ZeroTierOne icon indicating copy to clipboard operation
ZeroTierOne copied to clipboard
verified publisher icon zerotier

Improve ephemeral port restriction handling

Open joseph-henry opened this issue 3 years ago • 0 comments

This change makes it easier to control when ephemeral ports can be used via local.conf (See issue https://github.com/zerotier/ZeroTierOne/issues/915)

New behavior:

  • The allowSecondaryPort option in local.conf is replaced by allowEphemeralPorts
  • allowEphemeralPorts is a toggle that controls all non-9993 ports (e.g. secondaryPort to get around buggy NATs and tertieraryPort for uPnP/NAT-PMP)

Why this change is needed:

  • There does not exist a single option switch to control all non-9993 ports. One would have to set allowSecondaryPort:false and allowPortMapping:false.

Open questions:

  • Should this change replace allowSecondaryPort causing a breaking change or should we leave that switch for backwards compatibility (introducing possibly confusing redundancy)?
  • Is there a situation where people would want to disable the secondary port but leave the tertiary port?

joseph-henry avatar May 09 '22 18:05 joseph-henry