ZeroTier 'interfaces'

ilium007 · May 1, 2022, 11:22am

I’m a bit stuck here. I don’t know what ‘interfaces’ I should be selecting here:
Screen Shot 2022-05-01 at 9.18.08 pm.png
If I select anything other than ‘all’ the connection gets stuck on “REQUESTING_CONFIGURATION”
Screen Shot 2022-05-01 at 9.20.08 pm.png
The Mikrotik documentation page (https://help.mikrotik.com/docs/display/ROS/ZeroTier) isn’t all that helpful:
Screen Shot 2022-05-01 at 9.21.03 pm.png

anav · May 1, 2022, 1:07pm

Best article on the subject…
http://forum.mikrotik.com/t/zerotier-on-mikrotik-a-rosetta-stone-v7-1-1/155978/1

ilium007 · May 2, 2022, 4:07am

I’ll go through it again, thanks.

ilium007 · May 2, 2022, 12:56pm

I’ve re-read this tonight. It doesn’t really provide any more info. It says that the interface selection is just for specifying interfaces the zero tier ‘may’ use.

Amm0 · May 2, 2022, 3:05pm

The ZT Interface selector on the instance controls where it will establish tunnels to other ZT peers/etc. May not 100% accurate but essentially “instance” (e.g. “zt1”) is what establishes ZT tunnels, the get manifests as ZT network interface (“zeroteir1”).

By default ZT will attempt to establish a connection on “all” interface, since you may have peers on the LAN and WAN at same time. But if you pick an interface[/list], then it will ONLY use that to establish tunnels.

If you goal is remote access to the router itself, then could use “WAN” (or your uplink interface). Now if the interface[/list] has no direct internet access, like “LAN”, it might be a problem since it might be restricted from reaching the root/planets.

I’ve just left it “all”, but I can see use cases ZT network or security model where you would rather not have all the ZT stuff going doing some interface.

You can try different settings, and the effects can be seen in the “Peer” view. You may have to click on a particular peer to see the full list of “Paths” - winbox’s list only shows the first one.

anav · May 2, 2022, 4:58pm

@Amm0, please consider adding too, or modifying your article if you think appropriate to cover off the OPs concerns (assuming they are legitimate requirements that you could see others needing).

ilium007 · May 2, 2022, 9:23pm

Thanks @Amm0 - what led me to your post was that when I set ‘interface’ to anything but ‘all’ (I had wanted it set to ‘WAN’) ZeroTier on routerOS would hang at REQUESTING_CONFIGURATION.

Amm0 · May 2, 2022, 9:48pm

You know it’s entirely possible there are bug/limitations. And actually you understand do how it should work . Mikrotik isn’t quick with support tickets, but if created one with a supout.rif, it worth to see what they say.

ilium007 · May 3, 2022, 12:37am

Thanks - I’ll raise a ticket.

ilium007 · May 4, 2022, 10:25am

Upgraded to RouterOS 7.2.3 and I can now get a connection specifying the ‘WAN’ interface list.

holvoetn · May 4, 2022, 10:26am

Interesting … what version were you coming from ?

ilium007 · May 4, 2022, 10:32am

7.2.1