ZeroTier on Synology DS920+ not working

I have a Synology DS920+ running on DSM 6.2.4-25556. I have followed the instructions from ZeroTier(ZT) to install on the NAS and all seems to be working well. I can see the NAS on my ZT server and I get the expected output in root SSH terminal. However, I cannot get any computer on the VPN to see the NAS. No ping, nothing. I’m at my wit’s end and am hoping someone here has an answer.

Normally, to access the NAS via Zerotier you need to install ZeroTier client on the calling computer which puts them on same network. The alternatives are routing and bridging.

https://zerotier.atlassian.net/wiki/spaces/SD/pages/224395274/Route+between+ZeroTier+and+Physical+Networks
^-- allows ZT client to use another ZT client on remote LAN to see behind that LAN
https://zerotier.atlassian.net/wiki/spaces/SD/pages/193134593/Bridge+your+ZeroTier+and+local+network+with+a+RaspberryPi
^-- haven’t tried this, I think it’s supposed to let two LANs see each other

" I cannot get any computer on the VPN to see the NAS." ←
If somehow ZeroTier is interfering with OpenVPN/PPTP/whateverVPN you are running on the NAS alongside ZT you should check ‘route’ for misroutes. Also check your VPN Server configuration if you have overlapping IP ranges with ZeroTier. On DSM I think the default is on on the 10.x network.

Sorry, I should have been more specific. I am not running any other VPN, only ZT. I have ZT running on the Synology through Docker, following ZT’s instructions for installation and getting all of the expected output. I have ZT running on the other machines on the network. These computers can ping eachother via the ZT IP, but none can ping the NAS.

I have 2 Synology running ZT on Docker with no issues talking to each other plus arm sbcs. One thought, do you have Control Panel → Security → Enable Firewall turned on? It may be blocked coming in. Try going to your Synology and ping outwards. If it works in one direction then you know DSM is doing something to block it.

UPDATE: Originally installed ZT using the 1.4 syno package. Then stopped/uninstalled the package, reinstalled zt in docker. The /var/lib/zerotier folder was created with settings from old syno package. Dockert ZT assumed those existing settings so as soon as Docker package was installed it continued working.

Firewall was not turned on. I updated to DSM 7 this morning and everything is working now.