ZeroTier Question
-
@Dashrender said in ZeroTier Question:
The actual network as in real physical network should not matter public or not... The ZT network does need to be trusted though, and even that should matter on the client side because you aren't sharing your just accessing.
Exactly this. The ZeroTier network should be reporting as domain.
-
My LAN is 172.16.x.x
ZeroTier is 192.168.191.x
When I ping the DC I get 198.105.244.130
-
Sounds like you have a DNS issue. You might not be able to use short NetBIOS type names.. you might have to move to FQDN instead.
For example, if you're at StarBucks and the DHCP server gives a suffix of starbucks.com out with the IP, and you ping server1, your system might be pinging server1.starbucks.com instead of server1.yourdomain.com
-
@Dashrender For this machine it does resolve to a FQDN just with the 198.105.244.130 address instead of the ZT IP of the DC
-
@WLS-ITGuy said in ZeroTier Question:
@Dashrender For this machine it does resolve to a FQDN just with the 198.105.244.130 address instead of the ZT IP of the DC
Are you sure your ZeroTier addresses are what you think they are?
-
@JaredBusch I hope so. I was looking at ZT Central when I typed it out
-
man, time to just double check... ipconfig in same session you ping server1. Where could that bizzaro IP could have come from? either ZT or DNS, or Hosts file.
-
@WLS-ITGuy said in ZeroTier Question:
@JaredBusch I hope so. I was looking at ZT Central when I typed it out
Are you sure that you set the auto assign correctly?
-
@Dashrender Hmm - I just ping'd from my laptop (Mac OS X) and got the same address that I got on the other laptop. Here is the screenshot from my ZT Center.
http://i.imgur.com/LfOdpLn.png
Here is the info from the machine
-
This post is deleted! -
Ok, just tested this a little more.
Laptop off the LAN.
Ping from laptop to DC by name = ping resolves over ZeroTier IP.C:\Users\xxxadmin.xxx>ping xxxdc01 Pinging xxxdc01 [10.202.3.11] with 32 bytes of data: Reply from 10.202.3.11: bytes=32 time=42ms TTL=128 Reply from 10.202.3.11: bytes=32 time=42ms TTL=128 Reply from 10.202.3.11: bytes=32 time=45ms TTL=128 Reply from 10.202.3.11: bytes=32 time=43ms TTL=128 Ping statistics for 10.202.3.11: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 42ms, Maximum = 45ms, Average = 43ms
But a ping from the DC to the device returns the devices local IP not the ZeroTier IP.
C:\Users\xxxadmin>ping dt-backup-lapto Pinging dt-backup-lapto [192.168.1.8] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.8: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Here is what
ipconfig
returns on the remote laptop.C:\Users\xxxadmin.xxx>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : fd56:5799:d8f6:3ed4:a199:9336:a36d:9068 Link-local IPv6 Address . . . . . : fe80::e023:2905:284a:b878%24 IPv4 Address. . . . . . . . . . . : 10.202.3.188 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 25.255.255.254 Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::d90e:714e:228:aafb%12 IPv4 Address. . . . . . . . . . . : 192.168.1.8 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : xxx.local
-
The DC is the image on the right. the laptop is the image on the left.
-
Did you check the client for viruses/rootkits? Had a similar issue where I was getting a public IP return when querying an internal DNS name; turns out the PC had a DNS hijack virus/rootkit on it returning all sort of odd results.
-
@JaredBusch Your screenshot brings up a question that I have been having since my Pertino days. Does the ZT NIC go first on the priority? I was getting some mixed messages from Pertino on the priority of things.
-
@WLS-ITGuy said in ZeroTier Question:
@JaredBusch Your screenshot brings up a question that I have been having since my Pertino days. Does the ZT NIC go first on the priority? I was getting some mixed messages from Pertino on the priority of things.
Yes it does. But since it should have no gateway, there will not be any issue with it generally.
-
@WLS-ITGuy That said, I had issues with Pertino routing all traffic over itself and had to manually update that setting to have Pertino lower priority in order to prevent it.
But the difference I have seen with ZeroTier is that even if it decides to route over the ZT adapter, my ping times are still 1ms in the office.
With Pertino , that was not true and it lagged the hell out of my inter server communication.
-
@JaredBusch said in ZeroTier Question:
But the difference I have seen with ZeroTier is that even if it decides to route over the ZT adapter, my ping times are still 1ms in the office.
This matches up with what I've seen in my home office as well.
-
in the beginning I asked if I need to put the ZeroTier IP address into the server options of DHCP. I don't remember and can't find if anyone answered that.
-
If you already have your LAN IP addresses of your DNS servers, it certainly won't hurt, but my first answer would be no, you don't have to worry about it... All of the DNS requests would be going to the same place anyway, right?
-
@WLS-ITGuy said in ZeroTier Question:
in the beginning I asked if I need to put the ZeroTier IP address into the server options of DHCP. I don't remember and can't find if anyone answered that.
This depends on how full mesh you want everything.
If you are going 100% full mesh, then yes.
You want your internal DNS server to be the thing handing out all DNS over ZT.
But this also means that your internal DNS server needs to KNOW all the ZT addresses for every device. This is not something that may always jsut magically register in DNS because the addresses are not being assigned out by the Windows DHCP server that normally can auto update the DNS records.