ZeroTier Client Changing Source IP's

[ropeguru]

So I am trying to get ZeroTier up and running on the latest OPNsense version.

Following the docs, I have it installed, authorized in the ZeroTier network with an IP, and configured in OPNsense. I have also configured an interface and set IPv4 to static with the same IP I assigned in the ZeroTier console.

Looking at the ZeroTier overview, I can see it is connected to the network and has established connectivity to other peers.

Where I am having an issue is that after a few minutes of being up, looking at another peer's info, I see the source IP of the OPNsense is its public IP as would be expected. A minute or less later, the source IP changes from the public IP of the OPNsense box to an internal LAN IP I have defined on the OPNsense device. Once that happens, there is a flood of UDP between the two sites and my remote site goes down.

Why would ZeroTier on the OPNsense box switch from using the public IP/interface and start using the internal LAN interface through NAT to make the connection?

[ropeguru]

One thing I did notice in the docs for ZeroTier is that in the interface config, it says to set the Gateway to none. That is not an option on my deployment. The only option was "Auto-detect".

[ropeguru]

So digging further, I found out why I think it is flip flopping on the source IP.

Seems that ZeroTier is binding to the WAN and LAN interface.

tcp4       0      0 23.152.226.7.9993                             *.*                                           LISTEN     
tcp4       0      0 10.10.2.1.9993                                *.*                                           LISTEN