Open mvivaldi opened 1 year ago
marcomazzaglia
commented
1 year ago I have the same problem. Yesterday my zerotier server received the update, we migrated from ZT 1.10.6 to 1.12.0 and now I'm unable to see the clients on the web interface.
dec0dOS
commented
1 year ago Thanks for reporting the problem. Seems to be ZeroTier Team made some breaking changes to the controller behavior. You should stay on the latest supported ZeroTier version for the controller - 1.10
dec0dOS
commented
1 year ago The issue on ZeroTierOne repo to track the problem: https://github.com/zerotier/ZeroTierOne/issues/2108
dec0dOS
commented
1 year ago Fixed in 1.12.1Originally posted by @glimberg in https://github.com/zerotier/ZeroTierOne/issues/2108#issuecomment-1694020567
iball
commented
1 year ago Everything I have has been upgraded to 1.12.1, systems rebooted, and I'm still not seeing them in ZeroUI.
Looks like others are still having the same issue, from the main ZeroTierOne Github issues list:
wongsyrone
commented
1 year ago Already fixed via my commit https://github.com/dec0dOS/zero-ui/commit/856682bad1ccd46970681e45bea8a992043c38f4
eduardo010174
commented
1 year ago 
U11Leung
commented
1 year ago Already fixed via my commit 856682b
Is it included in current version of zero-ui?
dec0dOS
commented
1 year ago It was fixed in https://github.com/zerotier/ZeroTierOne/pull/2115, waiting for 1.12.2 release
marcomazzaglia
commented
1 year ago It was fixed in zerotier/ZeroTierOne#2115, waiting for 1.12.2 release
Perfect! Do you know the time when 1.12.2 will be released?
KevinRoebert
commented
1 year ago Everything I have has been upgraded to 1.12.1, systems rebooted, and I'm still not seeing them in ZeroUI.
Looks like others are still having the same issue, from the main ZeroTierOne Github issues list:
@iball Have you found a fix for it?
dec0dOS
commented
1 year ago @KevinRoebert you should wait for 1.12.2 release or downgrade ZeroTier on the controller to supported version.
glimberg
commented
1 year ago 1.12.2 is now released
iball
commented
1 year ago Upgraded all my clients to 1.12.2 to include the server running ZeroUI and it's still not showing any clients/peers. zerotier-cli peers lists them all just fine but it's not showing up in the ZeroUI web UI.
U11Leung
commented
1 year ago Someone can confirm this? before I can give 1.12.2 a try
canghaiwuhen
commented
1 year ago 1.12.2 Still having problems
U11Leung
commented
1 year ago let's reopen one on their issue list
knightian
commented
1 year ago Yep broken with ZT 1.12.2, I am seeing no clients.
jonaavanza
commented
1 year ago Same issue for me on fedora, I reverted to zerotier 1.10.2 and that solved the issue
Mihara
commented
1 year ago You basically need to revert one line in backend/routes/member.js to get rid of the compatibility fix introduced to handle 1.12.0, now that the compatibility is back to what it was before.
See https://github.com/dec0dOS/zero-ui/commit/856682bad1ccd46970681e45bea8a992043c38f4#r126131655
dec0dOS
commented
1 year ago You basically need to revert one line in
backend/routes/member.jsto get rid of the compatibility fix introduced to handle 1.12.0, now that the compatibility is back to what it was before.
Please keep in mind that the controller API responses for version 1.12.2 are still distinct from those in version 1.10. This commit was initially introduced as a temporary solution for the 1.12.0 release within the main branch, but the new ZeroUI version hasn't been released yet. I'm planning to revert it back while we await a proper fix from the ZeroTier team. For now, the best solution is to use the 1.10 ZeroTier version on the controller.
glimberg
commented
1 year ago Please keep in mind that the controller API responses for version 1.12.2 are still distinct from those in version 1.10
If this is still the case after 1.12.2, it hasn't been reported to us at ZeroTier.
dec0dOS
commented
1 year ago I couldn't replicate the issue with 1.12.2. My apologies, it turns out I was actually testing 1.12.1 at the time. Could someone please verify the problem with their setup using ZeroUI version 1.5.1 and ZeroTier 1.12.2? If you're still experiencing the problem, please consider building from the source and report any issues.
mvivaldi
commented
1 year ago With the latest update 1.5.8 everything is working fine!
