Closed StefanoBalocco closed 3 years ago
You may need portMappingEnabled
and allowSecondaryPort
set to false -if you don't want two other random ports.
I suppose that the formatting doesn't help.
I reformatted the issue.
If you look at the quoted part you can notice that in the first example there is a listening 162.168.1.1:65510 while on the second one is missing.
With just primaryPort
set there isn't any socket listening on random ports while with primaryPort and bind the primary port is used only for 127.0.0.1 and ::1 (but not for the bind
ip).
I forgot to add that I already tried to set portMappingEnabled
to false and allowSecondaryPort
to false.
# zerotier-cli -j info { ... "settings": { "allowSecondaryPort": false, "allowTcpFallbackRelay": true, "bind": [ "192.168.1.1" ], "controllerDbPath": null, "portMappingEnabled": false, "primaryPort": 65510, "rabbitmq": null, "softwareUpdate": "disable", "softwareUpdateChannel": "release" }
I confirm the issue In fact, it appears that the bind setting does not work at all
ps -ef | grep zero
373 root 0:10 /storage/.kodi/addons/service.zerotier-one/bin/zerotier-one
more local.conf
{
"physical": {
},
"virtual": {
},
"settings": {
"bind": [ "192.168.0.123" ]
}
}
zerotier-cli -j info
{
"address": "..",
"clock": ..,
"config": {
"physical": {},
"settings": {
"allowTcpFallbackRelay": true,
"bind": [
"192.168.0.123"
],
"controllerDbPath": null,
"portMappingEnabled": true,
"primaryPort": 9993,
"rabbitmq": null,
"softwareUpdate": "disable",
"softwareUpdateChannel": "release"
},
"virtual": {}
},
"online": true,
"planetWorldId": ..,
"planetWorldTimestamp": ..,
"publicIdentity": "..",
"tcpFallbackActive": false,
"version": "1.4.6",
"versionBuild": 0,
"versionMajor": 1,
"versionMinor": 4,
"versionRev": 6
}
netstat -aptu | grep zero
tcp 0 0 192.168.0.123:42331 0.0.0.0:* LISTEN 373/zerotier-one
tcp 0 0 localhost:9993 0.0.0.0:* LISTEN 373/zerotier-one
tcp 0 0 localhost:9993 :::* LISTEN 373/zerotier-one
udp 0 0 192.168.0.123:45800 0.0.0.0:* 373/zerotier-one
My idea is that the bind option works, but only on the secondary/tertiary ports, ignoring each option to filter out those ports. Well, is a borderline meaning of "works".
According to the current code, ports are bound to all addresses except the addresses of the bind setting I have submitted pull request #1257 to add ports to the addresses of the bind setting With #1257 ports are bound to the addresses of the bind setting, without it they are not.
According to the current code, ports are bound to all addresses except the addresses of the bind setting I have submitted pull request #1257 to add ports to the addresses of the bind setting With #1257 ports are bound to the addresses of the bind setting, without it they are not.
Great, your patch also allow to respect allowSecondaryPort: false and portMappingEnabled: false?
Great, your patch also allow to respect allowSecondaryPort: false and portMappingEnabled: false?
Yes
OPNsense (freebsd) zerotier client 1.6.2
enable "bind" options -> bind to selected ip:RANDOM_PORT.
Error see more 6 month. In my network config, need add reflection rules. Disappointed dev reaction.
On Win10 running ZT 1.6.5 we see this problem still. We have this local.conf:
{"settings":{"primaryPort":9993,"allowSecondaryPort":false,"portMappingEnabled":false,"allowTcpFallbackRelay":false}}
c:\ProgramData\ZeroTier\One>netstat -an | find "9993" TCP 10.5.33.14:9993 0.0.0.0:0 LISTENING TCP 127.0.0.1:9993 0.0.0.0:0 LISTENING TCP 192.168.1.105:9993 0.0.0.0:0 LISTENING TCP [::1]:9993 [::]:0 LISTENING TCP [::1]:9993 [::1]:59406 TIME_WAIT TCP [fd70:616e:6761:6561:580a:5049:55cf:4eba]:9993 [::]:0 LISTENING UDP 10.5.33.14:9993 : UDP 192.168.1.105:9993 : UDP [fd70:616e:6761:6561:580a:5049:55cf:4eba]:9993 :
We update our local.conf
{"settings":{"primaryPort":9993,"allowSecondaryPort":false,"portMappingEnabled":false,"allowTcpFallbackRelay":false, "bind": ["192.168.1.105"]}}
We restart the ZeroTier One service. Now it is not listening on UDP at all:
c:\ProgramData\ZeroTier\One>netstat -an | find "9993" TCP 127.0.0.1:9993 0.0.0.0:0 LISTENING TCP [::1]:9993 [::]:0 LISTENING
c:\ProgramData\ZeroTier\One>zerotier-cli -j info { "address": "2c42e9a194", "clock": 1624907402632, "config": { "physical": null, "settings": { "allowSecondaryPort": false, "allowTcpFallbackRelay": false, "bind": [ "192.168.1.105" ], "controllerDbPath": null, "portMappingEnabled": false, "primaryPort": 9993, "softwareUpdate": "disable", "softwareUpdateChannel": "release" } }, "online": true, "planetWorldId": 8097874995283583487, "planetWorldTimestamp": 1624660534026, "publicIdentity": "2c42e9a194:0:55182a26e0c759b756a1bd754e62bbe08ee4c7eb054cc0dd7ba2e7dc938d516ece152ab18ab7f2abade9a6537b90883102a8bcbf9c7a18725d5bd8dff95662a0", "tcpFallbackActive": false, "version": "1.6.5", "versionBuild": 0, "versionMajor": 1, "versionMinor": 6, "versionRev": 5 }
If anyone has a chance, try the dev
branch.
Thanks, @thoradia!
The dev does seem to work! c:\ProgramData\ZeroTier\One>zerotier-cli -j info { "address": "2c42e9a194", "clock": 1625008566188, "config": { "physical": null, "settings": { "allowSecondaryPort": false, "allowTcpFallbackRelay": false, "bind": [ "192.168.1.105" ], "controllerDbPath": null, "portMappingEnabled": false, "primaryPort": 9993, "softwareUpdate": "disable", "softwareUpdateChannel": "release", "ssoRedirectURL": null } },
c:\ProgramData\ZeroTier\One>netstat -an | find "9993" TCP 127.0.0.1:9993 0.0.0.0:0 LISTENING TCP 192.168.1.105:9993 0.0.0.0:0 LISTENING TCP [::1]:9993 [::smirk::0 LISTENING UDP 192.168.1.105:9993 :
I'm trying to setup a zerotier-one vpn (1.4.6) using both "bind" and "primaryPort" in my local.conf. When add
"primaryPort": 65510
I got this result:TCP 127.0.0.1:65510 (LISTEN)
TCP [::1]:65510 (LISTEN)
UDP 192.168.1.1:65510
TCP 192.168.1.1:65510 (LISTEN)
UDP 192.168.8.1:65510
...other on 65510...When I add (after or before primaryPort):
"bind": [ "192.168.1.1" ]
it seems to forget about the primary port configuration option and I got this result:TCP 127.0.0.1:65510 (LISTEN)
TCP [::1]:65510 (LISTEN)
UDP 192.168.1.1:33319
TCP 192.168.1.1:36465 (LISTEN)
...nothing else on TCP or UDP...Linux, debian buster