No more than one layer of NAT should be present between ZeroTier endpoints and the Internet.Symmetric NAT is extremely hostile to peer-to-peer traffic and will degrade VoIP, video chat, games, WebRTC, and many other protocols as well as ZeroTier. Use "full cone" or "port restricted cone" NAT. If present it should be implemented without NAT (NAT is wholly unnecessary with IPv6 and only adds complexity) and with a stateful firewall that permits bidirectional UDP conversations. IPv6 is recommended and can greatly improve direct connection reliability if supported on both ends of a direct link.
Supporting either UPnP or NAT-PMP on your network can greatly improve performance by allowing ZeroTier endpoints to map external ports and avoid NAT traversal entirely.These ZeroTier recommended guidelines are consistent with the vast majority of typical deployments using commodity gateways and access points: Recommended Local Network and Internet Gateway Configuration To talk with them directly, you need to be able to send them to any port. That means your peers could be listening on any port. A random, high numbered port for use with UPnP/NAT-PMP mappings.A random, high numbered port derived from your ZeroTier address.Required Network Configuration What ports does ZeroTier use? Using your local Pi-Hole setup from anywhere via the Internet.Accessing LAN devices via SSH without opening port to the Internet.
0 kommentar(er)
