From b984eb280805aa860465bfd36b4a758a63afb745 Mon Sep 17 00:00:00 2001 From: Kamil Cholewinski Date: Thu, 6 May 2021 13:04:58 +0200 Subject: [PATCH 1/6] Use clang on OpenBSD --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 144225fc4..39dabafdd 100644 --- a/Makefile +++ b/Makefile @@ -17,8 +17,8 @@ ifeq ($(OSTYPE),FreeBSD) include make-bsd.mk endif ifeq ($(OSTYPE),OpenBSD) - CC=egcc - CXX=eg++ + CC=clang + CXX=clang++ ZT_BUILD_PLATFORM=9 include make-bsd.mk endif From 6faca86bb424d0b9643b6efa50571f73310d8276 Mon Sep 17 00:00:00 2001 From: joseph-henry Date: Thu, 27 May 2021 19:48:01 -0700 Subject: [PATCH 2/6] Update bugs-and-issues.md Add troubleshooting tip --- .github/ISSUE_TEMPLATE/bugs-and-issues.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/ISSUE_TEMPLATE/bugs-and-issues.md b/.github/ISSUE_TEMPLATE/bugs-and-issues.md index 629c0cae5..ff6f95fd9 100644 --- a/.github/ISSUE_TEMPLATE/bugs-and-issues.md +++ b/.github/ISSUE_TEMPLATE/bugs-and-issues.md @@ -46,3 +46,4 @@ _Using these will ensure you get quicker support, and make this space available - Router Config: are you permitting port 9993, uPnP, and NAT-PMP? - Firewall Config: are you permitting port 9993 on your OS; setting it to "Private" on Windows? - Are you using this at home, in an office, college, etc? +- Have you tried screaming into your router? From 740c77a4886232e02e1d0623c61ca3bef87d92a1 Mon Sep 17 00:00:00 2001 From: Travis LaDuke Date: Fri, 16 Jul 2021 14:20:30 -0700 Subject: [PATCH 3/6] Add more help for local.conf --- service/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/service/README.md b/service/README.md index 762bd3683..94e920a58 100644 --- a/service/README.md +++ b/service/README.md @@ -5,7 +5,11 @@ This is the actual implementation of ZeroTier One, a service providing connectiv ### Local Configuration File -A file called `local.conf` in the ZeroTier home folder contains configuration options that apply to the local node. (It does not exist unless you create it). It can be used to set up trusted paths, blacklist physical paths, set up physical path hints for certain nodes, and define trusted upstream devices (federated roots). In a large deployment it can be deployed using a tool like Puppet, Chef, SaltStack, etc. to set a uniform configuration across systems. It's a JSON format file that can also be edited and rewritten by ZeroTier One itself, so ensure that proper JSON formatting is used. +A file called `local.conf` in the ZeroTier [home](https://github.com/zerotier/ZeroTierOne/blob/6faca86bb424d0b9643b6efa50571f73310d8276/README.md) folder contains configuration options that apply to the local node. (It does not exist unless you create it). It can be used to set up trusted paths, blacklist physical paths, set up physical path hints for certain nodes, and define trusted upstream devices (federated roots). In a large deployment it can be deployed using a tool like Puppet, Chef, SaltStack, etc. to set a uniform configuration across systems. + +It's a JSON format file that can also be edited and rewritten by ZeroTier One itself, so ensure that proper JSON formatting is used. To validate your config, paste it into a website like [jsonlint.com](https://jsonlint.com), or use a tool like `jq`. + +Check the output of `zerotier-cli info -j` to see if your configuration is being loaded. Settings available in `local.conf` (this is not valid JSON, and JSON does not allow comments): From e5007f12901459dc8442b364a3a7ff03da7b5ee3 Mon Sep 17 00:00:00 2001 From: Travis LaDuke Date: Fri, 16 Jul 2021 14:20:43 -0700 Subject: [PATCH 4/6] Delete outdated --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index 406ae3193..401335d11 100644 --- a/README.md +++ b/README.md @@ -81,12 +81,6 @@ Here's where home folders live (by default) on each OS: * **Mac**: `/Library/Application Support/ZeroTier/One` * **Windows**: `\ProgramData\ZeroTier\One` (That's for Windows 7. The base 'shared app data' folder might be different on different Windows versions.) -Running ZeroTier One on a Mac is the same, but OSX requires a kernel extension. We ship a signed binary build of the ZeroTier tap device driver, which can be installed on Mac with: - - sudo make install-mac-tap - -This will create the home folder for Mac, place *tap.kext* there, and set its modes correctly to enable ZeroTier One to manage it with *kextload* and *kextunload*. - ### Basic Troubleshooting For most users, it just works. From 8913f13b36753a4fbbf455225cf3e7a61f6027dc Mon Sep 17 00:00:00 2001 From: Travis LaDuke Date: Fri, 16 Jul 2021 14:46:53 -0700 Subject: [PATCH 5/6] Add website links to top of readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 401335d11..5f2cba89f 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,6 @@ ZeroTier - Global Area Networking ====== +This document is written for a software developer audience. For information on using ZeroTier, see the: [Website](https://www.zerotier.com), [Documentation Site](https://docs.zerotier.com), and [Discussion Forum](https://discuss.zerotier.com) ZeroTier is a smart programmable Ethernet switch for planet Earth. It allows all networked devices, VMs, containers, and applications to communicate as if they all reside in the same physical data center or cloud region. From 46387e2f2b2df539f2ba94ae540d0d19a202478e Mon Sep 17 00:00:00 2001 From: Travis LaDuke Date: Fri, 16 Jul 2021 15:16:29 -0700 Subject: [PATCH 6/6] Minor Readme updates People with support issues still commonly say "9993 is open. why doesn't work?" Trying to improve this across all of our docs. --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5f2cba89f..a53dca476 100644 --- a/README.md +++ b/README.md @@ -67,10 +67,12 @@ Typing `make selftest` will build a *zerotier-selftest* binary which unit tests Running *zerotier-one* with `-h` option will show help. -On Linux and BSD you can start the service with: +On Linux and BSD, if you built from source, you can start the service with: sudo ./zerotier-one -d +On most distributions, macOS, and Windows, the installer will start the service and set it up to start on boot. + A home folder for your system will automatically be created. The service is controlled via the JSON API, which by default is available at 127.0.0.1 port 9993. We include a *zerotier-cli* command line utility to make API calls for standard things like joining and leaving networks. The *authtoken.secret* file in the home folder contains the secret token for accessing this API. See [service/README.md](service/README.md) for API documentation. @@ -86,11 +88,11 @@ Here's where home folders live (by default) on each OS: For most users, it just works. -If you are running a local system firewall, we recommend adding a rule permitting UDP port 9993 inbound and outbound. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration. +If you are running a local system firewall, we recommend adding a rules permitting zerotier. If you installed binaries for Windows this should be done automatically. Other platforms might require manual editing of local firewall rules depending on your configuration. -The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools. If you're using Ubuntu's *ufw*, you can do this: +See the [documentation site](https://docs.zerotier.com/zerotier/troubleshooting) for more information. - sudo ufw allow 9993/udp +The Mac firewall can be found under "Security" in System Preferences. Linux has a variety of firewall configuration systems and tools. On CentOS check `/etc/sysconfig/iptables` for IPTables rules. For other distributions consult your distribution's documentation. You'll also have to check the UIs or documentation for commercial third party firewall applications like Little Snitch (Mac), McAfee Firewall Enterprise (Windows), etc. if you are running any of those. Some corporate environments might have centrally managed firewall software, so you might also have to contact IT.