Zerotier using VPN provider IP address instead of ISP WAN IP address

I have an OpenWrt router with zerotier version 1.14.1
This is the setup

WAN-Interface of the OpenWrt router                   : a public IP on the internet
LAN-Interface of the OpenWrt router                   : 192.168.1.1
IP-Range of the LAN switch on the OpenWrt router      : 192.168.1.0/24
Wireguard0 VPN interface                              : 10.0.x.x
Wireguard1 VPN interface                              : 10.0.x.x
Wireguard2 VPN interface                              : 10.0.x.x
IP-Address of the zt interface on the OpenWrt router  : 172.28.28.1
ZeroTier network route on the OpenWrt router          : 172.28.28.0/24 via zt

When the zerotier client connects to the zerotier VPN server I can see in the ZT network management page that the Public IP address of the router is detected as the Public IP address of one of the WG VPNs that I have. The WAN IP address (that is the default Gateway) is not detected as I expect.
So I assume that the zerotier client takes a route via a WG VPN to the Zerotier VPN server instead of using the default WAN Gateway.

If you need clarity with this - check your routing table with ip r
To avoid using WG interface(s) for ZT connectivity you can probably blacklist them in your ZT’s local.conf

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.