For minimal operation, outbound UDP on port 9993 (and reply packets) should be allowed to ZeroTIer's root servers. Allowing other UDP is ideal since it allows peer to peer connectivity, but these IPs on 9993 are the minimal requirement for ZeroTier to work:
| Code Block |
|---|
root-amslax-01.zerotier.com has address 195104.181194.1738.159134 root-amslax-01.zerotier.com has IPv6 address 2a022605:6ea09880:c024200:: root-sea-01.zerotier.com has address 50.7.73.34 root-sea-01.zerotier.com has IPv6 address 2001:49f0:d002:6::21200:30:571:e34:51 root-mia-01.zerotier.com has address 103.195.103.66 root-mia-01.zerotier.com has IPv6 address 2605:9880:400:c3:254:f2bc:a1f7:19 root-sgp-01.zerotier.com has address 50.7.252.138 root-sgp-01.zerotier.com has IPv6 address 2001:49f0:d0db:2::2 root-alicezrh-sfo-01.zerotier.com has address 10784.17017.19753.14155 root-alicezrh-sfo-01.zerotier.com has IPv6 address 26042a02:a8806ea0:1d405:20::200:e0019993 root-bobalice-dfwsfo-01.zerotier.com has address 45107.32170.198197.13014 root-bobalice-dfwsfo-01.zerotier.com has IPv6 address 20012604:19f0a880:64001:81c320:5400:ff:fe18:1d61200:e001 |
These are Amsterdam, Seattle, Miami, and Singapore. SFO still exists to point very old nodes to the newer roots.
We've also created a DNS record:
...