Zerotier occasionally listing two interfaces

Installing and Using OpenWrt
1

This is something weird I've seen. Not sure if it is normal or something I need to fix in my config. But occasionally viewing ip a I am seeing two zerotier interfaces. Most of the time it is just the one. Both show the same IP and other info but different interface name.

I'm also having weirdness where zerotier-cli listnetworks constantly cycles between showing my ZT network and not. Doesn't seem to impact actual connectivity though. Not sure if this is related or something else entirely.

My intentional setup is hopefully simplistic and for the most part it works especially once I get routing set up appropriately. Just a simple site-to-site network from my mobile router to home network with all internet traffic routing through there.

image

root@OpenWrt:~# cat /etc/config/zerotier 
config zerotier 'global'
        # Sets whether ZeroTier is enabled or not
        option enabled 1
        # Path of the optional file local.conf (see documentation at
        # https://docs.zerotier.com/config#local-configuration-options)
        option local_conf_path '/etc/zerotier.conf'

config zerotier 'zt_net'
        option enabled '1'
        option id 'xxxxxx'
        option allow_managed '1'
        option allow_global '1'
        option allow_default '1'
        option allow_dns '1'

root@OpenWrt:~# cat /etc/zerotier.conf 
{
  "settings": {
    "defaultBondingPolicy": "broadcast"
  }
}

root@OpenWrt:~# ip a
...
10: ztosidxu3x: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 32:f2:d3:e7:8c:2b brd ff:ff:ff:ff:ff:ff
    inet 172.28.112.22/16 brd 172.28.255.255 scope global ztosidxu3x
       valid_lft forever preferred_lft forever
    inet6 fe80::30f2:d3ff:fee7:8c2b/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever

root@OpenWrt:~# cat /etc/config/network

config interface 'ZeroTier'
option proto 'none'
option device 'ztosidxu3x'
option metric '20'

config route
option interface 'ZeroTier'
option target '0.0.0.0/0'
option metric '0'

root@OpenWrt:~# cat /etc/config/firewall

config zone
option name 'vpn'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
list network 'ZeroTier'

config forwarding
option src 'vpn'
option dest 'lan'

config forwarding
option src 'vpn'
option dest 'wan'

config forwarding
option src 'lan'
option dest 'vpn'

config rule
option name 'Allow-ZeroTier-Inbound'
option src '*'
option target 'ACCEPT'
option proto 'udp'
option dest_port '9993'

2

Try running zerotier-cli dump, zerotier-cli listnetworks etc. to see what is actually configured.

3 
root@OpenWrt:~# cat /zerotier_dump.txt 
platform: Linux
zerotier version: 1.14.1

status
------
{"address":"1deaa1b029","clock":1728505735837,"config":{"settings":{"allowTcpFallbackRelay":true,"forceTcpRelay":false,"homeDir":"/var/lib/zerotier-one","listeningOn":["172.17.17.1/9993","172.17.17.1/57758","172.17.17.1/64688","192.0.0.2/9993","192.0.0.2/57758","192.0.0.2/64688","2607:fb90:7462:8375:e95c:9a8d:4ffa:fe69/9993","2607:fb90:7462:8375:e95c:9a8d:4ffa:fe69/57758","2607:fb90:7462:8375:e95c:9a8d:4ffa:fe69/64688","192.168.1.86/57758","192.168.1.86/64688","2600:1700:6c5d:e40f:c66e:1fff:fe12:f29f/57758","2600:1700:6c5d:e40f:c66e:1fff:fe12:f29f/64688"],"portMappingEnabled":true,"primaryPort":9993,"secondaryPort":57758,"softwareUpdate":"disable","softwareUpdateChannel":"release","surfaceAddresses":["107.192.62.177/64688","107.192.62.177/57758","2600:1700:6c5d:e40f:c66e:1fff:fe12:f29f/57758"],"tertiaryPort":64688}},"online":true,"planetWorldId":149604618,"planetWorldTimestamp":1723830653344,"publicIdentity":"1deaa1b029:0:f4b2f4f7557c55d467615468cb3f6304624c86f98c79575fcc05ba4c8b65730cc5dcc2b67b75a1fa2003fcf655c6a7e70f2a307a601ceef0b762cfc1614f600d","tcpFallbackActive":false,"version":"1.14.1","versionBuild":0,"versionMajor":1,"versionMinor":14,"versionRev":1}

networks
--------
[{"allowDNS":false,"allowDefault":true,"allowGlobal":false,"allowManaged":true,"assignedAddresses":["172.28.112.22/16"],"bridge":false,"broadcastEnabled":true,"dhcp":false,"dns":{"domain":"lan","servers":["172.28.62.73"]},"id":"xxxxxx","mac":"32:f2:d3:e7:8c:2b","mtu":2800,"multicastSubscriptions":[{"adi":0,"mac":"01:00:5e:00:00:01"},{"adi":0,"mac":"33:33:00:00:00:01"},{"adi":0,"mac":"33:33:00:00:00:02"},{"adi":0,"mac":"33:33:ff:00:00:00"},{"adi":0,"mac":"33:33:ff:e7:8c:2b"},{"adi":2887544854,"mac":"ff:ff:ff:ff:ff:ff"}],"name":"determined_kahn","netconfRevision":12,"nwid":"xxxxxx","portDeviceName":"ztosidxu3x","portError":0,"routes":[{"flags":0,"metric":0,"target":"0.0.0.0/0","via":"172.28.62.73"},{"flags":0,"metric":0,"target":"172.28.0.0/16","via":null},{"flags":0,"metric":0,"target":"192.168.1.0/24","via":"172.28.62.73"}],"status":"OK","type":"PRIVATE"}]

peers
-----
[{"address":"xxxxxx","isBonded":false,"latency":399,"paths":[{"active":true,"address":"2001:19f0:6001:2c59:beef:bd:5fe0:dd91/21044","expired":false,"lastReceive":1728503714093,"lastSend":1728503689123,"localPort":0,"localSocket":547715537776,"preferred":false,"trustedPathId":0},{"active":true,"address":"2001:19f0:6001:2c59:beef:bd:5fe0:dd91/21044","expired":false,"lastReceive":1728503689123,"lastSend":1728503689123,"localPort":0,"localSocket":547715537968,"preferred":false,"trustedPathId":0},{"active":true,"address":"2001:19f0:6001:2c59:beef:bd:5fe0:dd91/21044","expired":false,"lastReceive":1728503689123,"lastSend":1728503693801,"localPort":0,"localSocket":547715538160,"preferred":false,"trustedPathId":0},{"active":true,"address":"2001:19f0:6001:2c59:beef:bd:5fe0:dd91/21044","expired":false,"lastReceive":1728500491512,"lastSend":1728500491512,"localPort":0,"localSocket":547694432288,"preferred":false,"trustedPathId":0},{"active":true,"address":"2001:19f0:6001:2c59:beef:bd:5fe0:dd91/21044","expired":false,"lastReceive":1728505735792,"lastSend":1728505730862,"localPort":0,"localSocket":547715538544,"preferred":true,"trustedPathId":0}],"role":"LEAF","tunneled":false,"version":"1.14.1","versionMajor":1,"versionMinor":14,"versionRev":1},{"address":"778cde7190","isBonded":false,"latency":57,"paths":[{"active":true,"address":"103.195.103.66/9993","expired":false,"lastReceive":1728505570769,"lastSend":1728505730862,"localPort":0,"localSocket":547715538352,"preferred":true,"trustedPathId":0}],"role":"PLANET","tunneled":false,"version":"-1.-1.-1","versionMajor":-1,"versionMinor":-1,"versionRev":-1},{"address":"cafe04eba9","isBonded":false,"latency":120,"paths":[{"active":true,"address":"84.17.53.155/9993","expired":false,"lastReceive":1728505570832,"lastSend":1728505675809,"localPort":0,"localSocket":547715538352,"preferred":true,"trustedPathId":0}],"role":"PLANET","tunneled":false,"version":"-1.-1.-1","versionMajor":-1,"versionMinor":-1,"versionRev":-1},{"address":"cafe9ccda7","isBonded":false,"latency":233,"paths":[{"active":true,"address":"66.90.98.98/9993","expired":false,"lastReceive":1728505570946,"lastSend":1728505675809,"localPort":0,"localSocket":547715537008,"preferred":true,"trustedPathId":0}],"role":"PLANET","tunneled":false,"version":"-1.-1.-1","versionMajor":-1,"versionMinor":-1,"versionRev":-1},{"address":"cafe9efeb9","isBonded":false,"latency":66,"paths":[{"active":true,"address":"2605:9880:200:1200:30:571:e34:51/9993","expired":false,"lastReceive":1728505570777,"lastSend":1728505675809,"localPort":0,"localSocket":547715538544,"preferred":true,"trustedPathId":0}],"role":"PLANET","tunneled":false,"version":"-1.-1.-1","versionMajor":-1,"versionMinor":-1,"versionRev":-1}]

