraid you’re on your own for that one. The allowDNS setting is not for completely overriding all DNS on a machine. It’s only for setting DNS for a specific domain/subdomain with a DNS server that you run/control.

AleXSR700 · May 11, 2022, 4:42pm

How on earth can this be so difficult.
There has to be one missing route or something -.-

pi@raspberrypi:~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.0.1     0.0.0.0         UG    0      0        0 br0
default         192.168.0.23    0.0.0.0         UG    304    0        0 wlan0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.0.0     0.0.0.0         255.255.255.0   U     304    0        0 wlan0

zt-grant · May 11, 2022, 5:57pm

Networking is hard, my dude. You’ve gotten past the ZeroTier config issues at least. Just be glad you didn’t have to configure tunnels with ipsec like the bad old days before ZeroTier existed

AleXSR700 · May 12, 2022, 4:00am

There is a reason why Linux never made it into the consumer market and will never be usefull for anything but IoT, SBC and computer nerds (“nerds” in a loving way).

I bet that if RPi had any fully working non-Linux system available, Raspberry OS would become distant second within a year.

I will give up for now and will take another stab at it sometime in the future. Next will be a working AP mode which does not break zerotier. Once that works, I might try internet access again.

Thank you very, very much for all your support! It is greatly appreciated!

AleXSR700 · May 12, 2022, 3:50pm

@zt-grant
One very last thing I would like to check.
The IP address of my RPi (on the zerotier network) is 192.168.0.3. But the broadcast is 192.168.1.x (sorry, forgot the last digit and am currently restoring a backup for my Pi).

So instead of being x.x.0.x the broadcast is x.x.1.x

Where is the zerotier interface getting this broadcast information from? All my zt network is x.x.0.x