I've noticed a bug with the Android tunneler: If the app is closed entirely (you can force stop it in Android Settings under Apps) the moment you open it and turn the service back on and try to authenticate (I'm using an IDP) you cannot reach the IDP website - but you also cannot access any internet websites, almost as if DNS is broken. My ping utility shows "Unknown host" and browser displays a DNS error.
I've experience this other times but it's the most "reproducible" method. If you then disable, and re-enable the identity in the tunneler app, you will be able to succesfully use the internet and authenticate via IDP.
I have noticed with two services (matrix and IMAP) that the ziti edge tunnels (android and linux respectively), fail to resolve.
If I hard-restart the tunnel, everything resolves again. I can access services, but it seems like the tunnels have something like a stale handle.
I feel like there are 2 separate issues here, and I've experienced both as well (I mentioned one in another thread).
DNS/Resolving/Internet breaking upon first Android client login (nothing resolves - and I'm not yet authenticated so apps don't work at all, as expected, but the IDP and normal browsing break), that's this issue.
The second is my other thread where I have a similar issue to you, where I get logged in and some apps do work, and others do not - but yet DNS resolves to OpenZiti correctly, it's just not allowing all apps to work.
Although I seem to find these bugs, I do just want to state Open Ziti is great and has so much potential! I've been growing attached as I use it and learn more about how it works.
Does "About" show v0.13.5? That's the version I'm trying to reproduce with on a Pixel 6.
I ignored the "app may misbehave" warning and force stopped ZME in Android Settings, but I didn't encounter the DNS problem. Can you trigger this DNS problem without "force stop" (which may lead to a non-graceful exit and a broken app state)? You mentioned "first Android client login" and that could mean you're encountering this DNS problem when you first turn on the tunnel in the ZME app. If so, does the DNS problem persist, or is it only manifesting "at first login?"
Thanks for clarifying that the workaround for the DNS issue is to toggle the tunnel in the ZME app.
The other issue was described as "some apps do work, and others do not." Are you saying that some Ziti services work, and others do not? Specifically, of the apps that are working, are they trying unsuccessfully to connect to a Ziti service? What about those apps that are not working?
Yes, latest version of all software is being used.
Just tested and confirmed it happens if I reboot the phone as well, and try to bring up the tunnel. There could be other circumstances but none come to mind right now.
I have a Windows Edge Client thread here, where @TheLumberjack confirmed the issue during sleep (again, may be triggered in other circumstances but this was the easiest way to reproduce it). I will let @thedarkula confirm the Android/Linux side of this. But yes, you're correct in that some ziti services work, others do not - but the ones that work, have no issues - they are intercepted and connect to the app just fine, and the ones that do not work will resolve to their standard (non ziti-tunneled) destination.
this makes little sense to me because DNS queries not covered by intercepts are proxied to the DNS server provided by your network. Also they would not depend on any identity being authenticated via IdP or otherwise.
if you encounter that condition, please submit application feedback bundle before force-quitting the app (that should never be necessary)
Ok, so I tried clearing the cache in Android settings and clearing the data to start fresh, re-enrolled and right on the first connection, when it loads the IDP the internet is not working - I then disable/re-enable and i'm able to login again. It seems like it is some sort of bug maybe specific to the Pixel device and OpenZiti. Given the previous logs didn't have much in them - is there something else I should be checking?
