Messages

Afraid to say my experience with Zerotier on Opnsense has been nothing short of baffling. It's maddeningly inconsistent with whether it will come online or not, requires multiple reboots for the service to stay online, peers go to RELAY for no apparent reason, etc.
I don't think this is actually an Opnsense issue, I suspect that BSD is a second-class citizen when it comes to Opnsense development.

Have been experimenting with using a ZT tunnel as a default route for internet traffic.
It works OK once enabled with

Code Select Expand

zerotier-cli set <networkId> allowDefault=1

but then after a reboot, it's broken - Zerotier cannot establish a connection at all and no traffic is passed. Flip it back with allowDefault=0 , reboot and internet access is restored [albeit no longer over the ZT tunnel].
It is as if Zerotier is trying to use its own default route to establish connectivity for its own traffic, which seems like a silly defect.

We have had some success with this deployment scenario using Teltonika RutOS devices, but they simply don't have the horsepower to handle the throughput we need, hence looking at doing this on Opnsense [and I must say I am pretty damn impressed with Opnsense so far, other than this specific issue].