I'm trying to setup a zerotier-one vpn (1.4.6) using both "bind" and "primaryPort" in my local.conf.
When add
"primaryPort": 65510
I got this result:
TCP 127.0.0.1:65510 (LISTEN)
TCP [::1]:65510 (LISTEN)
UDP 192.168.1.1:65510
TCP 192.168.1.1:65510 (LISTEN)
UDP 192.168.8.1:65510
...other on 65510...
When I add (after or before primaryPort):
"bind": [ "192.168.1.1" ]
it seems to forget about the primary port configuration option and I got this result:
TCP 127.0.0.1:65510 (LISTEN)
TCP [::1]:65510 (LISTEN)
UDP 192.168.1.1:33319
TCP 192.168.1.1:36465 (LISTEN)
...nothing else on TCP or UDP...
Linux, debian buster
You may need portMappingEnabled and allowSecondaryPort set to false -if you don't want two other random ports.
I suppose that the formatting doesn't help.
I reformatted the issue.
If you look at the quoted part you can notice that in the first example there is a listening 162.168.1.1:65510 while on the second one is missing.
With just primaryPort set there isn't any socket listening on random ports while with primaryPort and bind the primary port is used only for 127.0.0.1 and ::1 (but not for the bind ip).
I forgot to add that I already tried to set portMappingEnabled to false and allowSecondaryPort to false.
# zerotier-cli -j info
{
...
"settings": {
"allowSecondaryPort": false,
"allowTcpFallbackRelay": true,
"bind": [
"192.168.1.1"
],
"controllerDbPath": null,
"portMappingEnabled": false,
"primaryPort": 65510,
"rabbitmq": null,
"softwareUpdate": "disable",
"softwareUpdateChannel": "release"
}
I confirm the issue
In fact, it appears that the bind setting does not work at all
ps -ef | grep zero
373 root 0:10 /storage/.kodi/addons/service.zerotier-one/bin/zerotier-one
more local.conf
{
"physical": {
},
"virtual": {
},
"settings": {
"bind": [ "192.168.0.123" ]
}
}
zerotier-cli -j info
{
"address": "..",
"clock": ..,
"config": {
"physical": {},
"settings": {
"allowTcpFallbackRelay": true,
"bind": [
"192.168.0.123"
],
"controllerDbPath": null,
"portMappingEnabled": true,
"primaryPort": 9993,
"rabbitmq": null,
"softwareUpdate": "disable",
"softwareUpdateChannel": "release"
},
"virtual": {}
},
"online": true,
"planetWorldId": ..,
"planetWorldTimestamp": ..,
"publicIdentity": "..",
"tcpFallbackActive": false,
"version": "1.4.6",
"versionBuild": 0,
"versionMajor": 1,
"versionMinor": 4,
"versionRev": 6
}
netstat -aptu | grep zero
tcp 0 0 192.168.0.123:42331 0.0.0.0:* LISTEN 373/zerotier-one
tcp 0 0 localhost:9993 0.0.0.0:* LISTEN 373/zerotier-one
tcp 0 0 localhost:9993 :::* LISTEN 373/zerotier-one
udp 0 0 192.168.0.123:45800 0.0.0.0:* 373/zerotier-one
My idea is that the bind option works, but only on the secondary/tertiary ports, ignoring each option to filter out those ports.
Well, is a borderline meaning of "works".
According to the current code, ports are bound to all addresses except the addresses of the bind setting
I have submitted pull request #1257 to add ports to the addresses of the bind setting
With #1257 ports are bound to the addresses of the bind setting, without it they are not.
According to the current code, ports are bound to all addresses except the addresses of the bind setting
I have submitted pull request #1257 to add ports to the addresses of the bind setting
With #1257 ports are bound to the addresses of the bind setting, without it they are not.
Great, your patch also allow to respect allowSecondaryPort: false and portMappingEnabled: false?
Great, your patch also allow to respect allowSecondaryPort: false and portMappingEnabled: false?
Yes
OPNsense (freebsd)
zerotier client 1.6.2
enable "bind" options -> bind to selected ip:RANDOM_PORT.
Error see more 6 month. In my network config, need add reflection rules. Disappointed dev reaction.