A Guide About Installing ZeroTier on ASUS AC68U Router

[MissingTwins]

Questions:

on the VPS, do i need other iptables rules for docker ss-server after add ip route 192.168.1.1 to ponint home router's zerotier ip 172.30.55.44 and enable ip forwording?

No additional iptables rules needed, unless your iptables' FORWARD chain is ended up with a drop rule.
An ip route "192.168.1.0/24 to 172.30.55.44" is needed.

what about the part for the VPS's route setting In the zerotier managed route section?

If you were talking about the zerotier WebUI console settings, leave it untouched.

Devices using cellphone data outside, what's the 'server address' in SS clinet's configuration

VPS external IP address.

{
"server": "??????", #vps public ip or vps zerotier ip or home router's zerotier ip?
"server_port": 9443,

The same answer, VPS public ip.

You need to add a redirect rule(ipcidr) in your client App, let all 192.168.1.0/24 go through the proxy.

192.168.1.1 -> iOS SS Client App ( IP-CIDR,192.168.1.0/24,PROXY,no-resolve) -> VPS -> SS-Server -> ip route (192.168.1.0/24 to 172.30.55.44) -> Zerotie -> ac88u

At first, make sure you can access your VPS's zerotier address from your docker insurance(equals to SS-Server can reach zertier)

 

[DoradoUS]

No additional iptables rules needed, unless your iptables' FORWARD chain is ended up with a drop rule.
An ip route "192.168.1.0/24 to 172.30.55.44" is needed.

Thanks for such a quick reply!

"FORWARD CHAIN", does the #20 matter?
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 457K 721M DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
2 457K 721M DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
3 185K 354M ACCEPT all -- * br-a6b4acbbfb2b 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
4 1050 61408 DOCKER all -- * br-a6b4acbbfb2b 0.0.0.0/0 0.0.0.0/0
5 271K 367M ACCEPT all -- br-a6b4acbbfb2b !br-a6b4acbbfb2b 0.0.0.0/0 0.0.0.0/0
6 0 0 ACCEPT all -- br-a6b4acbbfb2b br-a6b4acbbfb2b 0.0.0.0/0 0.0.0.0/0
7 0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
8 0 0 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
9 0 0 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
11 0 0 ACCEPT all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
12 0 0 DOCKER all -- * docker_gwbridge 0.0.0.0/0 0.0.0.0/0
13 0 0 ACCEPT all -- docker_gwbridge !docker_gwbridge 0.0.0.0/0 0.0.0.0/0
14 67 3836 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
15 67 3836 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0
16 67 3836 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0
17 67 3836 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
18 67 3836 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0
19 67 3836 ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0
20 0 0 DROP all -- docker_gwbridge docker_gwbridge 0.0.0.0/0 0.0.0.0/0

sudo ip route add 192.168.1.0/24 via 172.30.55.44
ip route
...
192.168.1.0/24 via 172.30.55.44 dev ztMYSPECIFIC
...

If you were talking about the zerotier WebUI console settings, leave it untouched.

YES, the zerotier WebUI->advanced->managed routes. leave it untouched, confirmed

You need to add a redirect rule(ipcidr) in your client App, let all 192.168.1.0/24 go through the proxy.

This is what I am confused about, what's 192.168.1.1 refer to in the IOS and 192.168.1.0/24 ip route in the VPS? My app is Shadowrocket, when I connect cellphone data with shadowrocket running, my 5G IP is 10.36.48.XXX, VPN IP 240.0.0.1/255.255.255.0 external IP 34.XX.XX.XX ---my VPS public IP/External IP.
Try to add a rule in Shadowrocket's config->rules->type: IP-CIDR, policy Proxy, No Resolve, IP-CIDR: 192.168.1.0/24, I can ping VPS zerotier IP and other devices' zerotier IP as well but cannot login my NAS and home router ac88u through WebUI...