Thank you
knightian
commented
1 year ago @dec0dOS I built your latest commit from source and it is working. One thing to note for everyone, is it seems that with 1.12 zerotier is changing permissions of authtoken.secret to be 600 (rw- --- ---) and owned by root, so because I am spawning zeroui as a user that is not root, it can't access the authtoken.secret file. If I allow that user access to the authtoken, on restart zerotier changes the permissions back. Worth noting this.
dec0dOS
commented
1 year ago @dec0dOS I built your latest commit from source and it is working. One thing to note for everyone, is it seems that with 1.12 zerotier is changing permissions of authtoken.secret to be 600 (rw- --- ---) and owned by root, so because I am spawning zeroui as a user that is not root, it can't access the authtoken.secret file. If I allow that user access to the authtoken, on restart zerotier changes the permissions back. Worth noting this.
In that case you should probably set ZU_CONTROLLER_TOKEN in env.
iball
commented
1 year ago After pulling the latest docker image, it's working properly now. Thank you.
knightian
commented
1 year ago @dec0dOS I built your latest commit from source and it is working. One thing to note for everyone, is it seems that with 1.12 zerotier is changing permissions of authtoken.secret to be 600 (rw- --- ---) and owned by root, so because I am spawning zeroui as a user that is not root, it can't access the authtoken.secret file. If I allow that user access to the authtoken, on restart zerotier changes the permissions back. Worth noting this.
In that case you should probably set ZU_CONTROLLER_TOKEN in env.
Great! I was wondering if this was a thing. Thanks
eduardo010174
commented
1 year ago Flow rules still not work.
dec0dOS
commented
1 year ago @eduardo010174, please provide minimal, reproducible example.
eduardo010174
commented
1 year ago I'm using zerotier 1.10.6 or 1.12.2 get same problem. I not test if rules work, but on controller probably work. The problem it's synchronize on zero-ui only. This problem emerged after update to last version of zero-ui. I will retry build again with this setup for check if it's a false positive or incompatible version and need rebuild after update.
controller.d/network$ cat redacted.json
{
"authTokens": [
null
],
"authorizationEndpoint": "",
"capabilities": [],
"clientId": "",
"creationTime": 1631785049729,
"dns": [],
"enableBroadcast": false,
"id": "redacted",
"ipAssignmentPools": [
{
"ipRangeEnd": "10.147.18.254",
"ipRangeStart": "10.147.18.1"
}
],
"mtu": 2800,
"multicastLimit": 32,
"name": "redacted",
"nwid": "redacted",
"objtype": "network",
"private": true,
"remoteTraceLevel": 0,
"remoteTraceTarget": null,
"revision": 25,
"routes": [
{
"target": "10.147.18.0/24",
"via": null
}
],
"rules": [
{
"etherType": 2048,
"not": true,
"or": false,
"type": "MATCH_ETHERTYPE"
},
{
"etherType": 34525,
"not": true,
"or": false,
"type": "MATCH_ETHERTYPE"
},
{
"etherType": 2054,
"not": true,
"or": false,
"type": "MATCH_ETHERTYPE"
},
{
"type": "ACTION_DROP"
},
{
"mask": "1000000000000000",
"not": true,
"or": false,
"type": "MATCH_CHARACTERISTICS"
},
{
"type": "ACTION_DROP"
},
{
"not": false,
"or": false,
"type": "MATCH_DEST_ZEROTIER_ADDRESS",
"zt": "fa7dd9101e"
},
{
"type": "ACTION_ACCEPT"
},
{
"not": false,
"or": false,
"type": "MATCH_SOURCE_ZEROTIER_ADDRESS",
"zt": "fa7dd9101e"
},
{
"type": "ACTION_ACCEPT"
},
{
"not": false,
"or": false,
"type": "MATCH_DEST_ZEROTIER_ADDRESS",
"zt": "73a15e1460"
},
{
