I have something strange going on with my ZT install... hoping someone here may be able to help. Sometime during the install I've lost the ztxxxx interface that was, at least temporarily, visible in the realtime graphs section. Additionally, there is no zerotier-one in /var/lib... thus I have no interface showing up under ifconfig even though I am connected through the zerotier web interface. My zt 'interface' is present still but, as you'd imagine, there is no rx / tx... and inside the interface it shows my zt device but indicates 'absent' if I select the dropdown.
There seems to be something wrong with my system or the guide I've followed, I essentially stuck without a functional interface and am not sure how to proceed from here.
Thanks, the issue I'm having is after resetting... or do you believe something hasn't been reset correctly? I've had a major headache with ZT for some reason.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
Ok, you have not updated software for years...
With such old vetsion no telling if relic software no longer works with cloud service or you configure something wrong.
Configs look default, but remove empty config rule session from firewall file (no impact on vpns from it)
Upgrade to 23.05.5 (luci-apo-attendedsysupgrade is the user-friendliest way)
Try to get to zerotier now.
The Zerotier process takes care of creating and configuring the interface. There will be very few references to zerotier in your /etc/config files. IP addresses and routes are centrally administered and pushed to your nodes.
One thing that is necessary is to put the zerotier interface into a firewall zone.
This "stub" interface was used in older versions of OpenWrt merely to attach a UCI network name for the firewall to the independently-created device name. It doesn't actually change anything in the kernel. (See also old instructions for OpenVPN which is the same situation). The "stub" interface definition is no longer necessary now that devices can be referenced directly in the firewall:
config zone 'lan'
list device 'ztxxxxxxxxxx`
...
Replace with the real name of the Zerotier device (which is hashed from your Zerotier network number) of course.
However you may want to keep the stub interface syntax in use since it will facilitate UCI based tools like ifstatus which Luci probably uses.
That solved my interface issues and I'm up and running with one exception: I can see and ping all devices from each of my Macs but cannot hit the other computer... nor can I hit the computers from the router but can vice-versa. I'm even able to hit my phone while on a different network completely (finally no more of Siri not being able to find my dam phone from my HomePods!!) but have no communication between my two Mac machines.
MacBook-Pro to iMac-Pro: fail -- both directions
Router to either Mac: fail -- one way
either Mac to. router: connect -- one way
I added 0.0.0.0/0 and 128.0.0.0/1 managed routes in ZT Central in order to connect to my phone on a different network and that succeeded but has not had any impact on the above.
No firewall on either at present. Config below:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7f:4002:a029::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'eth2'
list ports 'eth3'
list ports 'eth4'
config device
option name 'eth1'
option macaddr
config device
option name 'eth2'
option macaddr
config device
option name 'eth3'
option macaddr
config device
option name 'eth4'
option macaddr
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0'
option macaddr
config interface 'wan'
option device 'eth0'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
config interface 'ZeroTier'
option proto 'none'
option device 'ztuzezd44e'
#####################################################
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
list network 'ZeroTier'
config forwarding
option src 'vpn'
option dest 'lan'
config forwarding
option src 'vpn'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'vpn'
#####################################################
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'