ZeroTier and DHCP

dafyre

So in light of some of the other ZeroTier discussions I've had... I figured I would post here and tag @adam-ierymenko with a question...

I have a problem (I can make this an Issue on GitHub if you want)... My ZeroTier controller is located on a cloud hosted server. I figured I would try and use my own home's internal DHCP server (it is also my DC) at my house to assign IP addresses and DNS to all of my ZT Devices.

So I installed the ZT Client on my server and then set ZT's v4AssignMode to dhcp. I set a static IP address on the DHCP Server (192.168.251.1) and configured it to give out IP addresses in 192.168.251.100-150.

Any ZeroTier device that is also on the LOCAL Lan (local to the DHCP server, which also serves my home network)... will successfully register a DHCP address over the ZT Adapter.

Any device that is NOT on my local Lan, such as my phone (with the android client) with wireless off, or my day job computer (college in town) does NOT get a ZT IP address.

However, if I manually assign IP addresses to them, they work fine. Any ideas of things that I can troubleshoot? My setup looks like this:

ztController (192.168.251.2*--V
/----------- home network -> DHCP Server (192.168.10.11,192.168.251.1*)
internet------|
|----------- Office Computer (cannot get a dhcp lease)
------------Phone (wireless off, or at another location, cannot get a DHCP lease)

• IPs manually assigned to these devices.

I have manually set my v4AssignMode back to ZT so I can at least remain connected to my ZT Network and look devices up by IP address.

{
"nwid": "censored",
"controllerInstanceId": "not_making_it_that_easy",
"clock": 1445628845082,
"name": "WellstonTwo",
"private": true,
"enableBroadcast": true,
"allowPassiveBridging": true,
"v4AssignMode": "dhcp",
"v6AssignMode": "none",
"multicastLimit": 32,
"creationTime": 1440161932745,
"revision": 28,
"memberRevisionCounter": 27,
"authorizedMemberCount": 10,
"relays": [],
"gateways": [],
"ipLocalRoutes": ["192.168.251.0/24"],
"ipAssignmentPools": [
{"ipRangeStart":"192.168.251.1","ipRangeEnd":"192.168.251.254"}],
"rules": [
{
"ruleNo": 10,
"action": "accept"
}]
}

adam.ierymenko

Assign mode 'dhcp' is intended to mean 'enable DHCP on this interface and let the OS query DHCP and get an IP assignment.' But it's not actually implemented yet in the client, so it would do nothing and be equivalent to 'none'.

DHCP isn't the default method because DHCP is unsafe. If you joined a malicious network, DHCP could be used to push e.g. alternative DNS servers and other settings to your device. Some OSes support all kinds of potentially unsafe settings via DHCP. So it's something that we'd want to only enable with some consideration. Current idea is to require the user to explicitly okay DHCP on a per-network basis before it would ever be used even if 'dhcp' is the assign mode.

You can use DHCP now by setting assign mode to 'none' and invoking DHCP yourself and it will work.

dafyre

It seems like I tried that too. I will do it again and let you know.

dafyre

You make a good point from a security perspective... would people be going around joining random public networks?

What you say is highly plausible though, especially if ZT becomes popular!

dafyre

I just went and tried it with 'none' as my IP mode... I set a static IP address on my Windows DHCP server and activated a DHCP scope and it not work. I switched back to ZT for IP handling and everything went back to working agian.

I'll try it with a LInux DHCP server on the controller in a little bit and let you know how that goes.