Hi, I'm currently trying to deploy an OpenZiti environment in cluster mode manually. The controller configuration was set up following the GitHub reference, and it is working properly. However, I'm encountering issues with accessing services after setting up the router. My router operations were as follows:

./ziti create config router edge --routerName ha-route1 > ha-route1.yaml
./ziti router enroll -j /tmp/ha-route1.jwt ha-route1.yaml
./ziti router run ha-route1.yaml

Despite adding the service, I'm unable to access it. Below are the relevant parameters I've checked:

root@zt:/opt/zt# ./ziti agent list
╭───────┬────────────┬────────────┬────────────────────────────┬────────────┬─────────────┬───────────╮
│   PID │ EXECUTABLE │ APP ID     │ UNIX SOCKET                │ APP TYPE   │ APP VERSION │ APP ALIAS │
├───────┼────────────┼────────────┼────────────────────────────┼────────────┼─────────────┼───────────┤
│ 30458 │ ziti       │ ctrl1      │ /tmp/gops-agent.30458.sock │ controller │ v1.1.15     │           │
│ 30464 │ ziti       │ ctrl2      │ /tmp/gops-agent.30464.sock │ controller │ v1.1.15     │           │
│ 30472 │ ziti       │ ctrl3      │ /tmp/gops-agent.30472.sock │ controller │ v1.1.15     │           │
│ 30668 │ ziti       │ AobkYch2q6 │ /tmp/gops-agent.30668.sock │ router     │ v1.1.15     │           │
╰───────┴────────────┴────────────┴────────────────────────────┴────────────┴─────────────┴───────────╯
root@zt:/opt/zt# ./ziti agent cluster list -i ctrl1
╭───────┬──────────────────────┬───────┬────────┬─────────┬───────────╮
│ ID    │ ADDRESS              │ VOTER │ LEADER │ VERSION │ CONNECTED │
├───────┼──────────────────────┼───────┼────────┼─────────┼───────────┤
│ ctrl1 │ tls:10.49.64.98:6262 │ true  │ true   │ v1.1.15 │ true      │
│ ctrl2 │ tls:10.49.64.98:6363 │ true  │ false  │ v1.1.15 │ true      │
│ ctrl3 │ tls:10.49.64.98:6464 │ true  │ false  │ v1.1.15 │ true      │
╰───────┴──────────────────────┴───────┴────────┴─────────┴───────────╯
root@zt:/opt/zt# cat ha-route1.yaml
...
ctrl:
  endpoints:
    - tls:zt.bhq.sh.cn:6262
    - tls:zt.bhq.sh.cn:6363
    - tls:zt.bhq.sh.cn:6464
ha:
    enabled: true
...

root@zt:/opt/zt# ./ziti edge list services
╭────────────────────────┬──────┬────────────┬─────────────────────┬────────────╮
│ ID                     │ NAME │ ENCRYPTION │ TERMINATOR STRATEGY │ ATTRIBUTES │
│                        │      │  REQUIRED  │                     │            │
├────────────────────────┼──────┼────────────┼─────────────────────┼────────────┤
│ 68HobmjV49Vss66B2EPpyr │ web1 │ true       │ smartrouting        │            │
╰────────────────────────┴──────┴────────────┴─────────────────────┴────────────╯
root@zt:/opt/zt# ./ziti edge list service-policies
╭────────────────────────┬──────────────────┬──────────┬───────────────┬────────────────┬─────────────────────╮
│ ID                     │ NAME             │ SEMANTIC │ SERVICE ROLES │ IDENTITY ROLES │ POSTURE CHECK ROLES │
├────────────────────────┼──────────────────┼──────────┼───────────────┼────────────────┼─────────────────────┤
│ 22gLLLNolFe3UFYFCncie9 │ web1-bind-policy │ AnyOf    │ @web1         │ @ha-route1     │                     │
│ 32DC7rxmHybrAUCU4eFZdS │ web1-dial-policy │ AnyOf    │ @web1         │ @zsf           │                     │
╰────────────────────────┴──────────────────┴──────────┴───────────────┴────────────────┴─────────────────────╯
root@zt:/opt/zt# ./ziti fabric list routers
╭────────────┬───────────┬────────┬──────┬──────────────┬──────────┬────────────────────────┬───────────────────────────╮
│ ID         │ NAME      │ ONLINE │ COST │ NO TRAVERSAL │ DISABLED │ VERSION                │ LISTENERS                 │
├────────────┼───────────┼────────┼──────┼──────────────┼──────────┼────────────────────────┼───────────────────────────┤
│ AobkYch2q6 │ ha-route1 │ true   │    0 │ false        │ false    │ v1.1.15 on linux/amd64 │ 1: tls:zt.bhq.sh.cn:10080 │
╰────────────┴───────────┴────────┴──────┴──────────────┴──────────┴────────────────────────┴───────────────────────────╯
results: 1-1 of 1
root@zt:/opt/zt# ./ziti fabric list links
╭────┬────────┬──────────┬─────────────┬─────────────┬─────────────┬───────┬────────┬───────────╮
│ ID │ DIALER │ ACCEPTOR │ STATIC COST │ SRC LATENCY │ DST LATENCY │ STATE │ STATUS │ FULL COST │
├────┼────────┼──────────┼─────────────┼─────────────┼─────────────┼───────┼────────┼───────────┤
╰────┴────────┴──────────┴─────────────┴─────────────┴─────────────┴───────┴────────┴───────────╯
results: none
root@zt:/opt/zt# ./ziti edge policy-advisor identities

