Default route override still does not work on Windows 11

[milo-0010]

When adding a default route via ZT IP address of one of the nodes, Windows will not use that default route. The same default route does work on Android. I've seen issues marked as fixed before about this same problem, but on Win11 the problem is not fixed on 1.12.2. Windows keeps using its own default route. The ZT default route gets added with a wrong subnet mask and metric. This also breaks other routes via the same ZT node.

Windows build 22621.2283 ZT 1.12.2

[laduke]

It's working for me. Make sure you have Allow Global IPs set for that network if you're using ipv6.

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      10.211.55.1      10.211.55.3     15
          0.0.0.0          0.0.0.0   25.255.255.254        10.2.1.93  10034
          0.0.0.0        128.0.0.0         10.2.0.2        10.2.1.93    291
         10.2.0.0    255.255.254.0         On-link         10.2.1.93    291
        10.2.1.93  255.255.255.255         On-link         10.2.1.93    291
       10.2.1.255  255.255.255.255         On-link         10.2.1.93    291
      10.211.55.0    255.255.255.0         On-link       10.211.55.3    271
      10.211.55.3  255.255.255.255         On-link       10.211.55.3    271
    10.211.55.255  255.255.255.255         On-link       10.211.55.3    271
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0         10.2.0.2        10.2.1.93    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       10.211.55.3    271
        224.0.0.0        240.0.0.0         On-link         10.2.1.93    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       10.211.55.3    271
  255.255.255.255  255.255.255.255         On-link         10.2.1.93    291
===========================================================================

These two are how it overrides the system

          0.0.0.0        128.0.0.0         10.2.0.2        10.2.1.93    291
        128.0.0.0        128.0.0.0         10.2.0.2        10.2.1.93    291

see https://github.com/zerotier/ZeroTierOne/issues/152 to read about "25.255.255.254"

[milo-0010]

Enabling Allow Global IPs does nothing for me. This is my routing table at the moment:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       10.13.38.1      10.13.38.19     35
          0.0.0.0          0.0.0.0   25.255.255.254    172.26.92.172  10034
          0.0.0.0        128.0.0.0    172.26.238.43    172.26.92.172    291
       10.13.38.0    255.255.255.0         On-link       10.13.38.19    291
      10.13.38.19  255.255.255.255         On-link       10.13.38.19    291
     10.13.38.255  255.255.255.255         On-link       10.13.38.19    291
     10.100.100.0    255.255.255.0    172.26.238.43    172.26.92.172    291
     10.100.101.0    255.255.255.0    172.26.238.43    172.26.92.172    291
     10.100.102.0    255.255.255.0    172.26.238.43    172.26.92.172    291
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        128.0.0.0        128.0.0.0    172.26.238.43    172.26.92.172    291
       172.26.0.0      255.255.0.0         On-link     172.26.92.172    291
    172.26.92.172  255.255.255.255         On-link     172.26.92.172    291
   172.26.255.255  255.255.255.255         On-link     172.26.92.172    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       10.13.38.19    291
        224.0.0.0        240.0.0.0         On-link     172.26.92.172    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       10.13.38.19    291
  255.255.255.255  255.255.255.255         On-link     172.26.92.172    291
===========================================================================
Persistent Routes:
  None

[landaal-ict]

Here the same on Windows 11

set default route 0.0.0.0/0 via 10.0.4.1 (mikrotik router at home) but dont get WAN IP from home on mobile device.

Also on Iphone default route dont work. On android devices and linux no problem.

[mvthul]

Did u find solutions why zt isn't adding the routes on windows

[kkdkkd1]

Did you find solutions why zt isn't adding the routes on windows 11 with correct Metric?

[mvthul]

Did you find solutions why zt isn't adding the routes on windows 11 with correct Metric?

Nah does it even add the managed routes on ur side? I need to manually add them

[kkdkkd1]

It adds the route, but the metric is wrong. This is what it looks like to me: Without turning on ZT, and then after turning on ZT

[glimberg]

the 25.255.255.254 route isn't a default route. It's a hack for windows firewall purposes

https://github.com/zerotier/ZeroTierOne/blob/41a4690372b45f451cbb2044a65834ebdcc31669/osdep/WindowsEthernetTap.cpp#L1008-L1044

If you want to route all IPv4 traffic, you need to

1. put a default route on your network configuration and have a machine set up as a router at the via address
2. On each instance of zerotier on the network, both Allow Default and Allow Global must be set on the network.

[mvthul]

the 25.255.255.254 route isn't a default route. It's a hack for windows firewall purposes

https://github.com/zerotier/ZeroTierOne/blob/41a4690372b45f451cbb2044a65834ebdcc31669/osdep/WindowsEthernetTap.cpp#L1008-L1044

If you want to route all IPv4 traffic, you need to

1. put a default route on your network configuration and have a machine set up as a router at the via address

2. On each instance of zerotier on the network, both Allow Default and Allow Global must be set on the network.

Well if I add route managed route like 192.168.1.0/23 through ZeroTier client 172.16.1.1.

I don't even see the route on windows being added. I'm not using default route. Only the default ZeroTier network route is added 172.16.1.0/24 maybe it's another issues.

[glimberg]

@mvthul Not sure why it wouldn't be showing up for you. Appears to work in testing for me on Windows.

Added 10.187.40.0/24 via 10.147.18.77 on a network. Seconds later this showed up in the IPv4 route list in Windows:

      10.187.40.0    255.255.255.0     10.147.18.77    10.147.18.219    291

[mvthul]

@mvthul Not sure why it wouldn't be showing up for you. Appears to work in testing for me on Windows.

Added 10.187.40.0/24 via 10.147.18.77 on a network. Seconds later this showed up in the IPv4 route list in Windows:

      10.187.40.0    255.255.255.0     10.147.18.77    10.147.18.219    291

Strange right how does your route config look. Is the default route of ZeroTier network first or second?

[mvthul]

It adds the route, but the metric is wrong. This is what it looks like to me:

Without turning on ZT, and then after turning on ZT

Maybe adding metric ur self will help see api.

[laduke]

If it's stuck on REQUESTING_CONFIGURATION it's not going to set any routes...

[mvthul]

If it's stuck on REQUESTING_CONFIGURATION it's not going to set any routes...

This was the api page of ZeroTier XD not mine but I'll check on the windows client