QNAP TS-431 Package installed, network joined, but can't ping or access the device

[danmarce]

I have tried the following:

• [ ] Disabling QuickConnect
• [X] Disabling OpenVPN
• [ ] Restoring web port to default (5000/5001)
• [X] Restarting NAS
• [X] Reinstall ZT
• [X] Checked for presence of dev/net/tun
• [X] Verified that ZT is or is not running with ps aux | grep zerotier
• [ ] confirmed that config files exist in /var/packages/zerotier/target/var
• [X] Issued zerotier-cli commands as root

I am aware of the following

• [ ] The GUI is deprecated and may not work on my particular NAS
• [X] The CLI is the recommended interface for controlling ZT

Other important information

• Model: QNAP TS-431
• Current DSM version: Well, is QNAP so is a different OS, 4.3.6.2441, latest for the device
• DSM version when issue was first observed:

So, this is an interesting one. I downloaded the 1.10.1 ZT package, and installed it on the device. It installes without issues

I tested a few things (I will mask private information, I will leave the ZT dev name)

zerotier-cli status 200 info 38XXXXXX23 1.10.1 ONLINE

then

zerotier-cli listnetworks 200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips> 200 listnetworks afXXXXXXXXXXXXX6 dXXXXXXXXXXs 16:XX:XX:XX:XX:7d OK PRIVATE zt44xliatz 10.147.XXX.XXX/24

so, it seems online. I have other devices on this network and they can "see" each other.

zerotier-cli listpeers does return the list of peers.

But when I try to ping or access the QNAP NAS from another device on the network, it simply can´t, Ping just fails. This also happens from the QNAP to other devices.

I think it might be some access issue, I tried adding the iptables for this.

iptables -A INPUT -i zt44xliat -j ACCEPT iptables -A OUTPUT -o zt44xliat -j ACCEPT

Something might be missing or not working with this device.

DynDNS is disabled.

[joseph-henry]

Hmm, it looks like you've taken care of most of the low hanging fruit and it's good that it's joined and showing online.

But you shouldn't be setting firewall rules on the zt interface to fix connectivity issues, ultimately it matters what firewall rules are applied to the en0, eth0, or equivalent. Try to make sure you aren't blocking UDP/9993 on your main interface.

More things to consider:

• I see you didn't check "disable quickconnect", I'd like to note that will definitely prevent ZeroTier from working if it's enabled. At least it did years ago.
• Are the other computers on your network Windows? The windows firewall seems to block pings by default.
• When you do zerotier-cli peers (not listpeers this time), does it show lots of RELAY or are most DIRECT ?

[danmarce]

Quickconnect seems to be a Synology feature, I disabled the Qnap equivalent DDNS (will try latter diabling some other features). I tested Mac, Windows and Adroid devices. They can ping each other, can't ping or get pings from the NAS.

I found only a couple of similar cases on internet, one user reporting he was never able to find a solution. Interestingly, he was using the same NAS model.

Will report results of "peers", and figure out how to test the port properly later.

[iranee]

尝试用这个插件版，已经修复QNAP的防火墙规则可以正常连接。

https://github.com/iranee/qnap-zerotier

[danmarce]

Oh, well, I solved it using a different server to connect. Still I'll check that later.