Whenever I restart my OpenWRT device, I have to reenter the following command
zerotier-cli set <networkId> allowDefault=1
I've tried following the persistent instructions here
https://openwrt.org/docs/guide-user/services/vpn/zerotier#advanced_configuration
I've replaced deadbeef00 with the ZeroTier interface name I get from running ip a. After running the first command, I get uci: Invalid argument.
I'm using OpenWRT for RPI 5 and a snapshot from 6th of March I believe.
using sudo is not normal for OpenWrt. It is possible, of course, to add non-root users and make them sudoers, but this has the potential to make things more difficult or maybe cause them not to work at all.
Can you explain the sudo part?
That is not how it works-- the name is the internal UCI config section name (maybe default_config), not an interface name.
Edit the /etc/config/zerotier file instead. uci was intended for scripts, not to run manually.
You're right. I've amended my post. I'm not using sudo
I'm not sure what to put in /etc/config/zerotier to make the connection persistent. Is there another guide I could follow to make the zerotier connection persistent? I'm having to run zerotier-cli set <networkId> allowDefault=1 whenever the device reboots.
hoping you can solve it like this
test:
uci set zerotier.sample_config.allowDefault='1'
from:
or:
https://openwrt.org/docs/guide-user/advanced/hotplug_extras#instructions
I tried that command. I have delete the sample_config network entry in /etc/config/zerotier and just have a "config zerotier 'openwrt_network'" entry.
Unfortunately this command does nothing (but at least it doesn't throw invalid argument)
uci set zerotier.openwrt_network.allowDefault='1'
It doesn't change the config file and after a restart, I have to run zerotier-cli set <networkId> allowDefault=1 to get internet access via my exit node.
I'm sorry it was just a test
and try running the command with hotpulg ?
I noticed that the zerotier tunnel is up and that the above command just adds a default gateaway. So I fixed it by just going to luci -> Network -> Interfaces -> zerotier interface -> set IPv4 gateway to the exit node's IP address (same subnet as the OpenWRT zerotier interface). And finally, still in the same interface, went to Advanced Settings and ticked Use default gateway. This allows client to connect to the internet as soon as the router boots up but I noticed that there is no 128.0.0.0 route in route -n (the zerotier cli adds this route but I've no idea what 128.0.0.0 refers to)
I'm glad you were able to resolve it
Zerotier pushes routes to clients including a default route, if configured in your Zerotier Central account. When this is set up and working, it is not necessary to add any routes within OpenWrt.
Since this route will be pushed to all peers on the network, and only some of them may want to redirect all Internet use, the local option allowDefault by the client exists.
UCI does not support allowDefault directly. What you tried there will not work. The only change in UCI is to make Zerotier read its native configuration from a persistent file at every startup. Then when you use zerotier_cli to set allowDefault once, it is saved in the native file and becomes permanent.
The uci commands came from the official OpenWRT guide so I'm not sure what I was doing wrong.
Regarding ZeroTier peers, I'm using it in full tunnel mode where the clients connecting to OpenWRT are not aware of the zt network or that they are tunneled. I actually do not want clients to go out on the "local" internet and always tunnel to my home's default gateway via the exit node. So if the tunnel goes down, there should just be no internet (I think that's called a kill switch?).
So I got it all working but I did it the "wrong way"? Speed is actually quite bad (seems like latency spikes or dropped packets, not sure)
Hi, i just solved the problem.
I managed to get persistent allowDefault=1 on my router working on reboot or re-enabling ZeroTier application on router menu.
First, after configuring the 'server' and testing that the router worked with the command:
sudo zerotier-cli set $nwid allowDefault=1
I did the same thing that i did on the 'server', try to persist the configuration with:
sudo touch /var/lib/zerotier-one/networks.d/[Network ID].conf
that creates a NWID.local.conf file with just the 4 "allow..." including our "allowDefault".
(But the router puts it on the temporary folder and it doesn't work.)
so i found the
https://openwrt.org/docs/guide-user/services/vpn/zerotier
and i tried to follow the ADVANCED CONFIGURATION, but i was blocked, getting invalid argument, due NetworksName, ".openwrt_network." on your case.
I went to "/etc/config/zerotier" and i saw the first line "config zerotier 'gl' "
so i replaced it and it worked:
uci set zerotier.gl.config_path='/etc/zerotier'
uci set zerotier.gl.copy_config_path='1'
uci commit zerotier
The file "/etc/config/zerotier" was updated with the right lines and now my /etc/zerotier/networks.d/NWID.local.conf is persisted and is copied to the temporary everytime zerotier starts. I even excluded everything but this file from /etc/zerotier/ and it works fine and faster, We just need to set allowdefault.
PS:Uci command with only allowdefault doesn't works. I tested it.
I hope it helps 
Could you elaborate on what you do with the file you create with this command?
sudo touch /var/lib/zerotier-one/networks.d/[Network ID].conf
The file will be blank so not sure what the 4 "allow..." means or how this content ends up in that file. I assume you need to edit that file and put allowDefault=1 in it?
Hi, when i executed this commands, for me, it creates the file NWID.local.conf with the content of actual zerotier configuration (of the 4 allows 
) :
So when i made it persistent in "etc/..." directory(firstly copied from "var/..." with this local.conf file) and ran uci commands, this file/configuration is copied back to "var/..." (bringing the allowDefault=1) everytime ZeroTire is enabled, on reboot or using the router interface to enable Zerotier.
If your file is blank, maybe try adding manually.
allowManaged=1
allowGlobal=0
allowDefault=1
allowDNS=0