ZeroTierOne [Bug][macOS] ZeroTier adds unwanted default route to 127.0.0.1 on latest macOS

Title: [macOS] ZeroTier adds unwanted default route to 127.0.0.1 on latest macOS

Description: Hi,

After upgrading macOS to the latest version, I noticed a serious routing issue with ZeroTier when allowManaged=true.

Even though I have no 0.0.0.0/0 route configured in the controller, ZeroTier still installs an extra default route pointing to 127.0.0.1.

Environment:

macOS version: [e.g. macOS 15 Sequoia / macOS 14 Sonoma]
ZeroTier version: [e.g. 1.14.x]
Network config:
- allowManaged=true
- Only a subnet route (e.g. 10.100.0.0/16) is pushed
- No default route (0.0.0.0/0) is configured

Observed behavior: When joining the ZeroTier network, macOS adds this unexpected route:

$ route -n get default
route to: default
destination: default
mask: default
gateway: 127.0.0.1
interface: lo0

At the same time, my normal default route (192.168.1.1 via en0) is overridden. This causes all internet traffic to be broken with error No route to host.

Expected behavior: ZeroTier should only add the managed subnet route(s) (e.g. 10.100.0.0/16) and should not inject a default route unless explicitly configured in the controller.

Notes:

This issue only happens on macOS.
On Linux and Windows clients, no unwanted default route is added.
On older macOS versions (before [Ventura/Sonoma]), this problem did not occur. It seems Apple changed routing behavior, and ZeroTier’s injected default route is no longer ignored but treated as active.

Impact:

Breaks all internet connectivity when connected to ZeroTier.
Workaround: manually delete the default route to 127.0.0.1 and re-add the local gateway.

👉 Could you please confirm if this is a known bug, and whether ZeroTier for macOS can avoid injecting the default 127.0.0.1 route when not explicitly configured?

Thanks!

Sep 19 '25 06:09 3k2s

+1

Sep 19 '25 06:09 xingxiuyi

🤔 I've been running macOS 26 since it was released with ZeroTier. Have not seen this one

 $ route -n get default
   route to: default
destination: default
       mask: default
    gateway: 10.0.0.1
  interface: en7

Sep 19 '25 14:09 glimberg

🤔 I've been running macOS 26 since it was released with ZeroTier. Have not seen this one

$ route -n get default route to: default destination: default mask: default gateway: 10.0.0.1 interface: en7

Environment: macOS 26 (latest), ZeroTier 1.16.0

When toggling allowManaged = true, macOS always creates an unexpected default route:

default → 127.0.0.1 (lo0)

This never happened on macOS 25 and earlier.

On Linux/Windows clients, enabling allowManaged works fine, only macOS shows this extra "dirty" route.

This leads to loss of connectivity until the wrong default route is removed manually.

Once the route is removed and the system reverts to DHCP gateway, everything works again.

Looks like a regression introduced in macOS 26’s routing stack. Possibly ZeroTier’s route injection triggers the bug.

Question: Is ZeroTier explicitly pushing a 0.0.0.0/0 route, or is this an Apple bug in route management?

Sep 20 '25 03:09 3k2s

Reporting the same issue!

Sep 20 '25 05:09 chevacheva

Once the route is removed and the system reverts to DHCP gateway, everything works again.

I am encountering another issue: even after removing the incorrect route, I continue to experience Internet disconnections, unless toggling allowManaged = false.

I have checked the routing tables, there is no default lo1 route after manually delete it.

Sep 20 '25 05:09 chevacheva

+1, I lost Internet connection unless toggling allowManaged = false.

Sep 23 '25 07:09 snachx

+1 My macOS version is 26, and I'm experiencing the same issue, which remains unresolved at this time.

Sep 23 '25 15:09 tianzc2002

Once the route is removed and the system reverts to DHCP gateway, everything works again.

I am encountering another issue: even after removing the incorrect route, I continue to experience Internet disconnections, unless toggling allowManaged = false.

I have checked the routing tables, there is no default lo1 route after manually delete it.

Have you checked your DNS when you were encountering the issue?

Sep 24 '25 15:09 happyharryh

Once the route is removed and the system reverts to DHCP gateway, everything works again.

I am encountering another issue: even after removing the incorrect route, I continue to experience Internet disconnections, unless toggling allowManaged = false. I have checked the routing tables, there is no default lo1 route after manually delete it.

Have you checked your DNS when you were encountering the issue?

Because of the gateway error, my network failed. I could access the internal IP of zerotie, but I couldn't access the public IP. The DNS was messy and wrong.

Sep 25 '25 01:09 tianzc2002

same here

Sep 25 '25 06:09 ldfandian

Same issue on MacOS26 and ZT 1.14.2. WiFi re-enabling/network switching is fixing issue for some time though.

Sep 25 '25 12:09 GlebGilev

The Same, how could we fix?

Sep 26 '25 04:09 wizcheu

Same here, is there any fix?

Sep 26 '25 05:09 crazyi

Once the route is removed and the system reverts to DHCP gateway, everything works again.

I am encountering another issue: even after removing the incorrect route, I continue to experience Internet disconnections, unless toggling allowManaged = false. I have checked the routing tables, there is no default lo1 route after manually delete it.

Have you checked your DNS when you were encountering the issue?

I've tried fixing the DNS and routing issues caused by ZeroTier using terminal commands, but every manual modification only stays effective for a few minutes before ZeroTier reverts the settings back (I'm not sure if it's ZeroTier or macOS doing this). I can only hope ZeroTier fixes this issue.

