ZeroTierOne icon indicating copy to clipboard operation
ZeroTierOne copied to clipboard

Published 20 hours ago verified publisher icon zerotier

Unable to connect to the ZeroTierOne service HTTP API via IPv4

Open alexrsagen opened this issue 1 year ago • 3 comments

What you expect to be happening.

Should be able to connect to http://127.0.0.1:9993 (IPv4).

What is actually happening?

  • Unable to connect to http://127.0.0.1:9993 (IPv4)
  • Able to connect to http://[::1]:9993 (IPv6)
  • Able to connect to http://localhost:9993, as it resolves to http://[::1]:9993 (IPv6)

Any steps to reproduce the error.

  • Install ZeroTier One on Windows 11
  • Start ZeroTier One service
  • Start ZeroTier UI, observe message "Waiting for ZeroTier system service..." (source: https://github.com/zerotier/DesktopUI/blob/main/src/main.rs#L949)
  • powershell -command "Test-NetConnection -ComputerName 127.0.0.1 -Port 9993"

Any relevant console output or screenshots.

C:\Windows\System32>whoami
nt-myndighet\system

C:\Windows\System32>netstat -a -o -n | findstr 9993 | findstr LISTENING
  TCP    0.0.0.0:9993           0.0.0.0:0              LISTENING       57760
  TCP    0.0.0.0:9993           0.0.0.0:0              LISTENING       57760
  TCP    [::]:9993              [::]:0                 LISTENING       57760

C:\Windows\System32>netstat -a -o -n | findstr 9993 | findstr UDP
  UDP    192.168.111.146:9993   *:*                                    57760
  UDP    192.168.111.155:9993   *:*                                    57760

C:\Windows\System32>tasklist | findstr 57760
zerotier-one_x64.exe         57760 Services                   0     13 520 K

C:\Windows\System32>powershell -command "Test-NetConnection -ComputerName 127.0.0.1 -Port 9993"
WARNING: TCP connect to (127.0.0.1 : 9993) failed

ComputerName           : 127.0.0.1
RemoteAddress          : 127.0.0.1
RemotePort             : 9993
InterfaceAlias         : Loopback Pseudo-Interface 1
SourceAddress          : 127.0.0.1
PingSucceeded          : True
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded       : False

C:\Windows\System32>powershell -command "Test-NetConnection -ComputerName '::1' -Port 9993"

ComputerName     : ::1
RemoteAddress    : ::1
RemotePort       : 9993
InterfaceAlias   : Loopback Pseudo-Interface 1
SourceAddress    : ::1
TcpTestSucceeded : True

C:\Windows\System32>powershell -command "test-netconnection -computername localhost -port 9993"

ComputerName     : localhost
RemoteAddress    : ::1
RemotePort       : 9993
InterfaceAlias   : Loopback Pseudo-Interface 1
SourceAddress    : ::1
TcpTestSucceeded : True

What operating system and ZeroTier version. Please try the latest ZeroTier release.

Windows 11 Business, build 10.0.22631.

ZeroTierOne version 1.14.0.

alexrsagen avatar Aug 13 '24 14:08 alexrsagen

similar symptoms to #2151

laduke avatar Aug 13 '24 15:08 laduke

I may have identified the cause while reading through #2151... Correct me if I'm wrong, but this is my current assumption:

https://github.com/yhirose/cpp-httplib/commit/b2203bb05aa241a3dd00719c8afd07d82900ba3d sets IPV6_V6ONLY to "no", making the IPv6 socket bind to both IPv4 and IPv6, leaving the IPv4 socket (or the IPv4 part of the IPv6 dual-stack socket?) unable to bind, as mentioned here.

ZeroTierOne explicitly binds to both IPv4 and IPv6, this is not valid while the IPV6_V6ONLY flag is set to "no".

To resolve the issue, ZeroTierOne should either:

  • not utilize a dual-stack IPv6 socket (by explicitly setting IPV6_V6ONLY to "yes")
  • only bind to a single dual-stack IPv6 socket (by removing the IPv4 bind)

alexrsagen avatar Aug 13 '24 20:08 alexrsagen

@alexrsagen I am an author of cpp-httplib, and I happened to find this issue. I made a change to allow users to adjust this socket behavior.

You can adjust the behavior with either CPPHTTPLIB_IPV6_V6ONLY processor macro, or set_ipv6_v6only method. This change is included in v0.17.0. Hope it helps!

yhirose avatar Sep 01 '24 12:09 yhirose