What steps can be taken to address the lack of admin interface for enabling advanced features like Multi-Path, Low Bandwidth, Trusted Path, and hardware AES acceleration in the current version of ZeroTier on ROS?
There are no hidden features. What you see in command line, is what has been implemented.
Well, I would also call those options hidden since they all are a part of the current ZeroTier version included with RouterOS which simply lacks the ability to configure them.
Adding AES hardware acceleration would also be a major enhancement as well as an upgrade to v1.12. This version prevents path-learning loops (which I’ve seen plenty of times on ROS) and offers significantly faster recovery when network paths changes (currently you sometimes have to wait up to 20-30 seconds).
The ZeroTier peer status indicators also need improvement in ROS as they lack information about link status (direct/relay) and the version of remote peers making it harder to troubleshoot connection-related issues. Information about last transmitted/received status should be presented using separate columns like the zt-cli command line option “peers”.
Those are locked features. For $$$ they can be unlocked. 
You seem convinced that code is already in the OS, I am not so easily convinced.
We have no idea what MT ported across…
Maybe its true and one can only port the entire BLOCK and not partial bits
and thus one could say that hooks exist for features, but they have not been CONNECTED to RoS so until thats coded/added…
Yeah, looks like we need to start collecting some dough to sort this out once and for all!
The ZeroTier client library itself is very small and accessible using a single API. Configuration is managed using parameters that are either retrieved from a configuration file or controlled directly via the API.
I’d pay to unlock them, unfortunately that not how it works here .
LOL. In fairness they do have to map all the options to RouterOS attributes. While low bandwidth mode is trivial. Multipath be much tricker to map to RouterOS — it both changed over time, and need some more advanced interface selection than picking an interface-list. I suspect they’s why things are “hidden”.
That being said… Multipath support with ZT on MT has been my hope for a VERY long time. And I think quite useful on a Mikrotik since RouterOS lack good bonding options for asymmetric links. In particular, ZeroTier added a “link quality” option that might have some value with LTE and other wireless:
https://docs.zerotier.com/multipath#link-quality
Anyway +1 from me to “un-hide” the rest of ZT’s features.
The idea to have some override to use a “real” ZT configuration file might be a reasonable solution. I wasn’t a fan of this before — be “ugly” IMO as I’m more puritan there is ONE unified config structure on RouterOS for everything. But since they added JSON support… it would not be as bad to have a JSON blob as a “manual” config option. e.g. you could :deserialize the “native” ZT config, to modify a particular item in from CLI, and the :serialize it back to some override-config-json= option under /zerotier.
I hadn’t looked at the ZT changes in a bit – the config has gotten grow a lot. I just don’t see how RouterOS could keep up in a reasonable time frame.
Yeah, it feels like I’ve been waiting far too long for both Multipath and Trusted Path for ROS. And yes, JSON support would be awesome! Another thing on my wishlist is to split the ZT controller into a separate package. Since the client is so small (less than 10 MB), it’s possible it would fit even on smaller devices.
I read the docs today since it’s been a while. Seem even ZeroTier themselves gave up trying to map the JSON to the CLI:
Currently most configuration is handled via manual editing of each node’s local.conf. There are only a few available CLI commands.
(https://docs.zerotier.com/multipath#using-the-cli)
If something didn’t work via a future “override-config-json=”… well… at least you could try it & still be in same boat as today without more advanced ZT features working.
This get Mikrotik out of the business of needing to map all ZT concepts – which I do think be hard in reading ZT’s doc.
Or move the ZT client part into the main package, and leave the controller bit as zerotier.npk.
I do use zerotier.npk on these 16MB devices today…