I am trying to compile the latest controller and tunnel, but I'm running into a small issue. Currently, the tunnel cannot connect to the edge router, and the edge router is reporting an error. Could you provide me with some advice? Thank you."
v: 3
identity:
cert: "router/idn/192.168.63.23/config/certs/192.168.63.23.cert"
server_cert: "router/idn/192.168.63.23/config/certs/192.168.63.23.server.chain.cert"
key: "router/idn/192.168.63.23/config/certs/192.168.63.23.key"
ca: "router/idn/192.168.63.23/config/certs/192.168.63.23.cas"
#alt_server_certs:
# - server_cert: ""
# server_key: ""
ctrl:
endpoint: tls:192.168.63.23:6262
link:
dialers:
- binding: transport
listeners:
- binding: transport
bind: tls:0.0.0.0:10080
advertise: tls:192.168.63.23:10080
options:
outQueueSize: 4
listeners:
# bindings of edge and tunnel requires an "edge" section below
- binding: edge
address: "tls:0.0.0.0:443"
options:
advertise: 192.168.63.23:443
connectTimeoutMs: 5000
getSessionTimeout: 60
# - binding: tunnel
# options:
# mode: host #tproxy|host
edge:
csr:
country: US
province: NC
locality: Charlotte
organization: NetFoundry
organizationalUnit: Ziti
sans:
dns:
- localhost
- ZhaoJun.local
ip:
- "127.0.0.1"
- "::1"
- "192.168.63.23"
#transport:
# ws:
# writeTimeout: 10
# readTimeout: 5
# idleTimeout: 120
# pongTimeout: 60
# pingInterval: 54
# handshakeTimeout: 10
# readBufferSize: 4096
# writeBufferSize: 4096
# enableCompression: true
forwarder:
latencyProbeInterval: 0
xgressDialQueueLength: 1000
xgressDialWorkerCount: 128
linkDialQueueLength: 1000
linkDialWorkerCount: 32
Could you run ziti ops verify-traffic
and confirm that it reports no errors?
From the looks of things, you have somehow misconfigured the PKI. exactly HOW that has happened is an intricate conversation and will require you to open the configuration files and use openssl to help learn where things went wrong.
It would be better if you started from our known binaries, a known quickstart/deployment, build the ziti binary and move that binary to your 'working' environment and restart 'whatever' component you need to.
With the information you have provided, and with the task it seems you're doing, I worry I am not going to be able to help you with this.
Could you try to the steps I outlined first? Or - could you explain what you're doing and why and maybe I could recommed a different/better appraoch?
"I'm running the code directly to start the controller and router, so there might be some parameter configuration errors. I’ll try using a quick-start setup now and then compare the two configuration files."
In my YAML file, the certificate paths are from an older version and differ significantly from the latest version 1.1.15. I need to carefully update them. I was stuck in a rut; thank you for the inspiration.