At first, make sure you can access your VPS's zerotier address from your docker insurance(equals to SS-Server can reach zertier)

My VPS's zerotier IP is 172.30.165.217, how to check ss-server can reach it from docker?

docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6754117xxxxx acrisliu/shadowsocks-libev:latest "/bin/sh -c 'exec ss…" 4 hours ago Up 4 hours 8388/tcp, 8388/udp, 0.0.0.0:9443->9443/tcp, 0.0.0.0:9443->9443/udp shadowsocks-libev

 

[MissingTwins]

Thanks for such a quick reply!

Your FORWARD CHAIN is too complex, you are better off adding a forward rule at the top, and you may see the number growing when it hits.

This is what I am confused about, what's 192.168.1.1 refer to in the IOS and 192.168.1.0/24 ip route in the VPS?

No, what IP in your iOS doesn't matter, as long as your iOS device doesn't occupy the same IP sub-net addresses.
192.168.1.0/24 is not really a good choice, because there are so many devices take 192.168.1.1 as a default IP address.
You may want to avoid using 192.168.1.0/24 for clarity.

192.168.1.1(This is the IP that you want to access) -> iOS(its all good, as long as not using 192.168.1.0/24 for its own) -> SS Client App ( IP-CIDR,192.168.1.0/24,PROXY,no-resolve) -> VPS(don't using 192.168.1.0/24 either on this VPS' interfaces) -> docker(same here) -> SS-Server -> ip route (192.168.1.0/24 to 172.30.55.44) -> Zerotie(must not have multiple 192.168.1.0/24 among networks) -> ac88u( this is the destination 192.168.1.1)

I can ping VPS zerotier IP and other devices' zerotier IP as well but cannot login my NAS and home router ac88u through WebUI...

It appears that you could access your VPS through your iPhone, but shadowsocks couldn't relay ICMP packets, so... how did you ping your VPS?

and...two more questions:
1 can you ping(ICMP) your ac88u's zerotier address from your vps?
2 can you ping(ICMP) your ac88u's LAN address (192.168.1.1) from your vps?

My VPS's zerotier IP is 172.30.165.217, how to check ss-server can reach it from docker?

Starting a bash and ping from within it.

docker run -it -v ~/.somepath:/root/.somepath --net=host --log-opt max-size=10m --log-opt max-file=3 yourdockername bash

You can test this part from a PC with curl.
192.168.1.1 -> iOS SS Client App ( IP-CIDR,192.168.1.0/24,PROXY,no-resolve) -> VPS -> SS-Server

# 1. Start an echo service on your VPS (replace the following ` with single quote)
SOCAT_SOCKADDR=172.30.165.217 socat -v tcp-l:1234,fork exec:`/bin/cat`

#2. Launch v2rayN on your PC and connect to you VPS SSServer

#3. Test, on your PC
curl -x socks5h://127.0.0.1:10808 http://172.30.165.217:1234

# 4. you should see something likes "GET / HTTP/1.1", that means VPS zerotier IP address can be reached through shadowsocks.
curl -> v2rayN -> VPS -> SS-Server -> zerotier (172.30.165.217:1234)

#5. If you can ping 192.168.1.1 from VPS, then this should be working
curl -x socks5h://127.0.0.1:10808 http://192.168.1.1

 

[technofox01]

Hi everyone,

I am absolutely stuck. I am able to get a remote client, my phone in this case, to connect and communicate with my internal network; however, I am unable to have that client communicate with the Internet. I have tried googling on how to do this but I am absolutely stuck. Here is my firewall-start script:

#!/bin/sh
iptables -I INPUT -p tcp --destination-port 51413 -j ACCEPT
iptables -I INPUT -p udp --destination-port 51413 -j ACCEPT
logger -t "custom iptables" "Enter" -p user.notice
iptables -C INPUT -i zt+ -j ACCEPT
if [ $? != 0 ]; then
    iptables -I INPUT -i zt+ -j ACCEPT
    iptables -t nat -I PREROUTING -i zt+ -d 192.168.192.0/24 -p tcp -m multiport --dport 21,22,80 -j DNAT --to-destination `nvram get lan_ipaddr`
    logger -t "custom iptables" "rules added" -p user.notice
else
    logger -t "custom iptables" "rules existed skip" -p user.notice
fi
iptables -t nat -A POSTROUTING -o br0 -s 192.168.192.0/24 -j SNAT --to-source `nvram get lan_ipaddr`
iptables -I FORWARD -i zt+ -d `nvram get lan_ipaddr`/24 -j ACCEPT
iptables -I FORWARD -i br0 -d 192.168.192.0/24 -j ACCEPT

It is maddening because I am so close to getting this working. I have tried researching on how to do this and tried a number of different recommendations without any success. I would appreciate any help on this, because I want to be able to use the Internet through my ZeroTier VPN by using my router's ad-blocking and for privacy in general.

 

[MissingTwins]

Hi everyone,

I am absolutely stuck. I am able to get a remote client, my phone in this case, to connect and communicate with my internal network; however, I am unable to have that client communicate with the Internet. I have tried googling on how to do this but I am absolutely stuck. Here is my firewall-start script:

Zerotier is not working well with mobile phones, you either stuck with Zerotier network only or without Zerotier at all. My solution is tunneling back(shadowsocks, vmess or what ever) to one of your PCs or routers which is capable of Zerotier network, add proxy rules in those VPN clients and forward the specific 192.168.x.x/24 to the proxy server. Then you will have both internal and the Internet.

But I have seen someone in this thread, said he only have to change the managed network and route tables to get both internal and Internet working, but I haven't tested.

 

[Eribelles]

Excellent tuto
I have followed all the instructions and seems everything right and Zerotier status is online.

Connecting my laptop to router’s wifi i can ping to router with local ip address or Zerotier ip address, even if Zerotier in laptop is disconnected .

From router ussing PUTTY SSH it can ping to itself, to both the local ip and Zerotier ip address,
but not to the rest of devices .

Obviusly, from the devices outside the local network, i can ping all Zerotier machines, but not to the router.

My scenario is as follows:
Router ASUS AC-68U with merling 386.7.2 local ip 192.168.1.1. Zerotier ip 192.168.20.1
The router got the internet connection through USB port via a mobile pone.

I have readed in this forum the following
“It will work behind double NAT, BUT will not work if your router is behind cell network.”
I’m not totaly sure if this is my case, could it be?

Thks for your help and suggestions.

 

[MissingTwins]

Connecting my laptop to router’s wifi i can ping to router with local ip address or Zerotier ip address, even if Zerotier in laptop is disconnected .

Thks for your help and suggestions.

Obviously, from the devices outside the local network, i can ping all Zerotier machines, but not to the router.

It seems that the Zerotier on your router is not functional.
I have a question: Please run these commands on you router to do diagnostics

zerotier-cli info
zerotier-cli peers

I also have noticed that you are using ac68u, this router can only run Zerotier up to 1.4.6, if it is runing with any version higher than 1.4.6, you have to do downgrade.

opkg remove zerotier
opkg install http://bin.entware.net/armv7sf-k2.6/archive/zerotier_1.4.6-5_armv7-2.6.ipk

Router ASUS AC-68U with merling 386.7.2 local ip 192.168.1.1. Zerotier ip 192.168.20.1
The router got the internet connection through USB port via a mobile pone.

I strongly recommend you avoid using 192.168.1.0/24 as your home network addresses. Due to some device manufactures hardwired 192.168.1.x such as TP-LINK does will cause weird results.
I also suggest you changing the Zerotier IP addresses to distinguishable 10.x.x.x or 172.16.x.x – 172.31.x.x5 to avoid any problems, some TUN/TAP filters out 192.168.0.0/16 as default rules.

From router using PUTTY SSH it can ping to itself, to both the local ip and Zerotier ip address,
but not to the rest of devices .

So it couldn't ping any Zerotier IP addresses rather than itself.
I have a question: Did you do ping like this?
ping -c 1 -w 1 192.168.20.x
or this
ping 192.168.20.x
Due to a long existing bug, if you CTRL+C to terminate the ping will also crash the Zerotier service on your router.

It will work behind double NAT, BUT will not work if your router is behind cell network.