Policy General Guidelines
  In order for an identity to dial or bind a service, the following must be true:
    - The identity must have access to the service via a service policy of the correct type (dial or bind)
    - The identity must have access to at least one on-line edge router via an edge router policy
    - The service must have access to at least one on-line edge router via a service edge router policy
    - There must be at least one on-line edge router that both the identity and service have access to.

Policy Advisor Output Guide:
  STATUS = The status of the identity -> service reachability. Will be OKAY or ERROR.
  ID = identity name
  ID ROUTERS = number of routers accessible to the identity via edge router policies.
    - See edge router polices for an identity: ziti edge controller list identity edge-router-policies <identity>
  SVC = service name
  SVC ROUTERS = number of routers accessible to the service via service edge router policies.
    - See service edge router policies for a service with: ziti edge controller list service service-edge-router-policies <service>
  ONLINE COMMON ROUTERS = number of routers the identity and service have in common which are online.
  COMMON ROUTERS = number of routers (online or offline) the identity and service have in common.
  DIAL_OK = indicates if the identity has permission to dial the service.
    - See service polices for a service  : ziti edge controller list service service-policies <service>
    - See service polices for an identity: ziti edge controller list identity service-policies <identity>
  BIND_OK = indicates if the identity has permission to bind the service.
  ERROR_LIST = if the status is ERROR, error details will be listed on the following lines

Output format: STATUS: ID (ID ROUTERS) -> SVC (SVC ROUTERS) Common Routers: (ONLINE COMMON ROUTERS/COMMON ROUTERS) Dial: DIAL_OK Bind: BIND_OK. ERROR_LIST
-------------------------------------------------------------------------------
ERROR: admin
  - Identity does not have access to any services. Adjust service policies.

OKAY : ha-route1 (1) -> web1 (1) Common Routers: (1/1) Dial: N Bind: Y

OKAY : zsf (1) -> web1 (1) Common Routers: (1/1) Dial: Y Bind: N

ERROR: win-zsf
  - Identity does not have access to any services. Adjust service policies.

Could you please assist me in resolving this issue?

Server

QQ_17290486900611920×998 191 KB

Client

QQ_17290495247231610×1020 58.9 KB

QQ_1729052805984808×267 49.2 KB

When I shut down ctrl2 and ctrl3, the service is occasionally accessible. What could be the reason for this?

The macOS client does not yet support HA controllers. This capability will be added in the coming weeks, and will be available in Test Flight before it hits the app stores. Feel free to DM your Apple ID email address if you'd like to be on the Test Flight.

Are clients other than MacOS supported? For example, Windows, Linux, or Android?

None of the clients fully support clustering yet, although the latest versions of all the clients (including macOS, as of v2.44 which is now in the App Store) will work with clusters as long as the controller that enrolled the identity is online at the time the client is connecting. You'll need to use the "ctrlha-alpha" stream of the Windows client to get this initial HA capability on Windows.

After testing, the v2.44 version works normally on macOS. Thank you for your hard work!

My MAC client was working fine before version 2.44, but after updating to version 2.45, I can no longer access the cluster controller properly. Why is this?

