And, yes, I recall difference in discovery & MAC winbox connection from ~rc4 to 7.1 – what I exactly was going on when, harder to say. I do want to saw L2 winbox connection worked more consistently in the early betas. But in V7.1 discovery has worked well, and L3 connection always has worked in V7… on Audience, wAP ac, hAP ac2 at some point, but no RB3001 to try.
But has not always worked in V7 is L2 MAC-based – I haven’t narrowed it down, but do know the pathes the ZT uses (fiber, LTEw/CGNAT, LTEw/staticIP, ZT through IPSec) effect connecting effect this & perhaps the client-side path to ZT might also be involved. Since I also use a Mac with winbox on top of this… Has worried me about calling L2 discovery a ZT bug BUT I suspect there are issues.
Which why I started to think I’m not sure exactly how much is ZeroTier allow to do to figure out it’s tunnels out. This post has a very bizarre issue with ARP running afoul with ZT: http://forum.mikrotik.com/t/zerotier-bug-arping-for-public-ip-on-lan/153832/1
Since MT neighbor discovery also uses L2 broadcasts, might be related.
Haven’t tried bridging with ZeroTier yet. Already super useful for on V7 devices for only remote access as a plain interface to a specific “Mikrotik Management” ZeroTier network - didn’t want to push my luck. But also I’m not clear what should be happening if bridged – while obviously the traffic inside the tunnel should land on the bridge the ZT port is assigned – that’s part is easy to understand. BUT, the tunnels ZT establish have a lot of way to tunnel OUT from their spec – some kinda strange & prehaps useful, but also non-standard. Basically seem to use various techniques and probing that go well beyond what a “bridge port” can normally do.