ZeroTier + OpenWRT has multiple networks

perseyjackson · January 1, 2025, 5:14pm

OpenWrt 23.05.5 r24106-10cc5fcd00 / LuCI openwrt-23.05 branch git-24.264.56413-c7a3562
Xiaomi Mi Router 4A Gigabit Edition

Installed zerotier
ip a shows 2 ZeroTier networks

13: ztwfupvzmi: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 3a:ee:5e:14:b4:16 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::689b:42ff:fe86:256b/64 scope link
       valid_lft forever preferred_lft forever
14: ztwfupvzmj: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 3a:ee:5e:14:b4:16 brd ff:ff:ff:ff:ff:ff
    inet 172.27.xx.xx/16 brd 172.27.255.255 scope global ztwfupvzmj
       valid_lft forever preferred_lft forever
    inet6 fde4:da74:xxb2:8eb0:3axx:935e:d0a6:e162/88 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::38ee:5eff:fe14:b416/64 scope link
       valid_lft forever preferred_lft forever

I can see ZeroTier node on my.ZeroTier but pings does not work

perseyjackson · January 1, 2025, 5:25pm

Additional information: router has access to internet using another router over WiFi and Relay bridge

AndrewZ · January 1, 2025, 5:39pm

Show your ZT config as text (/etc/config/zerotier), hide your secret and network id.

perseyjackson · January 1, 2025, 5:41pm

root@OpenWrt:~#cat /etc/config/zerotier

config zerotier 'global'
        option enabled '1'
        option secret '5ed0a6e162:0:xxxxxxxxxxxxxxxxxxxxxxxxxxxx'

config network 'my_zt_net'
        option id 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        option config_path '/etc/zerotier'
        option copy_config_path '1'
        option allowDefault '1'

AndrewZ · January 1, 2025, 5:49pm

Start with a simpler configuration (replace what you have entirely):

config zerotier 'my_zt_net'
        option enabled '1'
        list join 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        option secret '5ed0a6e162:0:xxxxxxxxxxxxxxxxxxxxxxxxxxxx'

perseyjackson · January 1, 2025, 6:15pm

root@OpenWrt:~# cat /etc/config/zerotier
config zerotier 'my_zt_net'
        option enabled '1'
        list join 'xxxxxxxxxxxxxx'
        option secret '5ed0a6e162:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'

root@OpenWrt:~# service zerotier restart
disabled in /etc/config/zerotier
Generating secret - please wait... uci: Invalid argument
done.

got error

mk24 · January 1, 2025, 6:21pm

As it generated a new secret you have to go back to Zerotier Central and configure and authorize the node again under its new ID number. Those numbers are derived from the random secrets.

AndrewZ · January 1, 2025, 6:30pm

OK, here is the known good configuration. It's likely that some default settings have changed recently and I've missed that.

config zerotier 'global'
        option enabled '1'
        option secret ''

config network 'mynet'
        option id 'xxxxxxxxxxxxxxxxxxxx'
        option allow_managed '1'
        option allow_global '0'
        option allow_default '0'
        option allow_dns '0'

Leave secret empty as shown then restart the service and authorize the new member on the portal.

perseyjackson · January 1, 2025, 7:21pm

Now I have 1 network, and it is available/authorized on my.zerotier.com but I could not ping any zerotier hosts

perseyjackson · January 1, 2025, 7:24pm