ZeroTier sessions from all interfaces?

Started by DocGonzo74, July 06, 2024, 04:09:49 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 06, 2024, 04:09:49 PM
I have ZeroTier configured with my OpnSense firewall as an endpoint. The VPN works great as a default gateway and a remote access solution. 

The problem I'm having is that all of my interfaces are trying to establish connections to the ZeroTier network.  All of the sessions are being caught and denied by the auto-created default deny rule.  My IPS is seeing these sessions as well.

Has anyone else seen this activity? If so, are you blocking it or just chalking it up to the ZeroTier plugin being a bit chatty and trying to talk out of every port?

2024-07-06T10:05:53.509258-0400   2039784   allowed   1_LAN   192.168.1.253   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp)   
2024-07-06T10:05:53.509241-0400   2039784   allowed   1_LAN   192.168.1.254   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp)   
2024-07-06T10:05:53.509228-0400   2039784   allowed   1_LAN   10.254.254.253   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp)   
2024-07-06T10:05:53.509215-0400   2039784   allowed   1_LAN   172.16.200.253   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp)   
2024-07-06T10:05:53.509195-0400   2039784   allowed   1_LAN   172.16.100.253   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp)   
2024-07-06T10:05:53.509177-0400   2039784   allowed   1_LAN   172.16.1.253   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp)   
2024-07-06T10:05:53.509154-0400   2039784   allowed   1_LAN   172.16.200.1   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp)   
2024-07-06T10:05:53.509135-0400   2039784   allowed   1_LAN   172.16.100.1   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp)   
2024-07-06T10:05:53.509112-0400   2039784   allowed   1_LAN   172.16.1.1   9993   103.195.103.66   9993   ET INFO ZeroTier Related Activity (udp
July 12, 2024, 10:21:13 PM #1
I think Zerotier does this for multipath, if there are multiple ways out, it uses them. You can add options to ignore certain networks for transport.

try adding this to your zerotier config:

{
   "settings": {
      "interfacePrefixBlacklist": ["interface1", "interface2"]
   }
}


https://docs.zerotier.com/config/#local-configuration-options
July 13, 2024, 02:46:22 AM #2
If you have ZT nodes in vlans that will connect directly to the network then you need to allow that traffic source IP/alias  to  Destination ANY DPort 9993
Print
Go Up Pages1
User actions