"type": "ACTION_ACCEPT"
},
{
"not": false,
"or": false,
"type": "MATCH_SOURCE_ZEROTIER_ADDRESS",
"zt": "73a15e1460"
},
{
"type": "ACTION_ACCEPT"
},
{
"not": false,
"or": false,
"type": "MATCH_DEST_ZEROTIER_ADDRESS",
"zt": "04a9a0206a"
},
{
"type": "ACTION_ACCEPT"
},
{
"not": false,
"or": false,
"type": "MATCH_SOURCE_ZEROTIER_ADDRESS",
"zt": "04a9a0206a"
},
{
"type": "ACTION_ACCEPT"
},
{
"etherType": 2054,
"not": false,
"or": false,
"type": "MATCH_ETHERTYPE"
},
{
"type": "ACTION_ACCEPT"
},
{
"type": "ACTION_DROP"
}
],
"rulesSource": "",
"ssoEnabled": false,
"tags": [],
"v4AssignMode": {
"zt": true
},
"v6AssignMode": {
"6plane": false,
"rfc4193": false,
"zt": false
}
}But on ZeroUI only read this
{
"rules": [
{
"type": "MATCH_ETHERTYPE",
"not": true,
"or": false,
"etherType": 2048
},
{
"type": "MATCH_ETHERTYPE",
"not": true,
"or": false,
"etherType": 2054
},
{
"type": "MATCH_ETHERTYPE",
"not": true,
"or": false,
"etherType": 34525
},
{
"type": "ACTION_DROP"
},
{
"type": "ACTION_ACCEPT"
}
],
"capabilities": [],
"tags": []
}Before update zero-ui
cat db.json
{
"users": [
{
"username": "---",
"password_hash": "---",
"token": "---"
}
],
"networks": [
{
"id": "redacted",
"additionalConfig": {
"description": "",
"rulesSource": "\n# This is a default rule set that allows IPv4 and IPv6 traffic but otherwise\n# behaves like a standard Ethernet switch.\n\n#\n# Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames.\n#\ndrop\n not ethertype ipv4\n and not ethertype arp\n and not ethertype ipv6\n;\n\n#\n# Uncomment to drop non-ZeroTier issued and managed IP addresses.\n#\n# This prevents IP spoofing but also blocks manual IP management at the OS level and\n# bridging unless special rules to exempt certain hosts or traffic are added before\n# this rule.\n#\ndrop\n not chr ipauth\n;\n\naccept ztdest fa7dd9101e;\naccept ztsrc fa7dd9101e;\naccept ethertype arp;\n\n\n# Accept anything else. This is required since default is 'drop'.\ndrop;\n",
"tagsByName": {},
"capabilitiesByName": {}
},
"members": [
{
"id": "1",
"additionalConfig": {
"name": ---,
"description": ""
},
"deleted": false,
"lastOnline": 24
},
{
"id": "2",
"additionalConfig": {
"name": ---,
"description": ""
},
"lastOnline": 67
},
...
]
}
]After update zero-ui
zero-ui_data/db.json
{
"users": [
{
"username": "---",
"password_hash": "---",
"token": "---"
}
],
"networks": [
{
"id": "redacted",
"additionalConfig": {
"description": "",
"rulesSource": "\n# This is a default rule set that allows IPv4 and IPv6 traffic but otherwise\n# behaves like a standard Ethernet switch.\n\n#\n# Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames.\n#\ndrop\n not ethertype ipv4\n and not ethertype arp\n and not ethertype ipv6\n;\n\n#\n# Uncomment to drop non-ZeroTier issued and managed IP addresses.\n#\n# This prevents IP spoofing but also blocks manual IP management at the OS level and\n# bridging unless special rules to exempt certain hosts or traffic are added before\n# this rule.\n#\n#drop\n# not chr ipauth\n#;\n\n# Accept anything else. This is required since default is 'drop'.\naccept;\n",
"tagsByName": {},
"capabilitiesByName": {}
},
"members": []
}
]
artur-borys
commented
1 year ago How are the things? Is zero-ui now compatible enough with the controller to update?
Bug Report
ZeroUI version:
zero-ui:1.5.1
Current behavior:
with the new version of zerotier 1.12.0 I'm unable to:
Steps to reproduce:
install the new version of zerotier, login in zeroUI and look at the list of memebers of any network it will display something like: