You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have seen a couple of posts regarding ZeroTier not working on RaspAP. I had this issue as well and did some research. The issues causing the ZeroTier service to fail are the NAT rules that are configured during setup. With the current configuration, MASQUERADE is being applied to all interfaces. ZeroTier requires a connection on localhost (127.0.0.1) TCP port 9993 to startup properly. With the current NAT configuration, all traffic, regardless of which interface it comes out of, is being masqueraded. I have fixed this issue by only masquerading the traffic on the AP interface (10.3.141.0/24). I tried to keep the current masquerade all configuration and only exempt the localhost interface, but I could not get ZeroTier to work with that configuration. If the MASQUERADE any/any rule is set (in bold below), regardless of the order of the rules in iptables, the ZeroTier service will not start properly. I assume that this any/any rule is set so that all traffic will be masqueraded, regardless of the IP range that users set for their AP interface in the Web UI. If there is a way to keep that command and exempt the localhost interface, that may be a better long-term solution.
I do not know how to do pull requests in github, but below is what I changed on my RaspAP installation. ZeroTier is now working with no issues, and traffic is being routed properly from the AP (wlan0) when either the WiFi (wlan1) or Ethernet (eth0) interfaces are used as sources.
Current NAT commands in RaspAP Setup:
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4
My working NAT commands (change IP range to match your AP range if it isn't the default)
This discussion was converted from issue #1270 on December 23, 2022 15:29.
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I have seen a couple of posts regarding ZeroTier not working on RaspAP. I had this issue as well and did some research. The issues causing the ZeroTier service to fail are the NAT rules that are configured during setup. With the current configuration, MASQUERADE is being applied to all interfaces. ZeroTier requires a connection on localhost (127.0.0.1) TCP port 9993 to startup properly. With the current NAT configuration, all traffic, regardless of which interface it comes out of, is being masqueraded. I have fixed this issue by only masquerading the traffic on the AP interface (10.3.141.0/24). I tried to keep the current masquerade all configuration and only exempt the localhost interface, but I could not get ZeroTier to work with that configuration. If the MASQUERADE any/any rule is set (in bold below), regardless of the order of the rules in iptables, the ZeroTier service will not start properly. I assume that this any/any rule is set so that all traffic will be masqueraded, regardless of the IP range that users set for their AP interface in the Web UI. If there is a way to keep that command and exempt the localhost interface, that may be a better long-term solution.
I do not know how to do pull requests in github, but below is what I changed on my RaspAP installation. ZeroTier is now working with no issues, and traffic is being routed properly from the AP (wlan0) when either the WiFi (wlan1) or Ethernet (eth0) interfaces are used as sources.
Current NAT commands in RaspAP Setup:
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4
My working NAT commands (change IP range to match your AP range if it isn't the default)
sudo iptables -F; sudo iptables -t nat -F; sudo iptables -t mangle -F
sudo iptables -t nat -A POSTROUTING -s 10.3.141.0/24 ! -d 10.3.141.0/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4
Beta Was this translation helpful? Give feedback.
All reactions