Hey, I am back with good news this time.
Small update
I have tried several times, but the controller always gave strange error, even with express install. I have tried installing it on both CentOS 9 and Lubuntu with no luck. I decided to also give Ubuntu a shot and there the express install of the controller worked fine. I can't say if there are problems with other OS or not, but at least now it work.
Current situation
So now I am in the situation desired from the beginning (kind-of):
- Controller+Router: Installed on a Ubuntu
- Routers R1 and R2: Installed on CentOS7
Now everything it is linked together as they should. So I have tried moving on with my test lab. I have added:
- A Lubuntu VM, simulating what it will be a client
- Another Lubuntu VM, simulating what it will be a server
Here's a simple diagram that show my current setup:
Next Goal
My next goal it is now to test OpenZiti in some way, to see if things routes properly and the possibilities that it gives. Looking at the official documentation, I found an example of a simple HTTP Tunneler and I decided to try implementing that.Here it is for reference.
Problem
I was following the 10 steps provided in the link above and everything was going right, until I reaches step 7. At step 7, if I understood it correctly, I have to run the command:ziti edge list identities
On the router, in this case, I think on R2 to find this 'identity'. But when I do it, it gives me the following error:
error: no identity 'default' found in cli config /home/router01/.config/ziti/ziti-cli.json
From here I start to understand why and reading more carefully I see that as prerequisite need to install an OpenZiti tunneler on both machines. So I follow the guide, that seems simple, and I:
- Installed Linux Tunneler on the Client:
curl -sSLf https://get.openziti.io/tun/scripts/install-ubuntu.bash | bash
- Enabled and started the service:
sudo systemctl enable --now ziti-edge-tunnel.service
- Created an Identity on the Controller for the Client:
ziti edge create identity user http-client -a 'http-clients' -o http-client.jwt
- Imported that '.jwt' to the Client and run the command:
sudo ziti-edge-tunnel add --jwt http-client.jwt --identity http-client
But I got the following error:
received response <{"Success":false, "Error":"enrollment failed", "Code":500}>
Possible solutions
And at this point I am kind of stucked again unfortunately.- One thing that comes to my mind, is that when setting up the routers, I have done this command:
ziti create config router edge --routerName ${router_name} output ${router_name}.yml --tunnelerMode none > $HOME/ziti-router01/${router_name}.yml
And I see that "--tunnelerMode none", can it be the cause of my problems?
- Something else that came to my mind is that Routers R1 and R2 have two network interfaces and they can ping with both Controller IP and the respective local ones. The Client is just able to ping the local port of R1, cannot ping the Controller, can it be another possible problem?
If I forgot something import in order to understand what's going on tell me and I will provide all the necessary. Thanks in advance.