Followup after installation with 19.07.1

[PieBru]

Hi all, I just successfully installed ZeroTier on my Gl.Inet AR150 box with OpenWrt 19.07.1, here is my contribute on how to improve the installation doc, which indeed was very useful to me.

1. The zerotier.openwrt_network.secret is the content of /var/lib/zerotier-one/authtoken.secret. is not true in my 19.07.1, as zerotier.openwrt_network.secret is a long hex like 666991a7d9:0:3f73787c206a565daa8da3c76###################################################################################################################################################################caa8870d187541fe5222af2d95b62551eab3c87acd600b9814394951fe14b4c5b2 and /var/lib/zerotier-one/authtoken.secret contains something like hrgl9bf##########xjzilmf

2. Some GUI forms show slightly different labels from those in the doc, i.e. Network -> Firewall -> Traffic Rules does not have Destination port instead of External port. A screenshot may help a lot.

3. in the Test chapter, I would recommend to verify connectivity using OpenWrt Network -> Diagnostics (ping and traceroute), eventually adding some screenshot to clear out any doubt.

4. The router ZeroTier network interface didn't acquire any IPv4 address until I defined it Static instead of Unmanaged, and I assigned to it the same IP address I assigned to this device on the ZeroTier admin panel.

Thank you for this vert useful project! Piero

[mwarning]

Thanks for the valuable feedback! I can give you access to the wiki if you like to add it yourself. Would that be ok?

[ogarcia]

Is good idea add this info but with a BIG WARNING that says that only apply to GL.inet devices that have a non standard OpenWRT. For example, the point 4 does not apply to standard OpenWRT. I have confired as Unmanaged in several devices (Linksys, TP-Link, etc...)

[mwarning]

@ogarcia isn't this only specific to OpenWrt 19.07.x maybe?

[ogarcia]

@mwarning I think that is specific to GL.inet devices, because with 18.06.x and 19.07.x it works perfect with Unmanaged. And the External port instead Destination port, I don't see it never in standard OpenWRT.

About point 1: FIXED. Must have been a copy/paste error, the correct file is /var/lib/zerotier-one/identity.secret not authtoken.secret

[mwarning]

Alright.

[PieBru]

Sorry for posting after you closed.

@ogarcia I think my Openwrt is quite "standard", it's the official OpenWrt firmware for GL-AR150.

Here is the 19.07.1 Firewall - Traffic Rules - Allow-ZeroTier-Inbound ZT form of the above firmware, as you can see there isn't an External port:

And this is the resulting top-view excerpt:

This is the Firewall - Zone Settings (I enabled also WAN as I have other OpenWrt and Arch boxes that should be routed behind this GL-AR150):

I would like to narrow down my Unmanaged issue, as it can happen also to other ZT users. I.e., on the ZT management console I manually assigned this client IP address just after I got it "online" but before I defined the OW network interface.

I will dig more and update here my findings.

[PieBru]

Got it! I was fooled by the Unmanaged interface display on the OpenWrt 19.07.1 WEB UI.

OpenWrt Unmanaged network interfaces does not show their IP address, even if it's acquired as shown by ip a | grep 'inet '

root@OpenWrt:~# ip a | grep 'inet '
    ...
    inet 192.168.193.3/24 brd 192.168.193.255 scope global zt44xmcuqv
    ...

To avoid similar traps, IMO the wiki should report that the ZeroTier interface IP may show on the OpenWrt WEB UI, and recommend to check it only using the CLI.

Thanks, Piero

[ogarcia]

Ok. I see the problem, the Network -> Firewall -> Traffic Rules changes from OpenWrt 18.06 to OpenWrt 19.07. In 18.06 you have a section Open ports on router with External port but this page has radically different in 19.07. I add a new entry in the wiki with this info and a BIG warning that says that the Unmanaged network interface does not show its own IP address :wink: