Problems with ZeroTier .... HELP!

[Itay1778]

Hey,
I encountered a problem running ZeroTier and I was able to connect to my network
But it does not create another interface
And I get the error PORT_ERROR
I tried to talk to their support but they did not really help me solve it
From my last conversation with them:

"It looks like something is preventing zerotier module from loading/working. There's no zerotier interface and the status has "PORT ERROR"
On Linux, it's the `tun` module. Not sure what to do for FreeBSD.
Sometimes the images on VPS hosts don't have tun for some reason and you need to get it running yourself."

I would be happy if you could help me with this
Thanks Itay

 

[sretalla]

show us the output of ifconfig on your server with zerotier running. Maybe we will help you to see what's going on.

What command did you use to join the network (don't share your network ID here)?

 

[Itay1778]

show us the output of ifconfig on your server with zerotier running. Maybe we will help you to see what's going on.

It's at FreeNAS itself

Code:

em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2098<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
        ether e0:69:95:2b:bf:5c
        hwaddr e0:69:95:2b:bf:5c
        inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.26 netmask 0xffffff00 broadcast 192.168.1.255
        inet 192.168.1.61 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:04:e3:4e:45:00
        nd6 options=9<PERFORMNUD,IFDISABLED>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0:35 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 4 priority 128 path cost 2000
        member: vnet0:25 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 7 priority 128 path cost 2000
        member: vnet0:24 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 8 priority 128 path cost 2000
        member: vnet0:22 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 5 priority 128 path cost 2000
        member: vnet0:21 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 2000
        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 55
vnet0:21: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: Emby as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:c0:af:79
        hwaddr 02:84:10:00:06:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0:22: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: Nextcloud as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:27:9a:bf
        hwaddr 02:84:10:00:05:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0:24: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: reverse_proxy as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:9f:9a:97
        hwaddr 02:84:10:00:08:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0:25: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: wordpress as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:ed:53:08
        hwaddr 02:84:10:00:07:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0:35: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: ZeroTier_TC as nic: epair0b
        options=8<VLAN_MTU>
        ether 02:ff:60:43:da:28
        hwaddr 02:84:10:00:04:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair

It's in the jail of ZeroTier

Code:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:ff:60:43:da:29
        hwaddr 02:84:10:00:09:0b
        inet 192.168.1.51 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair

What command did you use to join the network (don't share your network ID here)?

Code:

zerotier-cli join mynetwork

 

[sretalla]

OK, so I confirm you have no zerotier adapter in that output.

My understanding was that the zerotier network should run on the host and be bridged to whatever jails (perhaps with a dedicated VNET interface) needed.

What happens if you run that command on the host instead?

 

[Itay1778]

What happens if you run that command on the host instead?

Do you want me to install ZeroTier on the FreeNAS itself ?? And I do not think it's the most safe to install it directly on FreeNAS

Or just the command of connecting to the network ??? Because I do not think it will work because there is no ZeroTier installed on FreeNAS according to what I know.

 

[sretalla]

Did you also run zerotier-one -d first?

 

[sretalla]

Do you want me to install ZeroTier on the FreeNAS itself ?? And I do not think it's the most safe to install it directly on FreeNAS

Or just the command of connecting to the network ??? Because I do not think it will work because there is no ZeroTier installed on FreeNAS according to what I know.

ZeroTier is already installed on FreeNAS from some version around 11.0.

 

[Itay1778]

Did you also run zerotier-one -d first?

In the jail or in FreeNAS itself?

 

[sretalla]

In the jail or in FreeNAS itself?

On FreeNAS. In my opinion, you don't need a jail for zerotier itself.

 

[Itay1778]

On FreeNAS. In my opinion, you don't need a jail for zerotier itself.

Ok
I delete the jail and start from scratch
And I will try with zerotier-one -d
And if that fails I will think whether to install on FreeNAS itself. Because I think it's much more likely to install such things on jails

 

[sretalla]

So to be clear and in one single message:

start the zerotier daemon:
zerotier-one -d

Join a network:
zerotier-cli join networkID

you get a response like this
ztcxxxxxxxxxx 200 join OK

where ztcxxxxxxxxxx is the new interface

then you can bridge the new interface to your selected VNET... and work out the routing you want to have happening, since the VNET will not normally be on the same subnet/IP range as your zerotier network, so routing or some kind of accordance with the addressing scheme will be needed to make any of it useful.

I guess you could play with the zerotier bridging mode for that interface (on their website) and perhaps then the zerotier network would just become part of your bridged network directly and follow the local addressing scheme.

