ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ZeroTier and DHCP

    Scheduled Pinned Locked Moved IT Discussion
    zerotier
    5 Posts 2 Posters 3.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dafyreD
      dafyre
      last edited by

      So in light of some of the other ZeroTier discussions I've had... I figured I would post here and tag @adam-ierymenko with a question...

      I have a problem (I can make this an Issue on GitHub if you want)... My ZeroTier controller is located on a cloud hosted server. I figured I would try and use my own home's internal DHCP server (it is also my DC) at my house to assign IP addresses and DNS to all of my ZT Devices.

      So I installed the ZT Client on my server and then set ZT's v4AssignMode to dhcp. I set a static IP address on the DHCP Server (192.168.251.1) and configured it to give out IP addresses in 192.168.251.100-150.

      Any ZeroTier device that is also on the LOCAL Lan (local to the DHCP server, which also serves my home network)... will successfully register a DHCP address over the ZT Adapter.

      Any device that is NOT on my local Lan, such as my phone (with the android client) with wireless off, or my day job computer (college in town) does NOT get a ZT IP address.

      However, if I manually assign IP addresses to them, they work fine. Any ideas of things that I can troubleshoot? My setup looks like this:

      ztController (192.168.251.2*--V
      /----------- home network -> DHCP Server (192.168.10.11,192.168.251.1*)
      internet------|
      |----------- Office Computer (cannot get a dhcp lease)
      ------------Phone (wireless off, or at another location, cannot get a DHCP lease)

      • IPs manually assigned to these devices.

      I have manually set my v4AssignMode back to ZT so I can at least remain connected to my ZT Network and look devices up by IP address.

      {
      "nwid": "censored",
      "controllerInstanceId": "not_making_it_that_easy",
      "clock": 1445628845082,
      "name": "WellstonTwo",
      "private": true,
      "enableBroadcast": true,
      "allowPassiveBridging": true,
      "v4AssignMode": "dhcp",
      "v6AssignMode": "none",
      "multicastLimit": 32,
      "creationTime": 1440161932745,
      "revision": 28,
      "memberRevisionCounter": 27,
      "authorizedMemberCount": 10,
      "relays": [],
      "gateways": [],
      "ipLocalRoutes": ["192.168.251.0/24"],
      "ipAssignmentPools": [
      {"ipRangeStart":"192.168.251.1","ipRangeEnd":"192.168.251.254"}],
      "rules": [
      {
      "ruleNo": 10,
      "action": "accept"
      }]
      }

      1 Reply Last reply Reply Quote 2
      • A
        adam.ierymenko
        last edited by

        Assign mode 'dhcp' is intended to mean 'enable DHCP on this interface and let the OS query DHCP and get an IP assignment.' But it's not actually implemented yet in the client, so it would do nothing and be equivalent to 'none'.

        DHCP isn't the default method because DHCP is unsafe. If you joined a malicious network, DHCP could be used to push e.g. alternative DNS servers and other settings to your device. Some OSes support all kinds of potentially unsafe settings via DHCP. So it's something that we'd want to only enable with some consideration. Current idea is to require the user to explicitly okay DHCP on a per-network basis before it would ever be used even if 'dhcp' is the assign mode.

        You can use DHCP now by setting assign mode to 'none' and invoking DHCP yourself and it will work.

        1 Reply Last reply Reply Quote 1
        • dafyreD
          dafyre
          last edited by

          It seems like I tried that too. I will do it again and let you know.

          1 Reply Last reply Reply Quote 0
          • dafyreD
            dafyre
            last edited by

            You make a good point from a security perspective... would people be going around joining random public networks?

            What you say is highly plausible though, especially if ZT becomes popular!

            1 Reply Last reply Reply Quote 0
            • dafyreD
              dafyre
              last edited by

              I just went and tried it with 'none' as my IP mode... I set a static IP address on my Windows DHCP server and activated a DHCP scope and it not work. I switched back to ZT for IP handling and everything went back to working agian.

              I'll try it with a LInux DHCP server on the controller in a little bit and let you know how that goes.

              1 Reply Last reply Reply Quote 0
              • 1 / 1
              • First post
                Last post