[Bug][macOS] ZeroTier adds unwanted default route to 127.0.0.1 on latest macOS #2520
Description
Title:
[macOS] ZeroTier adds unwanted default route to 127.0.0.1 on latest macOS
Description:
Hi,
After upgrading macOS to the latest version, I noticed a serious routing issue with ZeroTier when allowManaged=true.
Even though I have no 0.0.0.0/0 route configured in the controller, ZeroTier still installs an extra default route pointing to 127.0.0.1.
Environment:
-
macOS version: [e.g. macOS 15 Sequoia / macOS 14 Sonoma]
-
ZeroTier version: [e.g. 1.14.x]
-
Network config:
allowManaged=true- Only a subnet route (e.g.
10.100.0.0/16) is pushed - No default route (0.0.0.0/0) is configured
Observed behavior:
When joining the ZeroTier network, macOS adds this unexpected route:
$ route -n get default
route to: default
destination: default
mask: default
gateway: 127.0.0.1
interface: lo0At the same time, my normal default route (192.168.1.1 via en0) is overridden.
This causes all internet traffic to be broken with error No route to host.
Expected behavior:
ZeroTier should only add the managed subnet route(s) (e.g. 10.100.0.0/16) and should not inject a default route unless explicitly configured in the controller.
Notes:
- This issue only happens on macOS.
- On Linux and Windows clients, no unwanted default route is added.
- On older macOS versions (before [Ventura/Sonoma]), this problem did not occur. It seems Apple changed routing behavior, and ZeroTier’s injected default route is no longer ignored but treated as active.
Impact:
- Breaks all internet connectivity when connected to ZeroTier.
- Workaround: manually delete the default route to 127.0.0.1 and re-add the local gateway.
👉 Could you please confirm if this is a known bug, and whether ZeroTier for macOS can avoid injecting the default 127.0.0.1 route when not explicitly configured?
Thanks!