Configuring AC3100 for ZeroTier One

[Max Pixel]

I have a new ASUS AC3100 router, currently running ASUSWRT-Merlin 384.9. The router is connected to a Nighthawk M1 AT&T LTE hotspot, configured for IP Passthrough so that it's just acting as a modem and not as a second router.

I've been using ZeroTier-One for VPN for a while, and it's been great. However, as of moving a few of my machines from one office to the new one with the AC3100, ZeroTier is no longer able to create direct connections to them from the outside.

According to ZeroTier-One's documentation on router configuration, there are a number of things I should be doing to avoid the problem that I'm experiencing:

• Don't restrict outbound UDP traffic
• Don't use "symmetric" NAT. Use "full cone" or "port restricted cone" NAT.
• No more than one layer of NAT should be present between ZeroTier endpoints and the Internet.
• NATs should have a port mapping or connection timeout no shorter than 60 seconds.
• Supporting either uPnP or NAT-PMP.
• IPv6 is recommended.

One of these points will probably fix my problem, but I have no idea where to find the equivalent settings in the router's configuration.

How can I tell if I'm restricting outbound UDP traffic? Where can I choose between "symmetric NAT" and "full cone NAT"? How can I tell if I have multiple layers of NAT? Where is the NAT port-mapping timeout specified? Where is the uPnP or NAT-PNP setting, or are those not supported?

 

[Max Pixel]

I found my answer in this thread from the Netgear forum: I don't have a public IP address from my ISP, so it's impossible for me to avoid double-NAT since there's a NAT layer outside of my control (tracert 1.1.1.1 shows 192.168 as the first hop, 172.26 as the second. If my router is misconfigured, it wouldn't make much of a difference anyways.