I'm not sure, this isn't expected. Can you try disconnecting/reconnecting after setting the log level to trace and share the packet tunnel log with me?

I haven't seen your logs yet, but a problem in the recent ziti-sdk-c update came to light late yesterday and I have a hunch that it was the cause of your trouble. A fix has been made to the SDKs and ziti-edge-tunnel. Look for a test flight of ziti desktop edge shortly.

Sorry, after reviewing the logs, I found that the issue was caused by the previous problem with my computer, which cleared the 'Keychains.' After re-registering the JWT, the issue was resolved.

[2024-10-23T00:30:08:817Z]    INFO PacketTunnelProvider:Logger.swift:206 rotateLogs() io.netfoundry.ZitiPacketTunnel.PacketTunnelProvider Version: 2.45 (523), OS: 版本11.7.10（版号20G1427）
[2024-10-23T00:54:29:599Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:227 stopTunnel() 
[2024-10-23T00:54:29:600Z]   ERROR CZiti:ZitiTunnel.swift:264 shutdownZiti() Invalid ztx for identifier 4sA-2ik28
[2024-10-23T00:54:29:601Z]   ERROR CZiti:ZitiTunnel.swift:264 shutdownZiti() Invalid ztx for identifier KJYlYclbq6
[2024-10-23T00:54:29:601Z]    INFO CZiti:Ziti.swift:257 executeRunloop() runZiti - loop exited with status 0
[2024-10-23T00:54:29:602Z]    INFO CZiti:ZitiTunnel.swift:278 shutdownZiti() Ziti shutdown complete, status=success
[2024-10-23T00:54:29:602Z]    INFO PacketTunnelProvider:UserNotifications.swift:100 post() Attempting to post Info notification, subitile:Optional("Disconnected"), body:nil, zid:nil
[2024-10-23T00:54:29:604Z]    WARN PacketTunnelProvider:UserNotifications.swift:107 post() Not authorized to send notifications
[2024-10-23T00:54:29:604Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:244 stopTunnel() Exiting
[2024-10-23T01:00:25:812Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:38 init() io.netfoundry.ZitiPacketTunnel.PacketTunnelProvider Version: 2.45 (523), OS: 版本11.7.10（版号20G1427）; ziti-sdk-c version 1.1.3-gf713dc6(Oct 18 2024 18:57:31)
[2024-10-23T01:00:25:835Z]    INFO PacketTunnelProvider:UserNotifications.swift:94 requestAuth() Auth request authorized? false
[2024-10-23T01:00:25:844Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:58 startTunnelAsync() 
[2024-10-23T01:00:25:844Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:59 startTunnelAsync() options=nil
[2024-10-23T01:00:25:845Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:164 loadConfig() ProviderConfig <PacketTunnelProvider.ProviderConfig: 0x7fb886518420>
ipAddress: 100.64.0.1
subnetMask: 255.192.0.0
mtu: 4000
dns: 100.64.0.2
fallbackDnsEnabled: false
fallbackDns: 1.1.1.1
interceptMatchedDns: true
lowPowerMode: false
logLevel: 3
logRotateDaily: true
logRotateCount: 5
logRotateSizeMB: 50
[2024-10-23T01:00:25:845Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:87 startTunnelAsync() Setting log level to INFO
[2024-10-23T01:00:25:845Z]    INFO PacketTunnelProvider:Logger.swift:242 updateRotateSettings() Updating log rotate config to daily:true, count:5, sizeMB:50
[2024-10-23T01:00:25:858Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:00:25:872Z]    INFO CZiti:ZitiTunnel.swift:208 loadAndRunZiti() Starting KJYlYclbq6:"Optional("zsf")" at https://10.49.64.98:1280
[2024-10-23T01:00:25:906Z]   ERROR CZiti:ZitiKeychain.swift:264 getCertificate() 在钥匙串中找不到指定的项。
[2024-10-23T01:00:25:907Z]   ERROR CZiti:Ziti.swift:389 run() Unable to get certificate for KJYlYclbq6: 在钥匙串中找不到指定的项。
[2024-10-23T01:00:25:910Z]   ERROR PacketTunnelProvider:ZitiTunnelDelegate.swift:82 initCallback() Unable to init zsf:KJYlYclbq6, err: Unable to get certificate for KJYlYclbq6: 在钥匙串中找不到指定的项。
