New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

settings/primaryPort not fully respected #915

Open
darkain opened this Issue Feb 5, 2019 · 0 comments

Comments

Projects
None yet
2 participants
@darkain
Copy link

darkain commented Feb 5, 2019

Describe the bug
Relates to the issues with: #779

If a connection cannot be established on the primary port (usually 9993), then ZeroTier will pick an arbitrary port to try and use instead. This defeats the entire purpose of having a primary port configuration. I have specific firewall rules in place for 9993 for a combination of security and to deal with issue #779. However, at some point ZT added support to "try other ports" that are outside of the configuration, which means the firewall rules in place for #779 no longer work, which means route flapping returned, broken connections, and excessively high CPU usage again. I also tried disabling port mapping to see if that was the issue, but this didn't resolve the issue either. There needs to be a way to force ZT to use one port and one port ONLY.

  • OS: FreeBSD 11.2
  • ZeroTier Version: 1.2.12
  • Hardware: Any (several tested)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment