hello awesome people
how can we specify what want zerotier should use in a router ? i have multiple wan ports on my ccr and id like to specify what wan zerotier should use for better performance
thank you
You can control the interfaces using something like:
/zerotier/set zt1 interfaces=wan2-ether2
change the interfaces as needed
Now, since you're specifying a single interface... it would not use any other interface if that one was down. So no failover.
If you already have routing tables, you can try to add some mangle rules to send !local (to WAN) for just port UDP 9993. And control failover in a routing table. But I'm sure this will always work, but ZT will use port 9993 first in its path test. So might be possible to steer most/some traffic out a specific WAN without specify one interface. Then could leave interface=WAN (interface list) or =all (or whatever you have now) the same, if you mangled port 9993 to desired WAN interface in mangle.
You could also, with scripting a netwatch simple rule to ping remote ZT host, and if remote ZT host is down (on-down ), change the above single interfaces= back to =all. You can then manually reset the interfaces= to desired single WAN interface to use, when it is back up.
Yes, that's the same setting.
if i specify 2 interfaces , is it by order ?
ZT uses all the interfaces that you specify for discovering paths. Which ones(s) it eventually uses for data is a decision it makes based on internal logic.
How it chooses the best path can be set in the config file, however this setting is not exposed in the Mikrotik user interface. There was some speculation about what this setting is internally, but it's essentially unknown.
I would suggest leaving all interfaces where a connection may be possible or relevant in the list and let ZT handle the rest.
Agreed. Or perhaps set interfaces to WAN interface list to limit its searching, since OP looks to be using all which will generate traffic on LAN looking for VL1 paths (and may be what he's trying to avoid).
As @Larsa and I have discussed in other threads many times... there are more ZeroTier settings to control path selection, but they are not exposed in RouterOS. See https://docs.zerotier.com/multipath/ which does allow primary and backups.
i am looking to test starlink to starlink tunnel as ipv6 was not stable and l2tp is slow so i dont want zerotier to be using my other fiber wan ports
i will probably use a different router , this is easier to test
Well, ZeroTier is not going to be "fast" compared to other VPNs. And bet L2TP be is faster in a speed test, even if you set a single interface to use in ZT. ZT uses L2 so paying a hit there, and generally more designed for resiliency, than speed, to always find a path even if network changes. While IPSec is typically hardware offloaded.
< whispering voice >
Wireguard ...
2 Likes
And if OP needed L2, could use EoIP over WireGuard. I'd also bet that's still faster than ZeroTier on a point-to-point connection. Hell, even if mtu=1500 on EoIP, so be fragmented, it still likely outperform ZT on speed.
wireguard (both ipv6 and ipv4) did not work properly
kept hanging each time starlink changed the ipv6 and refused to connect over ipv4 due to starlink cgnat
l2tp is stable now as i have a static public ip in my Hq router..but this wont happen with starlink acting as server
Ah.....yes. You did mention starlink-to-starlink. That's CGNAT on both ends. If both are ARM-based you could, use "back to home" VPN which deal with WG and CGNAT. But then traffic be proxied.
I have not test IPv6 much on Starlink (we use public ip on the few we use), so can't help you there. But I'd figure out what's wrong with IPv6 as the tunneling become easy.
If you need L2, perhaps try just EoIP with use-ipsec=yes (no WG) with the IPv6 addresses. It's possible that works since it will setup the IPSec stuff for you (which is tricky). Or at least easy to try.
1 Like
no need for l2 but maybe ill try EoIP
with ipv6 it works splendid till the dhcpv6 changes every 5 min on the starlink side and wireguard dies
i still cant find a stable solution for a Hub-and-Spoke solution ( hq on starlink and fiber — branches on starlink)