Bug 6326

Summary: Problems connectin to zerotier-central
Product: Fedora Reporter: Davide Repetto <ReD>
Component: zerotier-oneAssignee: Artem <ego.cordatus>
Status: REOPENED ---    
Severity: major CC: leigh123linux
Priority: P1    
Version: unspecified   
Hardware: x86_64   
OS: GNU/Linux   
namespace:

Description Davide Repetto 2022-06-06 10:07:31 CEST 
Description of the problem:
===========================
On some PCs, Version 1.8.4 of zerotier-one gets stuck trying to join networks, with no recourse whatsoever. And believe me, I vent down the rabbit hole and tried everything the internet threw at me. On some machines it just won't work.

[Note: private data was edited for privacy]
~]# zerotier-cli listnetworks
200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
200 listnetworks 123455646576575676  b1:71:75:ab:7d:7d REQUESTING_CONFIGURATION PRIVATE xyzktlb9250 -

Last month I installed it on a few dozen, very similar machines. Some still had Fedora 35 and most of them where already on Fedora 36, and it just "decided" whether to work (or not), on each specific machine. And the "decision" was final. No matter what. :(

At the same time, upgrading the recalcitrating zerotiers to a more recent version, invariably solves the problem.

I tried the following versions from the official rep and they all work:

 1.8.10 - 1.8.9 - 1.8.8

Can you pull one of those updates?
Comment 1 Artem 2022-06-07 00:42:09 CEST 
Thanks for reporting. Since 1.8.5+ version zerotier requires Rust as build dependencies. Long story short: it's not trivial to package newer version for RPM Fusion repo. And this is very critical package in security terms so i highly recommend to retire entirely zerotier from RPM Fusion if we can't find the way to build new version for RPM Fusion.

There is a Copr repo https://copr.fedorainfracloud.org/coprs/atim/zerotier-one/. Note: zerotier in Copr built with network access and upstream rust crates.
Comment 2 leigh scott 2022-06-12 23:51:50 CEST 
(In reply to Artem from comment #1)
> Thanks for reporting. Since 1.8.5+ version zerotier requires Rust as build
> dependencies. Long story short: it's not trivial to package newer version
> for RPM Fusion repo. And this is very critical package in security terms so
> i highly recommend to retire entirely zerotier from RPM Fusion if we can't
> find the way to build new version for RPM Fusion.
> 
> There is a Copr repo
> https://copr.fedorainfracloud.org/coprs/atim/zerotier-one/. Note: zerotier
> in Copr built with network access and upstream rust crates.

This commit address the no network access issue.

https://pkgs.rpmfusion.org/cgit/nonfree/zerotier-one.git/commit/?id=f0f43d629bfd9a2a446aff557c507219f190aefe

I copied the idea from  https://abf.io/import/zerotier-one
Comment 3 leigh scott 2022-06-13 00:04:20 CEST 
(In reply to Davide Repetto from comment #0)
> Description of the problem:
> ===========================
> On some PCs, Version 1.8.4 of zerotier-one gets stuck trying to join
> networks, with no recourse whatsoever. And believe me, I vent down the
> rabbit hole and tried everything the internet threw at me. On some machines
> it just won't work.
> 
> [Note: private data was edited for privacy]
> ~]# zerotier-cli listnetworks
> 200 listnetworks <nwid> <name> <mac> <status> <type> <dev> <ZT assigned ips>
> 200 listnetworks 123455646576575676  b1:71:75:ab:7d:7d
> REQUESTING_CONFIGURATION PRIVATE xyzktlb9250 -
> 
> Last month I installed it on a few dozen, very similar machines. Some still
> had Fedora 35 and most of them where already on Fedora 36, and it just
> "decided" whether to work (or not), on each specific machine. And the
> "decision" was final. No matter what. :(
> 
> At the same time, upgrading the recalcitrating zerotiers to a more recent
> version, invariably solves the problem.
> 
> I tried the following versions from the official rep and they all work:
> 
>  1.8.10 - 1.8.9 - 1.8.8
> 
> Can you pull one of those updates?

Can you test 1.8.10

https://koji.rpmfusion.org/koji/packageinfo?packageID=636
Comment 4 Davide Repetto 2022-06-13 10:01:22 CEST 
Thanks for the update. 1.8.10 solved the network access & authentication issue.
Unfortunately it has another major issue. On many Fedora machines it does not pass traffic through the zerotier interface.
I opened an issue for that upstream:
https://github.com/zerotier/ZeroTierOne/issues/1692

Currently the latest version that works consistently on every machine I tried is zerotier-one-1.8.9-1.
Comment 5 leigh scott 2022-06-13 11:47:12 CEST 
(In reply to Davide Repetto from comment #4)
> Thanks for the update. 1.8.10 solved the network access & authentication
> issue.
> Unfortunately it has another major issue. On many Fedora machines it does
> not pass traffic through the zerotier interface.
> I opened an issue for that upstream:
> https://github.com/zerotier/ZeroTierOne/issues/1692
> 
> Currently the latest version that works consistently on every machine I
> tried is zerotier-one-1.8.9-1.

Can you test this please?

https://koji.rpmfusion.org/koji/buildinfo?buildID=22702
Comment 6 Davide Repetto 2022-06-22 18:45:57 CEST 
Sorry I'm so late.
It isn't working either. Not on a clean install, at least.

I suppose it is a dependency problem and I'm trying to bisect a machine that works vs. a clean fedora install, but it's a slow and painful process.

Anyway I'm also taking this upstream https://github.com/zerotier/ZeroTierOne/issues/1692 and I'm in the process of obtaining the package list of a Fedora 36 Server where even V1.10 seem to work.
Comment 7 Davide Repetto 2022-06-22 18:47:04 CEST 
Can we reopen this?
Comment 8 leigh scott 2022-06-22 23:26:07 CEST 
Try

https://koji.rpmfusion.org/koji/buildinfo?buildID=22777
Comment 9 Davide Repetto 2022-06-26 19:02:51 CEST 
Still not passing traffic. :(