[2024-10-23T01:00:25:910Z]    INFO PacketTunnelProvider:UserNotifications.swift:100 post() Attempting to post Info notification, subitile:Optional("Initialization Failure"), body:Optional("Unable to init zsf:KJYlYclbq6, err: Unable to get certificate for KJYlYclbq6: 在钥匙串中找不到指定的项。"), zid:Optional("zsf")
[2024-10-23T01:00:25:911Z]    WARN PacketTunnelProvider:UserNotifications.swift:107 post() Not authorized to send notifications
[2024-10-23T01:00:25:914Z]    INFO CZiti:ZitiTunnel.swift:208 loadAndRunZiti() Starting 4sA-2ik28:"Optional("zsf-1.jwt")" at https://zt.bhq.sh.cn:8441
[2024-10-23T01:00:25:915Z]   ERROR CZiti:ZitiKeychain.swift:264 getCertificate() 在钥匙串中找不到指定的项。
[2024-10-23T01:00:25:915Z]   ERROR CZiti:Ziti.swift:389 run() Unable to get certificate for 4sA-2ik28: 在钥匙串中找不到指定的项。
[2024-10-23T01:00:25:918Z]   ERROR PacketTunnelProvider:ZitiTunnelDelegate.swift:82 initCallback() Unable to init zsf-1.jwt:4sA-2ik28, err: Unable to get certificate for 4sA-2ik28: 在钥匙串中找不到指定的项。
[2024-10-23T01:00:25:918Z]    INFO PacketTunnelProvider:UserNotifications.swift:100 post() Attempting to post Info notification, subitile:Optional("Initialization Failure"), body:Optional("Unable to init zsf-1.jwt:4sA-2ik28, err: Unable to get certificate for 4sA-2ik28: 在钥匙串中找不到指定的项。"), zid:Optional("zsf-1.jwt")
[2024-10-23T01:00:25:918Z]    WARN PacketTunnelProvider:UserNotifications.swift:107 post() Not authorized to send notifications
[2024-10-23T01:00:25:923Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:208 updateTunnelNetworkSettings() route: 100.64.0.1 / 255.192.0.0
[2024-10-23T01:00:25:924Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet
[2024-10-23T01:00:25:929Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:00:25:929Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:00:26:175Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet 
     16: name:utun2, type:other
[2024-10-23T01:00:26:181Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:00:26:181Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:01:01:645Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:227 stopTunnel() 
[2024-10-23T01:01:01:646Z]   ERROR CZiti:ZitiTunnel.swift:264 shutdownZiti() Invalid ztx for identifier KJYlYclbq6
[2024-10-23T01:01:01:646Z]   ERROR CZiti:ZitiTunnel.swift:264 shutdownZiti() Invalid ztx for identifier 4sA-2ik28
[2024-10-23T01:01:01:646Z]    INFO CZiti:Ziti.swift:257 executeRunloop() runZiti - loop exited with status 0
[2024-10-23T01:01:01:646Z]    INFO CZiti:ZitiTunnel.swift:278 shutdownZiti() Ziti shutdown complete, status=success
[2024-10-23T01:01:01:646Z]    INFO PacketTunnelProvider:UserNotifications.swift:100 post() Attempting to post Info notification, subitile:Optional("Disconnected"), body:nil, zid:nil
[2024-10-23T01:01:01:647Z]    WARN PacketTunnelProvider:UserNotifications.swift:107 post() Not authorized to send notifications
[2024-10-23T01:01:01:647Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:244 stopTunnel() Exiting
[2024-10-23T01:01:01:736Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:38 init() io.netfoundry.ZitiPacketTunnel.PacketTunnelProvider Version: 2.45 (523), OS: 版本11.7.10（版号20G1427）; ziti-sdk-c version 1.1.3-gf713dc6(Oct 18 2024 18:57:31)
[2024-10-23T01:01:01:760Z]    INFO PacketTunnelProvider:UserNotifications.swift:94 requestAuth() Auth request authorized? false
[2024-10-23T01:01:01:760Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:58 startTunnelAsync() 
[2024-10-23T01:01:01:760Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:59 startTunnelAsync() options=nil
[2024-10-23T01:01:01:761Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:164 loadConfig() ProviderConfig <PacketTunnelProvider.ProviderConfig: 0x7f841cf14630>
ipAddress: 100.64.0.1
subnetMask: 255.192.0.0
mtu: 4000
dns: 100.64.0.2
fallbackDnsEnabled: false
fallbackDns: 1.1.1.1
interceptMatchedDns: true
lowPowerMode: false
logLevel: 3
logRotateDaily: true
logRotateCount: 5
logRotateSizeMB: 50
[2024-10-23T01:01:01:761Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:87 startTunnelAsync() Setting log level to INFO
[2024-10-23T01:01:01:761Z]    INFO PacketTunnelProvider:Logger.swift:242 updateRotateSettings() Updating log rotate config to daily:true, count:5, sizeMB:50
[2024-10-23T01:01:01:770Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:01:780Z]    INFO CZiti:ZitiTunnel.swift:208 loadAndRunZiti() Starting 4sA-2ik28:"Optional("zsf-1.jwt")" at https://zt.bhq.sh.cn:8441
[2024-10-23T01:01:01:814Z]   ERROR CZiti:ZitiKeychain.swift:264 getCertificate() 在钥匙串中找不到指定的项。
[2024-10-23T01:01:01:814Z]   ERROR CZiti:Ziti.swift:389 run() Unable to get certificate for 4sA-2ik28: 在钥匙串中找不到指定的项。
[2024-10-23T01:01:01:817Z]   ERROR PacketTunnelProvider:ZitiTunnelDelegate.swift:82 initCallback() Unable to init zsf-1.jwt:4sA-2ik28, err: Unable to get certificate for 4sA-2ik28: 在钥匙串中找不到指定的项。
[2024-10-23T01:01:01:817Z]    INFO PacketTunnelProvider:UserNotifications.swift:100 post() Attempting to post Info notification, subitile:Optional("Initialization Failure"), body:Optional("Unable to init zsf-1.jwt:4sA-2ik28, err: Unable to get certificate for 4sA-2ik28: 在钥匙串中找不到指定的项。"), zid:Optional("zsf-1.jwt")
[2024-10-23T01:01:01:818Z]    WARN PacketTunnelProvider:UserNotifications.swift:107 post() Not authorized to send notifications
[2024-10-23T01:01:01:823Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:208 updateTunnelNetworkSettings() route: 100.64.0.1 / 255.192.0.0
[2024-10-23T01:01:01:823Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet
[2024-10-23T01:01:01:827Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:01:827Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:01:02:050Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet 
     16: name:utun2, type:other
[2024-10-23T01:01:02:055Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:02:056Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:01:05:175Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet
[2024-10-23T01:01:05:179Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:05:179Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:01:05:333Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:227 stopTunnel() 
[2024-10-23T01:01:05:333Z]   ERROR CZiti:ZitiTunnel.swift:264 shutdownZiti() Invalid ztx for identifier 4sA-2ik28
[2024-10-23T01:01:05:333Z]    INFO CZiti:Ziti.swift:257 executeRunloop() runZiti - loop exited with status 0
[2024-10-23T01:01:05:333Z]    INFO CZiti:ZitiTunnel.swift:278 shutdownZiti() Ziti shutdown complete, status=success
[2024-10-23T01:01:05:333Z]    INFO PacketTunnelProvider:UserNotifications.swift:100 post() Attempting to post Info notification, subitile:Optional("Disconnected"), body:nil, zid:nil
[2024-10-23T01:01:05:333Z]    WARN PacketTunnelProvider:UserNotifications.swift:107 post() Not authorized to send notifications
[2024-10-23T01:01:05:334Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:244 stopTunnel() Exiting
[2024-10-23T01:01:06:111Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:38 init() io.netfoundry.ZitiPacketTunnel.PacketTunnelProvider Version: 2.45 (523), OS: 版本11.7.10（版号20G1427）; ziti-sdk-c version 1.1.3-gf713dc6(Oct 18 2024 18:57:31)
[2024-10-23T01:01:06:134Z]    INFO PacketTunnelProvider:UserNotifications.swift:94 requestAuth() Auth request authorized? false
[2024-10-23T01:01:06:136Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:58 startTunnelAsync() 
[2024-10-23T01:01:06:136Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:59 startTunnelAsync() options=nil
