ZeroTier Question
-
@WLS-ITGuy said in ZeroTier Question:
@JaredBusch I hope so. I was looking at ZT Central when I typed it out
Are you sure that you set the auto assign correctly?
-
@Dashrender Hmm - I just ping'd from my laptop (Mac OS X) and got the same address that I got on the other laptop. Here is the screenshot from my ZT Center.
http://i.imgur.com/LfOdpLn.png
Here is the info from the machine
-
This post is deleted! -
Ok, just tested this a little more.
Laptop off the LAN.
Ping from laptop to DC by name = ping resolves over ZeroTier IP.C:\Users\xxxadmin.xxx>ping xxxdc01 Pinging xxxdc01 [10.202.3.11] with 32 bytes of data: Reply from 10.202.3.11: bytes=32 time=42ms TTL=128 Reply from 10.202.3.11: bytes=32 time=42ms TTL=128 Reply from 10.202.3.11: bytes=32 time=45ms TTL=128 Reply from 10.202.3.11: bytes=32 time=43ms TTL=128 Ping statistics for 10.202.3.11: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 42ms, Maximum = 45ms, Average = 43msBut a ping from the DC to the device returns the devices local IP not the ZeroTier IP.
C:\Users\xxxadmin>ping dt-backup-lapto Pinging dt-backup-lapto [192.168.1.8] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.8: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),Here is what
ipconfigreturns on the remote laptop.C:\Users\xxxadmin.xxx>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : fd56:5799:d8f6:3ed4:a199:9336:a36d:9068 Link-local IPv6 Address . . . . . : fe80::e023:2905:284a:b878%24 IPv4 Address. . . . . . . . . . . : 10.202.3.188 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 25.255.255.254 Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::d90e:714e:228:aafb%12 IPv4 Address. . . . . . . . . . . : 192.168.1.8 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : xxx.local -
The DC is the image on the right. the laptop is the image on the left.
-
Did you check the client for viruses/rootkits? Had a similar issue where I was getting a public IP return when querying an internal DNS name; turns out the PC had a DNS hijack virus/rootkit on it returning all sort of odd results.
-
@JaredBusch Your screenshot brings up a question that I have been having since my Pertino days. Does the ZT NIC go first on the priority? I was getting some mixed messages from Pertino on the priority of things.
-
@WLS-ITGuy said in ZeroTier Question:
@JaredBusch Your screenshot brings up a question that I have been having since my Pertino days. Does the ZT NIC go first on the priority? I was getting some mixed messages from Pertino on the priority of things.
Yes it does. But since it should have no gateway, there will not be any issue with it generally.
-
@WLS-ITGuy That said, I had issues with Pertino routing all traffic over itself and had to manually update that setting to have Pertino lower priority in order to prevent it.
But the difference I have seen with ZeroTier is that even if it decides to route over the ZT adapter, my ping times are still 1ms in the office.
With Pertino , that was not true and it lagged the hell out of my inter server communication.
-
@JaredBusch said in ZeroTier Question:
But the difference I have seen with ZeroTier is that even if it decides to route over the ZT adapter, my ping times are still 1ms in the office.
This matches up with what I've seen in my home office as well.
-
in the beginning I asked if I need to put the ZeroTier IP address into the server options of DHCP. I don't remember and can't find if anyone answered that.
-
If you already have your LAN IP addresses of your DNS servers, it certainly won't hurt, but my first answer would be no, you don't have to worry about it... All of the DNS requests would be going to the same place anyway, right?
-
@WLS-ITGuy said in ZeroTier Question:
in the beginning I asked if I need to put the ZeroTier IP address into the server options of DHCP. I don't remember and can't find if anyone answered that.
This depends on how full mesh you want everything.
If you are going 100% full mesh, then yes.
You want your internal DNS server to be the thing handing out all DNS over ZT.
But this also means that your internal DNS server needs to KNOW all the ZT addresses for every device. This is not something that may always jsut magically register in DNS because the addresses are not being assigned out by the Windows DHCP server that normally can auto update the DNS records.
-
This will also mean that you need to put the ZT IP address of your DNS server on the ZT NICs on Laptops that leave the physical network.
Edit: The caveat here will be if your DNS server responds with a LAN IP address instead of a ZT IP address for a device that is not located on physical LAN.
-
So the plain answer is no then
I received feedback overnight that there are two machines for sure that cannot access mapped drives or files from the DC/File Server.
I couldn't ping from my mac but could access files with no issues.
-
So the drives are getting mapped, or are not?
-
@scottalanmiller The drives are mapped via logon script but have a red x when off campus. When you click on them it says it could not reconnect.
-
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller The drives are mapped via logon script but have a red x when off campus. When you click on them it says it could not reconnect.
And if you ping the name used for the mapping, it does not respond? Does it respond on the machines that work?
-
@WLS-ITGuy said in ZeroTier Question:
@scottalanmiller The drives are mapped via logon script but have a red x when off campus. When you click on them it says it could not reconnect.
Then you have DNS resolution issues, a routing issue, or a firewall issue.
Most likely it is DNS.
-
My machines off the network can still ping the server by netbios name. It comes up with the ZT address.
So the shared drive (mapped by GPO) still works.
I have changed no DNS settings or anything at all.