It's not necessarily true. I bring my Nucbox 5(Windows 10) to the office everyday and relying on pocket Wi-FI or phone tethering, my Zerotier network works flawlessly.
As long as you can ping Zerotier IP, with proper route table settings on both ends, it will work.

 

[Eribelles]

Bravo ¡¡¡¡
I have followed all the recomendations and now everything Works perfectly
I think the keys have been to dowgrade the version of Zerotier and to change the IP range.

Regarding the ping format, i was ussing the one indicated on this forum as follows: ping 172.x.x.x -c 4

Congratulations¡¡¡
Many many thks for your help and knowledge. It is always nice to meet such efficient and active people like you.
Hv a nice day

 

[Dr.Mxyztplk]

6. Joint zerotie network
go to `my.zerotier.com` to enable your new node.

You REALLY need to put a warning here telling people that they will get disconnected. I was doing this from a SSH shell on my Android phone. As soon as I joined the network I saw it popup on my laptop on my.zerotier.com & I checked the box. as soon as I did, before it could even tell me that the box was checked, my router lost connectivity & everything lost internet. I tried reconnecting my phone like I've done before when the internet is off, turning of Cell Data, connecting, & waiting for the "No internet click for options" popup, but as soon as I clicked it it disconnected from the network, tried a few times, never stayed connected long enough to do anything. Tried wiring in my laptop & it couldn't connect either. Had to reboot my Router, thus stopping ZeroTier, to get it to work.

 

[MissingTwins]

You REALLY need to put a warning here telling people that they will get disconnected. I was doing this from a SSH shell on my Android phone. As soon as I joined the network I saw it popup on my laptop on

Normally if you didn't put 0.0.0.0/0 in your zerotier Managed Routes, it shouldn't get you disconnected from existing network.
For example, my zerotier Managed Routes is 10.9.8.0/24, also all my zertoier devices get addresses from this range.

So could you please share more information about
what router model were your using?
what did you have in your Managed Routes and
what was your router local IP address also
what was your zerotier assigned IP address for your router?

When you get disconnected please do this in your ssh to router and let's see what's in your route tables.

ip route

 

[Dr.Mxyztplk]

Normally if you didn't put 0.0.0.0/0 in your zerotier Managed Routes, it shouldn't get you disconnected from existing network.

10.44.66.96/27 for Managed Routes, works fine with everything, I have a free account so it covers more IPs than I can have nodes.

what router model were your using?

RT-AC68U. & I saw the later post so I used opkg install http://bin.entware.net/armv7sf-k2.6/archive/zerotier_1.4.6-5_armv7-2.6.ipk for the install

what was your router local IP address also

192.168.14.1

what was your zerotier assigned IP address for your router?

It didn't get one before I lost internet access. I litterally checked the Authorize box & immediate my network was gone. It didn't even show me that the box was checked, when I went to refresh it gave me a No Internet page
After I rebooted the router on the my.zerotier.com site it has 10.44.66.118

When you get disconnected please do this in your ssh to router and let's see what's in your route tables.

I can't... because I'm... disconnected...I cannot get back into the SSH until I restart the router...

I cannot try it again right now because having my entire network go down actually caused problems, though only minor ones, it'll be big ones during the day

 

[MissingTwins]

I can't... because I'm... disconnected...I cannot get back into the SSH until I restart the router...

That's strange, never had this condition before. With any conditions router just shouldn't lock you out of accessing from inside of LAN.
You said you had to restart the router, not reset the router to the factory settings is that correct?
So you didn't have these scripts in /jffs/scripts/ right?
services-start
post-mount

I was doing this from a SSH shell on my Android phone.

It looks like you were accessing your ac68u through cellphone network, if it was true please use Wi-Fi connection direct to ac68u.
And please use conventional ssh client such as putty on your computer, let's make things less complicated.

I cannot try it again right now because having my entire network go down actually caused problems, though only minor ones, it'll be big ones during the day

So will you isolate your ac68u and connect your laptop directly to ac68u LAN port, do ssh to ac68u through LAN cable, connect WAN port to the internet.
Then try to perform zerotier configuration again.