[2024-10-23T01:01:06:136Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:164 loadConfig() ProviderConfig <PacketTunnelProvider.ProviderConfig: 0x7fe9dff0bd30>
ipAddress: 100.64.0.1
subnetMask: 255.192.0.0
mtu: 4000
dns: 100.64.0.2
fallbackDnsEnabled: false
fallbackDns: 1.1.1.1
interceptMatchedDns: true
lowPowerMode: false
logLevel: 3
logRotateDaily: true
logRotateCount: 5
logRotateSizeMB: 50
[2024-10-23T01:01:06:137Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:87 startTunnelAsync() Setting log level to INFO
[2024-10-23T01:01:06:137Z]    INFO PacketTunnelProvider:Logger.swift:242 updateRotateSettings() Updating log rotate config to daily:true, count:5, sizeMB:50
[2024-10-23T01:01:06:145Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:06:151Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:208 updateTunnelNetworkSettings() route: 100.64.0.1 / 255.192.0.0
[2024-10-23T01:01:06:151Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet
[2024-10-23T01:01:06:155Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:06:155Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:01:06:371Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet 
     16: name:utun2, type:other
[2024-10-23T01:01:06:375Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:06:375Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:01:29:425Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet
[2024-10-23T01:01:29:431Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:29:431Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:01:29:589Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:227 stopTunnel() 
[2024-10-23T01:01:29:589Z]    INFO CZiti:Ziti.swift:257 executeRunloop() runZiti - loop exited with status 0
[2024-10-23T01:01:29:590Z]    INFO CZiti:ZitiTunnel.swift:278 shutdownZiti() Ziti shutdown complete, status=success
[2024-10-23T01:01:29:590Z]    INFO PacketTunnelProvider:UserNotifications.swift:100 post() Attempting to post Info notification, subitile:Optional("Disconnected"), body:nil, zid:nil
[2024-10-23T01:01:29:591Z]    WARN PacketTunnelProvider:UserNotifications.swift:107 post() Not authorized to send notifications
[2024-10-23T01:01:29:591Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:244 stopTunnel() Exiting
[2024-10-23T01:01:29:677Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:38 init() io.netfoundry.ZitiPacketTunnel.PacketTunnelProvider Version: 2.45 (523), OS: 版本11.7.10（版号20G1427）; ziti-sdk-c version 1.1.3-gf713dc6(Oct 18 2024 18:57:31)
[2024-10-23T01:01:29:697Z]    INFO PacketTunnelProvider:UserNotifications.swift:94 requestAuth() Auth request authorized? false
[2024-10-23T01:01:29:700Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:58 startTunnelAsync() 
[2024-10-23T01:01:29:700Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:59 startTunnelAsync() options=nil
[2024-10-23T01:01:29:700Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:164 loadConfig() ProviderConfig <PacketTunnelProvider.ProviderConfig: 0x7fce886142c0>
ipAddress: 100.64.0.1
subnetMask: 255.192.0.0
mtu: 4000
dns: 100.64.0.2
fallbackDnsEnabled: false
fallbackDns: 1.1.1.1
interceptMatchedDns: true
lowPowerMode: false
logLevel: 3
logRotateDaily: true
logRotateCount: 5
logRotateSizeMB: 50
[2024-10-23T01:01:29:700Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:87 startTunnelAsync() Setting log level to INFO
[2024-10-23T01:01:29:700Z]    INFO PacketTunnelProvider:Logger.swift:242 updateRotateSettings() Updating log rotate config to daily:true, count:5, sizeMB:50
[2024-10-23T01:01:29:713Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:29:718Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:208 updateTunnelNetworkSettings() route: 100.64.0.1 / 255.192.0.0
[2024-10-23T01:01:29:718Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet
[2024-10-23T01:01:29:722Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:29:722Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:01:29:924Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet 
     16: name:utun2, type:other
[2024-10-23T01:01:29:929Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:01:29:929Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
[2024-10-23T01:03:09:319Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:227 stopTunnel() 
[2024-10-23T01:03:09:319Z]    INFO CZiti:Ziti.swift:257 executeRunloop() runZiti - loop exited with status 0
[2024-10-23T01:03:09:320Z]    INFO CZiti:ZitiTunnel.swift:278 shutdownZiti() Ziti shutdown complete, status=success
[2024-10-23T01:03:09:321Z]    INFO PacketTunnelProvider:UserNotifications.swift:100 post() Attempting to post Info notification, subitile:Optional("Disconnected"), body:nil, zid:nil
[2024-10-23T01:03:09:322Z]    WARN PacketTunnelProvider:UserNotifications.swift:107 post() Not authorized to send notifications
[2024-10-23T01:03:09:322Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:244 stopTunnel() Exiting
[2024-10-23T01:03:09:416Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:38 init() io.netfoundry.ZitiPacketTunnel.PacketTunnelProvider Version: 2.45 (523), OS: 版本11.7.10（版号20G1427）; ziti-sdk-c version 1.1.3-gf713dc6(Oct 18 2024 18:57:31)
[2024-10-23T01:03:09:437Z]    INFO PacketTunnelProvider:UserNotifications.swift:94 requestAuth() Auth request authorized? false
[2024-10-23T01:03:09:440Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:58 startTunnelAsync() 
[2024-10-23T01:03:09:440Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:59 startTunnelAsync() options=nil
[2024-10-23T01:03:09:440Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:164 loadConfig() ProviderConfig <PacketTunnelProvider.ProviderConfig: 0x7fed0aa19fb0>
ipAddress: 100.64.0.1
subnetMask: 255.192.0.0
mtu: 4000
dns: 100.64.0.2
fallbackDnsEnabled: false
fallbackDns: 1.1.1.1
interceptMatchedDns: true
lowPowerMode: false
logLevel: 3
logRotateDaily: true
logRotateCount: 5
logRotateSizeMB: 50
[2024-10-23T01:03:09:440Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:87 startTunnelAsync() Setting log level to INFO
[2024-10-23T01:03:09:440Z]    INFO PacketTunnelProvider:Logger.swift:242 updateRotateSettings() Updating log rotate config to daily:true, count:5, sizeMB:50
[2024-10-23T01:03:09:449Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:03:09:459Z]    INFO CZiti:ZitiTunnel.swift:208 loadAndRunZiti() Starting KJYlYclbq6:"Optional("zsf.jwt")" at https://10.49.64.98:1280
(1810)[2024-10-23T01:03:09.501Z]    INFO ziti-sdk:utils.c:198 ziti_log_set_level() set log level: root=3/INFO
(1810)[2024-10-23T01:03:09.501Z]    INFO ziti-sdk:utils.c:169 ziti_log_init() Ziti C SDK version 1.1.3 @gf713dc6(HEAD) starting at (2024-10-23T01:03:09.502)
(1810)[2024-10-23T01:03:09.555Z]    INFO ziti-sdk:ziti.c:438 ziti_start_internal() ztx[0] using tlsuv[v0.32.6/OpenSSL 3.3.1 4 Jun 2024]
(1810)[2024-10-23T01:03:09.555Z]    INFO ziti-sdk:ziti_ctrl.c:593 ziti_ctrl_init() ctrl[(null):] using https://10.49.64.98:1280
(1810)[2024-10-23T01:03:09.555Z]    INFO ziti-sdk:ziti.c:507 ztx_init_controller() ztx[0] Loading ziti context with controller[https://10.49.64.98:1280]
(1810)[2024-10-23T01:03:09.599Z]    INFO ziti-sdk:ziti.c:1761 version_pre_auth_cb() ztx[0] connected to HA controller https://10.49.64.98:1280 version v1.1.15(0eec47ce3c80 2024-10-02T12:59:41Z)
(1810)[2024-10-23T01:03:09.664Z]    INFO ziti-sdk:oidc.c:308 request_token() requesting token path[/oidc/oauth/token] auth[aeXFSj1xrdaT9ZU2Wes_Uz0AiHbU2_32YTXelFpoTXn0DV5fYljm2DOBZPoSw3T2Gr6kQw]
(1810)[2024-10-23T01:03:09.730Z]    INFO tunnel-cbs:ziti_tunnel_ctrl.c:968 on_ziti_event() ziti_ctx[KJYlYclbq6] connected to controller
