ZeroTier nodes on same network give "No route to host" errors

Hello, I've been using the zerotier-one package installed on my Linux systems to connect them into a ZeroTier network which I manage at ZeroTier Central. A typical use case is to SSH from system A to system B.

However, for the past few days all attempts at connection between these systems fail. For example, when ssh-ing from system A to B, I get a "No route to host error" on the commandline. I've checked `systemctl status zerotier-one` on both systems which shows no problems, the network view at ZeroTier Central shows both systems as ONLINE with the correct IPs, the zerotier-cli listnetworks command shows the "OK" status, and ifconfig on both systems also show that they got the correct IPs.

How can I troubleshoot this? Thanks.

Quote:

Originally Posted by penyuan Hello, I've been using the zerotier-one package installed on my Linux systems to connect them into a ZeroTier network which I manage at ZeroTier Central. A typical use case is to SSH from system A to system B. However, for the past few days all attempts at connection between these systems fail. For example, when ssh-ing from system A to B, I get a "No route to host error" on the commandline. I've checked `systemctl status zerotier-one` on both systems which shows no problems, the network view at ZeroTier Central shows both systems as ONLINE with the correct IPs, the zerotier-cli listnetworks command shows the "OK" status, and ifconfig on both systems also show that they got the correct IPs. How can I troubleshoot this? Thanks.

Have you only tried SSH? Can you ping from A to B?

Quote:

Originally Posted by permaroot Have you only tried SSH? Can you ping from A to B?

Thank you @permaroot. I tried pinging from A to B and vice versa, and all pings failed with:

Code:

Destination unreachable: Address unreachable

Looks like the two aren't reaching each other at all? This is strange because from the online ZeroTier Central dashboard, both nodes show up as "online".... Anything else I can do to troubleshoot this? Thank you.

If it worked before I wouldn’t think it would be your firewall but I would have a look at your settings and make sure the icmp requests and ssh connections aren’t being blocked by iptables or whatever firewall you use. I am not too familiar with zerotier so I can’t speak as to its configuration.

Quote:

Originally Posted by permaroot If it worked before I wouldn’t think it would be your firewall but I would have a look at your settings and make sure the icmp requests and ssh connections aren’t being blocked by iptables or whatever firewall you use. I am not too familiar with zerotier so I can’t speak as to its configuration.

Apparently my firewall settings are fine and are not blocking any of this, which makes sense because they've always worked until now...

I tried to ping a few more times this week, and occasionally it works but with up to 70% packet loss!

I also tried the "zerotier-cli peers" command to list peers on nodes A and B, and they both show up in the list. However, the connection type is listed as "RELAY" rather than "DIRECT". Not sure if that's the culprit?

Since client A is mobile, I've moved it to different places with different Internet connections, but that didn't help with any of the above....