# Zerotier rc.conf issues



## Whiskers (Dec 8, 2022)

Hi all - really appreciate any help people can please provide.

I've been trying to set up zerotier (https://www.zerotier.com/) on a freebsd box that serves as my home (multi purpose) server, so that I can VPN into my home lan remotely.

I can get the whole thing to work but it requires some bizarre weirdness. After a reboot, I need to run "service netif restart" exactly twice before the VPN will work correctly! Then it works fine.

The broad architecture is as follows:

My home network is on 192.168.1.0/24
The FreeBSD server is 192.168.1.50
I've been running zerotier in bridge mode: I create a cloned interface called "bridge0" on 192.168.1.55 and bridge re0 (the main nic) with the device the zerotier creates: "ztbc1svef37f9s2")
To do this, my rc.conf goes through the steps of creating bridge0, settings its IP to 192.168.1.55, and putting re0 and ztbc1svef37f9s2 on the bridge. Zerotier defaults to an MTU of 2800 so rec.conf also needs to change that to 1500 before it adds it as a member of the bridge
Here is an extract from my rc.conf (full file attached below)



> ifconfig_re0="inet 192.168.1.50 netmask 255.255.255.0"
> 
> ...
> 
> ...



When I first boot up, I can see that zerotier has created the ztbc1svef37f9s2 interface but the MTU has not been updated. Also, the bridge0 innterface does not have the IP address of 192.168.1.55 set, and it is missing ztbc1svef37f9s2 as a member. For these reasons the VPN does not work at this point:



> re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
> ether 4c:cc:6a:68:54:ea
> inet 192.168.1.50 netmask 0xffffff00 broadcast 192.168.1.255
> ...



At this point I run *service netif restart*. This manages to update the MTU on ztbc1svef37f9s2 to the desired figure of 1500 (partial success!). However, bridge0 still has the wrong IP and is missing ztbc1svef37f9s2 as a member.



> ztbc1svef37f9s2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 5000 *mtu 1500*
> options=80000<LINKSTATE>
> ether 82:48:7a:ca:49:f2
> hwaddr 58:9c:fc:10:bd:30
> ...



So I do one more* service netif restart* and voila(!) we get to what what want - the details of bridge0 are updated to reflect the desired ip address and the addtion of the ztbc1svef37f9s2 as a member.



> ztbc1svef37f9s2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 5000 mtu 1500
> options=80000<LINKSTATE>
> ether 82:48:7a:ca:49:f2
> hwaddr 58:9c:fc:10:bd:30
> ...



At this point the whole set up works. I have the zerotier service running on the freebsd box and a mobile phone and I can VPN into the home lan from the phone (on the cellular network) and it is all great.

But it feels silly to have to go in and artifically restart the network exactly twice after a power cycle to get back to this state. I'm sure I'm doing something fairly silly so greatly appreciate any direction people are prepared to offer me.

Kind regards,
Simon


----------