Forgot several questions,
what's your firmware version?
what's your WAN configuration, PPPoE, ETH?
How your android phone was accessing the router? WIfi? Cellnetwork?

 

[Dr.Mxyztplk]

It looks like you were accessing your ac68u through cellphone network

No, accessing through WiFi. SSH isn't enabled over WAN

You said you had to restart the router, not reset the router to the factory settings is that correct?

Correct. Since I didn't set it to Autostart ZeroTier a restart was all that was needed. But if I start the ZeroTier service again it does the same. I only tried twice, but as soon as I connected the 2nd time I lost all connection, unlike the 1st time where it didn't happen until I Authorized it in my.zerotier.com.

So you didn't have these scripts in /jffs/scripts/ right?
services-start
post-mount

Both of those do show in /jffs/scripts but I did not do anything to them in any way, I only got to the step where you said to Authorize the Router in my.ZeroTier.com

And please use conventional ssh client such as putty on your computer, let's make things less complicated

That's not an option for me. But when this happened my laptop also lost connection, I couldn't go to the Router's UI on it either.

So will you isolate your ac68u and connect your laptop directly to ac68u LAN port, do ssh to ac68u through LAN cable, connect WAN port to the internet.
Then try to perform zerotier configuration again.

No. I cannot do that, that would be the SAME problem, my network would be down. I could do that on Sunday, but this is too much for all the work, plus it looks as though this will be something that will be permanent not like a VPN Server on the router that can be turned on or off easily. With the problems I already had this is definitely not a solution for me, because when I'm away if there are problems like these I won't be able to fix them & that's the whole reason I was trying to do this, so I wouldn't have that exact problem

what's your firmware version?

Merlin 386.7_2

what's your WAN configuration, PPPoE, ETH?

As I believe I said, I'm on a Triple-NAT, that's the main reason I'm trying to do this. So my WAN is Static IP, it connects to the building's unsecured Nighthawk Router which I have access to, which then connects to an ISP Router/Modem that I don't have access to, but that I can put in requests to have ports forwarded from.
ZeroTier works fine on my systems, OpenVPN works fine, I have NGINX working fine, & many others, they just took more steps to setup than normal.

How your android phone was accessing the router? WIfi? Cellnetwork?

As I said when I mentioned trying to connect when the internet was out, over WiFi. I turned off the Cell Data so that it wouldn't jump to it when there was no internet.

 

[MissingTwins]

No, accessing through WiFi. SSH isn't enabled over WAN

I'm sorry to hear that, you have encountered unusual difficulties. I have three ac68u since 2015, and three ac86u two ax86u, as far as I know this situation has never happened to me.

Could you download the /tmp/syslog and see what happened after zerotier started, if anything remains?

Please save this script to /jffs/scripts/testrun.sh
and chmod +x /jffs/scripts/testrun.sh
When you are ready, then run this script, wait about 1 minute, then restart your router, export these log files, censor everything that must be and upload here, let's see what's going on there.
/tmp/scripts/mylog.log
/jffs/scripts/syslog.log
/jffs/scripts/syslog.log-1

You may need to do unit testing and guarantee it is working, and add more cmd as your please.

#!/bin/sh
echo > /tmp/mylog.log
zerotier-cli join xxxxxxxx 2>&1 >> /tmp/mylog.log
zerotier-cli info 2>&1 >> /tmp/mylog.log
zerotier-cli peers 2>&1 >> /tmp/mylog.log

ip addr  2>&1 >> /tmp/mylog.log
ip route  2>&1 >> /tmp/mylog.log

iptables -vnL --line-numbers   2>&1 >> /tmp/mylog.log
ip6tables -vnL --line-numbers   2>&1 >> /tmp/mylog.log

nvram show  >> /tmp/mylog.log

cp /tmp/mylog.log /jffs/scripts/
cp /tmp/syslog.log /jffs/scripts/
cp /tmp/syslog.log.1 /jffs/scripts/

In case there is nothing useful in the logs, then do the following.

Do you mind doing the factory reset to your ac68u, reformat the media that storing the entware, reinstall entware, then perform zerotier installation.

Before doing the factory reset, please backup all your data in /jffs and all files in /opt/etc, including the sub-directories and

export all your settings as following and download the nvram.log to your computer for later inspection/comparison.

nvram show > /tmp/nvram.log

 

[itsming]

Thanks for your tutorial.

Based on your guide, are the devices connected to the router that has zerotier installed automatically connected to the zerotier virtual network? I am trying to use zerotier as a VPN on my router so that all devices connected to the router join the VPN automatically without installing the zerotier client. Any suggestion would be highly appreciated.

 

[MissingTwins]

Based on your guide, are the devices connected to the router that has zerotier installed automatically connected to the zerotier virtual network?

Yes, all devices under the router will be able to access zerotier network through counterpart's IP addresses.
As long as you have set the route table(ip route add 192.168.9.0/24 via 10.0.0.4) in the router.

I am trying to use zerotier as a VPN on my router so that all devices connected to the router join the VPN automatically without installing the zerotier client. Any suggestion would be highly appreciated.

Yes, zerotier client is not needed on other devices under the router.

 

[itsming]

Yes, all devices under the router will be able to access zerotier network through counterpart's IP addresses.
As long as you have set the route table(ip route add 192.168.9.0/24 via 10.0.0.4) in the router.


Yes, zerotier client is not needed on other devices under the router.

I see. Thanks for your help!!!

 

[itsming]

As long as you have set the route table(ip route add 192.168.9.0/24 via 10.0.0.4) in the router.

Can I ask you where the 10.0.0.4 comes from given that 192.168.9.0 is the router ip address in LAN? Is it the router ip address in Zerotier network?
Can I also you how how set this rule in the router? Is it the page shown in the attached Fig 1?


Aim: devices connected to my router that is connected to my Zerotier network can use the ip address of my VPS that is also inside the Zerotier network without installing the ZeroTier One app (to save battery and labour).

Progress so far: I have managed to ping from any device in my Zerotier network to my router, and vice versa. I have also managed to ping from any device connected to my router to any device in my Zerotier network, but not vice versa. Ping outputs some longs like "Redirect Host (New addr: 192.168.196.90)" which is my router ip address in the Zerotier network. I guess it may because devices connected to my router are not shown in the Zerotier web console. Meanwhile, the device that's got ZeroTier One app installed (shown in Zerotier web console ) has the VPS ip address without any issues.

Encountered problem: the ip address shown in the device connected to my router is not the ip address shown in my VPS. The Managed Routes in Zerotier Central page is shown in Fig 2. Can you kindly assist?

 

[itsming]

After hours of trying, I figured it out.

All I did was correct except that the VPN function in Zerotier installed on my router was not enabled. In case anyone who's down to the same rabbit hole, below is the solution.
1. Make sure your router can ping to any device in the Zerotier network, and vice versa.
2. Make sure all devices connected to the router can ping to any device in the Zerotier network. The other way around will not work. But it does not matter. Fig 2 can be used as an example.
3. Run command below in your physical Asus router. Due to the way that the ZeroTier VPN is configured, the traffic coming back from your server to your client can sometimes appear to come from a different network address than the one it was sent it to. Command below will tell Linux kernel to NOT view these as invalid and NOT drop them, making it necessary to override that behavior.

echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter

4. Run command below to enable VPN function. Replace NETWORKID with your own network id.

zerotier-cli set NETWORKID allowDefault=1

5. Add code below to line 10 in the S90zerotier-one.sh given in the guide so that the VPN function is always enabled after reboot. Replace NETWORKID with your own network id as well.

        echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter ;
        /opt/bin/zerotier-cli set NETWORKID allowDefault=1 ;

6. Enjoy.

 

[damageboy]

Hi @MissingTwins,
I was having issues with your guide until I read the following comment, which did indeed "solve" the issues I was having:


I also have noticed that you're using ac68u, this router can only run Zerotier up to 1.4.6, if it is runing with any version higher than 1.4.6, you have to do downgrade.


Is there any workaround for this? I have some reservations about using such an old version, and would rather solve the issue if possible, do you have any additional information about what the root cause is?