Sep 26 '25 06:09 chevacheva

Once the route is removed and the system reverts to DHCP gateway, everything works again.

I am encountering another issue: even after removing the incorrect route, I continue to experience Internet disconnections, unless toggling allowManaged = false. I have checked the routing tables, there is no default lo1 route after manually delete it.

Have you checked your DNS when you were encountering the issue?

I've tried fixing the DNS and routing issues caused by ZeroTier using terminal commands, but every manual modification only stays effective for a few minutes before ZeroTier reverts the settings back (I'm not sure if it's ZeroTier or macOS doing this). I can only hope ZeroTier fixes this issue.

same here, manual modification only stays effective for a few minutes.

Sep 26 '25 06:09 xingxiuyi

Once the route is removed and the system reverts to DHCP gateway, everything works again.

I am encountering another issue: even after removing the incorrect route, I continue to experience Internet disconnections, unless toggling allowManaged = false. I have checked the routing tables, there is no default lo1 route after manually delete it.

Have you checked your DNS when you were encountering the issue?

I've tried fixing the DNS and routing issues caused by ZeroTier using terminal commands, but every manual modification only stays effective for a few minutes before ZeroTier reverts the settings back (I'm not sure if it's ZeroTier or macOS doing this). I can only hope ZeroTier fixes this issue.

same here~ my temporary fix is as follows:

sudo route -n delete default 127.0.0.1
sudo route -n delete -ifscope en0 default 192.168.5.1     # 192.168.5.1 is my LAN gateway, en0 is my iface
sudo route -n add default 192.168.5.1

Sep 26 '25 06:09 ldfandian

Once the route is removed and the system reverts to DHCP gateway, everything works again.

I am encountering another issue: even after removing the incorrect route, I continue to experience Internet disconnections, unless toggling allowManaged = false. I have checked the routing tables, there is no default lo1 route after manually delete it.

Have you checked your DNS when you were encountering the issue?

I've tried fixing the DNS and routing issues caused by ZeroTier using terminal commands, but every manual modification only stays effective for a few minutes before ZeroTier reverts the settings back (I'm not sure if it's ZeroTier or macOS doing this). I can only hope ZeroTier fixes this issue.

same here, manual modification only stays effective for a few minutes.

same, and manually reconnect the network can recover for a while. any upgoing fix on this?

Sep 27 '25 16:09 YigesMx

The latest macOS Tahoe 26.0.1 still exhibits this issue, which occurs randomly—typically after the device has been connected to the network for some time. This bug make ZeroTier unusable: even if manually resolved, the problem reappears after a period. Has there been any recent progress on resolving this issue?

Oct 03 '25 05:10 xingxiuyi

Update / Root Cause Analysis

After further investigation, this issue appears to be caused by a macOS 26 networking bug, not by ZeroTier itself.

Findings

The incorrect default route (default → 127.0.0.1) only occurs on macOS 26.
Same ZeroTier configuration works fine on macOS 25, Linux, and Windows.
The route only appears when allowManaged = true.
Removing the route or toggling the network service fixes the issue temporarily.
The problem affects multiple Macs simultaneously and disappears after several toggles — suggesting a race condition inside macOS’s routing stack.

Conclusion

ZeroTier is not injecting any 0.0.0.0/0 route. The faulty route is automatically created by macOS when the virtual adapter updates its managed routes. This behavior has been reported to Apple via Feedback Assistant (report ID pending).

Suggested Action

No change required in ZeroTier codebase unless Apple confirms a new routing API requirement for macOS 26.

Oct 07 '25 11:10 3k2s

So, has anyone found a temporary solution? For me Connecting to ZeroTier is essential for production — I’m going crazy from all these network disconnections. help~~~

Oct 17 '25 09:10 pinguo-renliang

You can use a temporary workaround when the default route is lost.

Try manually adding your normal gateway back with a command like:

sudo route add default <your-gateway-ip>

For example:

sudo route add default 192.168.1.1

This restores connectivity temporarily, but if the route breaks again, you’ll need to re-add it manually.

I also tried writing a small script to auto-restore the default route, but it caused DNS resolution failures for unknown reasons, so it’s not reliable yet.

Hope this helps you at least keep working for now.

Oct 17 '25 09:10 3k2s

same error

Oct 22 '25 02:10 haw-haw

+1

Oct 27 '25 05:10 LailaiMaster

+1

Oct 28 '25 02:10 luluxiaoyu

DNS is also experiencing issues

Oct 31 '25 12:10 Mizoreeeee

MacOS 26.1 still has this issue.

You can use a temporary workaround when the default route is lost.

Try manually adding your normal gateway back with a command like:

sudo route add default For example:

sudo route add default 192.168.1.1 This restores connectivity temporarily, but if the route breaks again, you’ll need to re-add it manually.

I also tried writing a small script to auto-restore the default route, but it caused DNS resolution failures for unknown reasons, so it’s not reliable yet.

Hope this helps you at least keep working for now.

Nov 04 '25 07:11 chevacheva

+1 on macOS 26.1

Nov 07 '25 12:11 vint2k

same

Nov 12 '25 03:11 ctian282

encountered the same issue. the network gets disconnected, and reconnecting wifi only fixes it temporarily. it eventually breaks again. i tried reinstalling zerotier one, but now the cli won’t even launch.

zerotier-cli
zerotier-cli: missing port and zerotier-one.port not found in /Library/Application Support/ZeroTier/One

Nov 13 '25 02:11 ramondsq

Same issue even on MacOS Tahoe 26.1, feedback created to AAPL (FB21087200)

Nov 19 '25 08:11 kmahyyg