local.conf
----------
None Present

Network Interfaces
------------------

Interface 0
-----------
Name: rmnet_mhi1.1
MTU: 1500
MAC: 02:50:f4:00:00:01
Addresses: 
192.0.0.2
2607:fb90:7462:8375:e95c:9a8d:4ffa:fe69
Interface 1
-----------
Name: br-lan
MTU: 1500
MAC: 2c:cf:67:83:69:79
Addresses: 
172.17.17.1
Interface 2
-----------
Name: ztosidxu3x
MTU: 2800
MAC: 32:f2:d3:e7:8c:2b
Addresses: 
172.28.112.22
fe80::30f2:d3ff:fee7:8c2b
Interface 3
-----------
Name: phy1-sta0
MTU: 1500
MAC: c4:6e:1f:12:f2:9f
Addresses: 
192.168.1.86
2600:1700:6c5d:e40f:c66e:1fff:fe12:f29f
fe80::c66e:1fff:fe12:f29f

Good example of listnetworks intermittently showing the network:

root@OpenWrt:~# zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
root@OpenWrt:~# zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks xxxxxx determined_kahn 32:f2:d3:e7:8c:2b OK PRIVATE ztosidxu3x 172.28.112.22/16
4

@cr08 - just some friendly advice:

  1. Only enable "allow_global" if you own the entire public network range you're using for the ZeroTier network.
  2. Only enable "allow_default" if you've got a working exit node set as the default gateway and proper policy routing that bypasses the default route for the local network.
5

Thanks for these pointers. I read over more of the docs and I definitely don't need allow_global but I do need allow_default and I do have an exit node set up. When things are working I can properly route out via my home connection. That side seems to be configured correctly.

I think some of my issues may have been related to it not pulling the expected config file? I followed the directions from the wiki as well as some other OWRT related guides found on Google which all seemed to largely agree with each other. But for some reason initially it didn't seem to pick up the configs I had set and had to do everything manually.

Here's my latest config and it seems to be behaving. I have to wonder if the missing list join 'xxx' may have been the culprit?

root@OpenWrt:~# cat /etc/config/zerotier

config zerotier 'global'
        # Sets whether ZeroTier is enabled or not
        option enabled '1'
        # Path of the optional file local.conf (see documentation at
        # https://docs.zerotier.com/config#local-configuration-options)
        option local_conf_path '/etc/zerotier.conf'
        option config_path '/etc/zerotier'
        option copy_config_path '1'

config network 'wpkr_zt'
        option enabled '1'
        list join 'xxxxxx'
        option id 'xxxxxx'
        option allow_managed '1'
        option allow_global '0'
        option allow_default '1'
        option allow_dns '1'
root@OpenWrt:~#