So i thought id share some of my findings in regards to Zerotier and its issues i encountered hosting a minecraft server.

Maybe these are obvious beginner mistakes. But hey, i had to websearch quite a long time to find everything so here goes nothing:

Zerotier doesnt start.

Symptoms: The icon is in the tray and immediately vanishes when i interact with it. I dont get a menu.

What worked for me: Uninstall your version of Zerotier, download and install an older version and then update your current already downloaded (hopefully up to date) version over it. Meaning run the new version and install it over your existing one.

If that still doesnt work, restart your pc. (Not "shutdown", restart!)

Players cant connect to my server (running on a windows machine).

Symptoms:

Failed to connect to the server java.net.ConnectException: Connection timed out: no further information:"

The player isnt able to connect to the running server despite being authorised in my network and using the correct IP. I couldnt ping anyone in the network either. Im able to connect locally using localhost but the zerotier IP's dont work from anyone except the server itself. Even if we both have our firewalls (temporarily) disabled. Even if the server is actively listening on port 25565. Can check this by running

netstat -an | find ":25565"

Expected output would be something like

TCP <ZeroTier-IP>:25565 LISTENING

What worked for me: Changing the Zerotier Network adapter from public to private. I only had to do this on my server but you might have to do it on the clients aswell depending on what the network adapter is set to.

Shamelessly copypasting from this glorious github post.

In Windows 10 and prior you would get the following screen when joining a ZeroTier network: https://i.imgur.com/QQEn7I8.png

Answering "Yes" would set the windows firewall as a "private" network and allow discovery, file sharing, etc. "No" sets the network to public causing Windows Firewall to disable file sharing, etc.

Windows 11 no longer pops up this prompt and instead just forces the network to Public and hardening windows firewall for the Public configuration.

Workaround: Open Powershell (not cmd) as admin and paste in in the following:

To check public/private setting:

Get-NetConnectionProfile | Where-Object "InterfaceAlias" -like "Zero*"

To set all ZeroTier networks to Private:

Get-NetConnectionProfile | Where-Object "InterfaceAlias" -like "Zero*" | Set-NetConnectionProfile -NetworkCategory Private

You can then recheck your setting with the first command again and see if things have changed.

Doing this immediately let people connect/i was able to ping everyone on the network.

I dont remember if i restarted the server/machine but it surely cant hurt.

Players time out/get disconnected frequently.

(This is not related to AFK timeouts, those were disabled, its about getting disconnect during active play.)

This didnt affect me as the host as much but clients far away sometimes got disconnected multiple times within minutes. It was really frustrating. This one took the longest to troubleshoot for sure. I had made sure the connections are stable. I ran a ping stability test with WinMTR for like 5 hours just to see a completely acceptable sub 1% lost pakets rate. Good latency too. I ran

tracert <clients ip>

To see how many hops the connection would take. It was only one. Good.

I had made sure the connections the clients are direct and not relaying.

zerotier-cli peers

All direct. Nothing out of the ordinary. Everything seemed in order. Everything seemed fine nothing was blocked. And hell if something was blocked there wouldnt be no connection at all. Not this absolute mess of instability.

The salvation? Something called MTU.

In my laymans words: MTU is the largest size of data packets a network can send at once without needing to split them.

I learned: larger network pakets need to be split up or "fragmented" to be sent. Leading to latency and sometimes instability.

I checked the MTU of my networks by running this command in admin powershell:

netsh interface ipv4 show interfaces

My Zerotier network adapter was set to an MTU of 1500.

Optional, To test i pinged an address with a paketsize

ping -f -l 1500 8.8.8.8 

And lo and behold it informed me that it needed to fragment these pakets.

Coming from hamachi i also saw its network adapter still in that above list and noted that it had an MTU of 1404. Not that much less.

So i tried it with 1404 and noted that it WASNT fragmenting the pakets. Maybe this value will be different for you but you can just experiment with this and see at what value it fragments and at what it doesnt. I was simply content setting it to the hamachi value of 1404 because we hadnt had this time out issue with hamachi (a slew of other ones though^{^} hence the change to zero tier).

To change the MTU value i used this command (in admin powershell):

netsh interface ipv4 set subinterface "InterfaceName" mtu=1404 store=persistent

Its a bit scuffed but the interface name needed to be the exact name displayed on the above list. Something like "Zerotier Adapter [XXXXXIPXXXXXX]" You can copy paste it together.

I then restarted the machine and the server and voilà. No issues since. I might update this if i encounter more troubles.

The only "downside" is that with a lower paketsize, the server has to send out more pakets. Which could lead to a minimale increase in cpu load on the server. So you dont want to set it too low. But with my configuration its not noticable at all and an absolutely cheap price to pay for salvation.

Cheers!