I have seen several times on the forum how people were advising to remove MWAN3 before running zerotier.
I tried zerotier on MT3000, firmware 4.2.1 release 2 (used as a client, i.e my goal was to use the remote gateway as an exit point) and had to do the following to make it work:
a) start zerotier in GL GUI (I only allowed “Remote Access LAN”);
b) stop MWAN3 by /usr/sbin/mwan3 stop (it is also possible to disable it, therefore the suggestion to remove it is a bit too extreme in my view - you may need it later)
c) check the routing table:
root@GL-MT3000:/etc/init.d$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default XXXX.dev64.c 0.0.0.0 UG 10 0 0 eth0
172.27.0.0 * 255.255.0.0 U 0 0 0 ztlXXXXXX
192.168.3.0 * 255.255.255.0 U 10 0 0 eth0
192.168.8.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.9.0 * 255.255.255.0 U 0 0 0 br-guest
the default gateway is WAN interface and zerotier will not work.
d) make sure that zerotier route becomes default one and all traffic is routed via zerotier interface/gateway
sudo zerotier-cli set <YOUR16CHAR_NETWORKID> allowDefault=1
e) check the routing table again:
root@GL-MT3000:/etc/init.d$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.27.XXX.XX 128.0.0.0 UG 5000 0 0 ztlXXXXXX <=!!!
default XXXX.dev64.c 0.0.0.0 UG 10 0 0 eth0
128.0.0.0 172.27.XXX.XX 128.0.0.0 UG 5000 0 0 ztlXXXXXX
172.27.0.0 * 255.255.0.0 U 0 0 0 ztlXXXXXX
192.168.3.0 * 255.255.255.0 U 10 0 0 eth0
192.168.8.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.9.0 * 255.255.255.0 U 0 0 0 br-guest
as we can see the new route was added and now all packets are sent via 172.27.XXX.XX (zerotier) gateway. From this point everything works. If one makes changes in GL GUI it may restart MWAN3 and the routing table will be changed in favor of eth0 interface as mentioned in ‘c’.