Grant Limberg 06c634ab57 comment out metrics for now hai 1 ano
..
Makefile 161ed18e48 set a home directory for stats output hai 1 ano
Metrics.cpp 06c634ab57 comment out metrics for now hai 1 ano
Metrics.hpp 06c634ab57 comment out metrics for now hai 1 ano
README.md 1c5897895b 1.10.4 merge into main (#1893) %!s(int64=2) %!d(string=hai) anos
tcp-proxy.cpp 06c634ab57 comment out metrics for now hai 1 ano
zerotier-proxy.service 1c5897895b 1.10.4 merge into main (#1893) %!s(int64=2) %!d(string=hai) anos

README.md

TCP Proxy Server

This is the TCP proxy server we run for TCP tunneling from peers behind difficult NATs. Regular users won't have much use for this.

How to run your own

Currently you must build it and distribute it to your server manually.

To reduce latency, the tcp-relay should be as close as possible to the nodes it is serving. A datacenter in the same city or the LAN would be ideal.

Build

cd tcp-relay make

Point your node at it

The default tcp relay is at 204.80.128.1/443 -an anycast address.

Option 1 - local.conf configuration

See Service docs for more info on local.conf { "settings": { "tcpFallbackRelay": "198.51.100.123/443", "forceTcpRelay": true } }

In this example, forceTcpRelay is enabled. This is helpful for testing or if you know you'll need tcp relay. It takes a few minutes for zerotier-one to realize it needs to relay otherwise.

Option 2 - redirect 204.80.128.1 to your own IP

If you are the admin of the network that is blocking ZeroTier UDP, you can transparently redirect 204.80.128.1 to one of your IP addresses. Users won't need to edit their local client configuration.

Configuring this in your Enterprise Firewall is left as an exercise to the reader.

Here is an iptables example for illustrative purposes:

-A PREROUTING -p tcp -d 204.80.128.1 --dport 443 -j DNAT --to-destination 198.51.100.123
-A POSTROUTING -p tcp -d 198.51.100.123 --dport 443 -j SNAT --to-source 204.80.128.1