 

[Itay1778]

On FreeNAS. In my opinion, you don't need a jail for zerotier itself.

Ok at the end I gave up and hooked up on the FreeNAS itself!
And everything works !! I have another interface and I get IP from the network
And now I can create another interface in ui and also it appears in ifconfig.
So thanks for the help !!!

 

[Itay1778]

So to be clear and in one single message:

start the zerotier daemon:
zerotier-one -d

Join a network:
zerotier-cli join networkID

you get a response like this
ztcxxxxxxxxxx 200 join OK

where ztcxxxxxxxxxx is the new interface

then you can bridge the new interface to your selected VNET... and work out the routing you want to have happening, since the VNET will not normally be on the same subnet/IP range as your zerotier network, so routing or some kind of accordance with the addressing scheme will be needed to make any of it useful.

I guess you could play with the zerotier bridging mode for that interface (on their website) and perhaps then the zerotier network would just become part of your bridged network directly and follow the local addressing scheme.

Hey a little question
Is there a possibility to stop the zerotier? Or something like that?

 

[danb35]

ZeroTier is already installed on FreeNAS from some version around 11.0.

The problem is that the support is... well... "half-baked" would be an overly-charitable description. There's no GUI support at all, the service isn't enabled at boot, and the biggest problem is that the host address changes on reboot. And based on the bug ticket I filed, the devs don't seem to be in the least bit interested in improving it.

 

[Itay1778]

So to be clear and in one single message:

start the zerotier daemon:
zerotier-one -d

Join a network:
zerotier-cli join networkID

you get a response like this
ztcxxxxxxxxxx 200 join OK

where ztcxxxxxxxxxx is the new interface

then you can bridge the new interface to your selected VNET... and work out the routing you want to have happening, since the VNET will not normally be on the same subnet/IP range as your zerotier network, so routing or some kind of accordance with the addressing scheme will be needed to make any of it useful.

I guess you could play with the zerotier bridging mode for that interface (on their website) and perhaps then the zerotier network would just become part of your bridged network directly and follow the local addressing scheme.

Hey, can you please explain to me how i can set two interfaces to jail one interface of zerotier with zerotier's IP. And the other with the IP that I set for him like I did for every jail until now that he had access to the Internet

I hope I was clear what I wanted to do:).

 

[sretalla]

Is there a possibility to stop the zerotier? Or something like that?

I guess there are a couple of ways to think about that...

you can unjoin the network

you can kill the zerotier-one process

One day, when the GUI has support for zerotier, you may be able to do that under services in the GUI... for now, not an option.

 

[Itay1778]

I guess there are a couple of ways to think about that...

you can unjoin the network

you can kill the zerotier-one process

One day, when the GUI has support for zerotier, you may be able to do that under services in the GUI... for now, not an option.

I thought about the unjoin, but I would still want him to be inside the network just turned off.
So I understand that for now the only way is to kill the process?
So what is the command to do this?
And how do I turn it back on?

 

[Itay1778]

I thought about the unjoin, but I would still want him to be inside the network just turned off.
So I understand that for now the only way is to kill the process?
So what is the command to do this?
And how do I turn it back on?

Ok I managed

@sretalla
Can you help me with this please:)

Hey, can you please explain to me how i can set two interfaces to jail one interface of zerotier with zerotier's IP. And the other with the IP that I set for him like I did for every jail until now that he had access to the Internet

I hope I was clear what I wanted to do:).

 

[sretalla]

Hey, can you please explain to me how i can set two interfaces to jail one interface of zerotier with zerotier's IP. And the other with the IP that I set for him like I did for every jail until now that he had access to the Internet

To create yourself another bridge and add the zerotier network adapter to it, you would do something like this:

ifconfig bridge1 create
ifconfig bridge1 addm ztcxxxxxxxxx up

Then you need some help from someone who really knows how to do what you're asking for, which is to have 2 VNET NICs in a jail, one bridged to bridge0 and the other bridged to bridge1... I haven't got enough time to work it out right now.

 

[Itay1778]

To create yourself another bridge and add the zerotier network adapter to it, you would do something like this:

ifconfig bridge1 create
ifconfig bridge1 addm ztcxxxxxxxxx up

Then you need some help from someone who really knows how to do what you're asking for, which is to have 2 VNET NICs in a jail, one bridged to bridge0 and the other bridged to bridge1... I haven't got enough time to work it out right now.

When do I create this bridge1 it also creates VNET1?