get ztncui to listen for HTTPS requests on an external network interface

[MANKUD]

I am not able to access ztncui outside the machine via the browser other than the machine it's configured on I tried everything but nothing worked if anybody could help me it would be great.

[jimthedj65]

You can use a tunnel and port forward your local session works great for me everytime and is super secure. The documentation has an example.

[MANKUD]

I am already able to access the server and the interface via anydesk but I wanted to access it via browser without depending on anydesk.

[lideming]

According to the documentation, it listens on all interfaces if only HTTPS_PORT is specified.

[MANKUD]

I tried everything @lideming but none work neither HTTP nor HTTPS :(

[lideming]

I just tried it and it works, @MANKUD did you check firewall or something?

Also try running netstat -nlt in the shell to see which address is listening by the ztncui.

[MANKUD]

Here is a screenshot.

[MANKUD]

@lideming I am running it on a VM using these network settings I have no issues connecting to the server via zero tier app everything works fine.

[MANKUD]

@lideming Port 3443 is shown closed when I do a port check online but all ports are open as its DMZ no ports are blocked

[lideming]

:::3443 means listening on all IPv6 addresses as well as IPv4 addresses. It already listens on any interfaces.

I see that you run it on a VM, with network configured as NAT. Did you also configured DMZ or port forwarding for the VM network? (Assuming you have DMZ on the LAN router).

[MANKUD]

Thanks for your reply really appreciate it.. Since its using the same network as the host machine and host machine network is already on dmz there is no need for me to do any port forwarding I believe and I can confirm that all ports are open as I can connect to the ztnui. I am able to join the network and able to communicate across all devices connected to the node.

[lideming]

Since its using the same network as the host machine

No, you are not. NAT basically means that the host machine becomes the "router" for the VM, so the VM, behind host's IP, can connect to the outside with the help of NAT. But when other device connect to the host's IP, it connect to the host itself. The host won't pass the connection to the VM unless you have configured port forwarding. ZeroTier can work behind NAT because it does support "NAT traversal".

[lideming]

I think you should try the "Bridged" option, which should make the VM get its own IP in your LAN.

[MANKUD]

Hi sorry I am confused so you are saying that I need to do port forwarding to the vm machine in the vm control panel.. Yes zero tier does work without open ports that's why we are using zero tier to connect two devices behind a firewall without opening ports. But the zero tier network controller does require ports open as it is the mediator for connections. Since I am able to establish connections between the devices via the zero tier network controller. it confirms that ports are open on the zero tier network controller server right.?

[MANKUD]

But when other device connect to the host's IP, it connect to the host itself. The host won't pass the connection to the VM unless you have configured port forwarding.

I think I get it now I will have to do port forwarding on the vm control panel for it to forwarding incoming connection to the vm.

[lideming]

ZeroTier controllers does not require open ports. Moons did. When other devices can not connect to the controller directly, they can do NAT traversal with the help of ZT root servers, or just relay over ZT root servers.

[MANKUD]

I think you should try the "Bridged" option, which should make the VM get its own IP in your LAN.

I think that would not be possible as the vm is running on a dedicated server which is in a different country so there would be no question of local network there as the dedicated server is directly configured with the public ip in the network adapter and the dedicated servers local and public ip are both the same.

[MANKUD]

ZeroTier controllers does not require open ports. Moons did. When other devices can not connect to the controller directly, they can do NAT traversal with the help of ZT root servers, or just relay over ZT root servers.

Omg I did not know this learnt a lot from you today thanks a lot you made my day :-)

[lideming]

I think that would not be possible as the vm is running on a dedicated server which is in a different country so there would be no question of local network there as the dedicated server is directly configured with the public ip in the network adapter and the dedicated servers local and public ip are both the same.

Okay I see, I was presuming you run the server in your house etc.

You are welcomed :p

[MANKUD]

Great I will try port forwarding and get back to you hopefully my issue will be solved.

[MANKUD]

any chance you have a zero tier setup for windows without the zero tier branding something neutral.

[MANKUD]

Could you tell me what ports need to be open on the zero tier network controller network for direct connection to the network controller?

[lideming]

any chance you have a zero tier setup for windows without the zero tier branding something neutral.

Nope, I use the official installer. I think you can try using files under C:\ProgramData\ZeroTier\One, they are just the service, configurations and data, without the GUI.

Could you tell me what ports need to be open on the zero tier network controller network for direct connection to the network controller?

9993, since they use the same port for all kinds of traffic.

I am going to sleep now, see you.

[MANKUD]

ZeroTier controllers does not require open ports. Moons did. When other devices can not connect to the controller directly, they can do NAT traversal with the help of ZT root servers, or just relay over ZT root servers.

Another doubt so my zero tier network controller should work fine even if I don't have a static public IP? It will work with a dynamic public IP configure on the controller?

[MANKUD]

any chance you have a zero tier setup for windows without the zero tier branding something neutral.

Nope, I use the official installer. I think you can try using files under C:\ProgramData\ZeroTier\One, they are just the service, configurations and data, without the GUI.

Could you tell me what ports need to be open on the zero tier network controller network for direct connection to the network controller?

9993, since they use the same port for all kinds of traffic.

I am going to sleep now, see you.

Thanks.

[MANKUD]

Since its using the same network as the host machine

No, you are not. NAT basically means that the host machine becomes the "router" for the VM, so the VM, behind host's IP, can connect to the outside with the help of NAT. But when other device connect to the host's IP, it connect to the host itself. The host won't pass the connection to the VM unless you have configured port forwarding. ZeroTier can work behind NAT because it does support "NAT traversal".

Opened ports and works fine able to connect via browser from anywhere now :)

[lideming]

Another doubt so my zero tier network controller should work fine even if I don't have a static public IP? It will work with a dynamic public IP configure on the controller?

I have never tried it but it should work. AFAIK, the ZT use the same way to connect to the controller peers and other peers: 1) Ask the ZT roots for the physical address of the peer ID, 2) Try to connect directly, 3) Try to do NAT traversal, 4) Try relaying.

Addresses of ZT roots are hard-coded in the ZT. And moons are kind of additional roots that users can configure.