Reduce traffic in idle case, and TCP only option?

[iandol]

I work at a research university and am behind a NAT and firewall and I am not supposed to run something like SSH. Anyway, I set up ZeroTier and for a while was extremely happy as everything just worked and I could connect easily across work/home/mobile (ZT is awesome, even for non expert like myself!). I was later told that there was "suspicious" traffic coming from my machine and that I must reinstall the OS immediately or be permanently disconnected from the net. I simply disabled ZeroTier and was told all was back to normal. So I would like a mode whereby ZT works but does not create so much P2P traffic.

Here is a chat I had with someone on ZT community channel:

Hi, I love ZeroTier and have used it to connect my work and home machines together. But I was recently told by my IT manager that my work machine was creating suspicious traffic and that I must reinstall my machine or disconnect it permanently from the internet. I have no other network apps and by disabling ZeroTier and rechecking, my IT person was satisfied the "suspicious traffic stopped". How can I configure ZeroTier to act somewhat more "stealthily"? If not, can anyone recommend software that is similar to ZeroTier (I think I only know ngrok, freelan and hamachi).

zt-janjaap 16:04 It sounds to me your company policy won't allow you to be connected to non-company vpn's anyway, although it might technically feasible. If only http/s traffic is allowed, you could setup a personal gateway (on the cloud or at home if you can expose http/s), using something like https://github.com/jpillora/chisel

I work at a research university in China, and the admin doesn't really know much about anything other than their automated system flagged abnormal traffic We are not supposed to run VPNs either, but I use a shadowsocks based VPN which is not flagged. What happens if I turn multicast off in ZT, will that limit some of the P2P traffic? I am a neuroscientist, and while I'm studying another highly complex network, I am not a computer networking person. So sorry for any dumb questions in advance

zt-janjaap 17:23 No problem! No, I don't think at the moment there is something you can do to limit the peer traffic. ZeroTier will always keep trying to find a direct path, using nat punching techniques. I think it could be a feature request to be added: do not try to established direct paths except for allowed hosts / networks that are know to be directly reachable on the LAN. All other traffic would then be proxied through the global roots or your own moon. This would limit the number of peers to communicate with and reduce chatter on your local network.

[janjaapbos]

It would be nice to have the option to use websocket only, with the roots and your own moon. This will help in locked down environments where no udp traffic is allowed.

[adamierymenko]

see #867