GiveUp: Use as my.zerotier.com alternative (No peer to peer connection)

[mhtvsSFrpHdE]

My ISP block my.zerotier.com so the official server can't work at all. To avoid the ISP blocking I try run ztncui on my own VPS, seems everything to be fine. No error during setup and config.

Then I have two devices, one is cable connected ADSL, another one is 4G LTE. I fill the zerotier client setting "Zerotier Central Instance", "https://my.zerotier.com/" replace by my VPS ip address like "123.456.456.123".

After join network and authenticated, DHCP IPv4 assign successful. The issue is now the two devices can't ping each other (Even firewall turned off and IMCP response on), TCP ping can work but extremely high lantency (560ms) and high package loss.

If I connect both devices in same LAN, they can ping each other use ztncui assigned address, and 1ms, TCP ping work, too. Once one of the device leave LAN, 560ms.

This seems peer to peer not work at all and network like a traditional VPN. Two peer connection forward by center server caused high lantency.

Is there e I misunderstand or doing false? How should I troubleshoot my setup?

[key-networks]

This issue is with ZeroTier itself, not ztncui which is just a web user interface for the ZeroTier network controller.

Maybe you could look at setting up your own moon(s) to resolve this issue you are having. At worst, it will route via your own moon and hence reduce your latency.

[mhtvsSFrpHdE]

Thank you for the advice! Then before I go to Zerotier repository for issue, can you help me to confirm my settings with ztncui is correct or not?

I have unsolved doubts...

In a step, I generated a cert for ztncui to use, and for sure, the official default "Zerotier Central Instance" is https://my.zerotier.com

Since https, the port to use should be 443, but ztncui not provide information about what port to use or how to apply self-signed cert to clients. The ztncui web interface listened on 127.0.0.1:3443, and doesn't response or listen on public networks.

I assume the excepted address should be "http://123.456.456.123" simulator than official address? But port 80 is not listened.

Or "https://123.456.456.123" if configure https in .env file, yet, 443 is not listened instead of 3443. And it will have cert problem on another hand.

"http://123.456.456.124:3000" or similar to this one? Fill the address with a port number? I'm very confused because I can only find how to install & run & configure ztncui, but no a guide to point out how to make it become the official my.zerotier.com replacement.

[Fastidious]

@mhtvsSFrpHdE I am having a hard time comprehending what you wrote. I have ztncui installed, this is my .env:

HTTP_ALL_INTERFACES=yes
HTTP_PORT=3030

And this is my web server (caddy) proxy lines for it (name of the server is fake, but you get the idea):

my.ownzerotier.net {
        log /var/log/caddy/my.ownzerotier.net.log {
                rotate_size 1
                rotate_age  7
                rotate_keep 1
        }
    header / {
                Strict-Transport-Security "max-age=31536000"
                X-XSS-Protection "1; mode=block"
                X-Content-Type-Options "nosniff"
                X-Frame-Options "DENY"
                -Server
        }
        tls {
                key_type rsa4096
                protocols tls1.2
                must_staple
        }
        proxy / http://127.0.0.1:3030 {
                transparent
        }
}

Works like a charm.

[mhtvsSFrpHdE]

@Fastidious This image is what I want to know how to config in Zerotier client... Windows ver.

[Fastidious]

@mhtvsSFrpHdE yeah, nothing to do with ztncui. I have no idea.

[key-networks]

I have not had much to do with the Windows Zerotier client, but that looks like info to connect to the API at ZeroTier Central - ztncui has no facility for this.

[mhtvsSFrpHdE]

@key-networks So is my misunderstand...ztncui & ZeroTier Controller is just hosting the network information for unlimited user numbers, the other infrastructure to run entire program properly still rely on official servers(hole punching peer to peer, etc)?

[key-networks]

Basically, yes. You still need the infrastructure provided by Zerotier (root servers) to establish peer to peer connections. ztncui is just a web UI for making it easy to configure your own network controller.