There are 3 classes of nodes in a working ZeroTier system: The roots, a controller, and your devices.

Your devices need to be able to communicate directly with each other.

The difficulty for strict firewall configurations is: the my.zerotier.com controllers and your devices are on dynamic IP addresses and are listening on random UDP ports.

Default zerotier-one listening ports are:

• 9993

• Secondary Port, randomized each start up and after being “offline” for too long.

• Random Port for UPnP

If you can allow incoming and outgoing 9993, you may have some luck.

For best results, a device needs be able to send to any address, on any UDP port to directly connect with other devices.

See also:

Router Configuration Tips