[2024-10-23T01:03:09:736Z]    INFO PacketTunnelProvider:ZitiTunnelDelegate.swift:222 tunnelEventCallback() ZitiTunnelEvent: <CZiti.ZitiTunnelContextEvent: 0x7fed08d17c70>
   identity: zsf.jwt:"KJYlYclbq6"
   status: OK
   name: KJYlYclbq6
   version: v1.1.15
   controller: https://10.49.64.98:1280
   code: 0
(1810)[2024-10-23T01:03:09.749Z]    INFO ziti-sdk:ziti.c:266 ctrl_list_cb() ztx[0] controller[ctrl1/ctrl1] url[https://10.49.64.98:1280/edge/client/v1]
(1810)[2024-10-23T01:03:09.749Z]    INFO ziti-sdk:ziti.c:266 ctrl_list_cb() ztx[0] controller[ctrl2/ctrl2] url[https://10.49.64.98:1380/edge/client/v1]
(1810)[2024-10-23T01:03:09.749Z]    INFO ziti-sdk:ziti.c:266 ctrl_list_cb() ztx[0] controller[ctrl3/ctrl3] url[https://10.49.64.98:1480/edge/client/v1]
(1810)[2024-10-23T01:03:09.766Z]    INFO tunnel-cbs:ziti_tunnel_ctrl.c:968 on_ziti_event() ziti_ctx[zsf] connected to controller
[2024-10-23T01:03:09:767Z]    INFO CZiti:ZitiTunnel.swift:306 ZitiTunnel() zid name updated to: zsf
[2024-10-23T01:03:09:767Z]    INFO PacketTunnelProvider:ZitiTunnelDelegate.swift:222 tunnelEventCallback() ZitiTunnelEvent: <CZiti.ZitiTunnelContextEvent: 0x7fed0aa4bf20>
   identity: zsf:"KJYlYclbq6"
   status: OK
   name: zsf
   version: v1.1.15
   controller: https://10.49.64.98:1280
   code: 0
(1810)[2024-10-23T01:03:09.781Z]    INFO ziti-sdk:channel.c:270 new_ziti_channel() ch[0] (ha-route1) new channel for ztx[0] identity[zsf]
(1810)[2024-10-23T01:03:09.781Z]    INFO tunnel-cbs:ziti_tunnel_ctrl.c:1039 on_ziti_event() ztx[zsf] added edge router ha-route1@zt.bhq.sh.cn
(1810)[2024-10-23T01:03:09.781Z]    INFO ziti-sdk:channel.c:799 reconnect_channel() ch[0] reconnecting NOW
(1810)[2024-10-23T01:03:09.811Z]    INFO tunnel-cbs:ziti_tunnel_cbs.c:414 new_ziti_intercept() creating intercept for service[web1] with intercept.v1 = { "addresses": [ "web1.ziti" ], "portRanges": [ { "high": 80, "low": 80 } ], "protocols": [ "tcp", "udp" ] }
(1810)[2024-10-23T01:03:09.811Z]    INFO tunnel-cbs:ziti_dns.c:349 new_ipv4_entry() registered DNS entry web1.ziti -> 100.64.0.3
(1810)[2024-10-23T01:03:09.811Z]    INFO tunnel-cbs:ziti_tunnel_ctrl.c:925 on_service() starting intercepting for service[web1]
[2024-10-23T01:03:09:816Z]    INFO PacketTunnelProvider:ZitiTunnelDelegate.swift:222 tunnelEventCallback() ZitiTunnelEvent: <CZiti.ZitiTunnelServiceEvent: 0x7fed08d1c940>
   identity: zsf:"KJYlYclbq6"
   status: 
   removed: (0)
   added: (1)
      0:{"id":"68HobmjV49Vss66B2EPpyr","intercept.v1":{"addresses":["web1.ziti"],"portRanges":[{"low":80,"high":80}],"protocols":["tcp","udp"]},"postureQuerySets":[{"policyId":"dummy dial policy: no posture checks defined","policyType":"Dial","isPassing":true}],"encrypted":true,"host.v1":{"port":8000,"allowedProtocols":["tcp","udp"],"forwardProtocol":true,"address":"10.49.64.98"},"permFlags":1,"name":"web1"}

[2024-10-23T01:03:09:825Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:208 updateTunnelNetworkSettings() route: 100.64.0.1 / 255.192.0.0
(1810)[2024-10-23T01:03:09.825Z]    INFO ziti-sdk:channel.c:697 hello_reply_cb() ch[0] connected. EdgeRouter version: v1.1.15|0eec47ce3c80|2024-10-02T12:59:41Z|linux|amd64
(1810)[2024-10-23T01:03:09.825Z]    INFO tunnel-cbs:ziti_tunnel_ctrl.c:1043 on_ziti_event() ztx[zsf] router ha-route1 connected
[2024-10-23T01:03:09:826Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:208 updateTunnelNetworkSettings() route: 100.64.0.1 / 255.192.0.0
[2024-10-23T01:03:09:826Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet
[2024-10-23T01:03:09:838Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:03:09:839Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
(1810)[2024-10-23T01:03:09.838Z]    INFO tunnel-cbs:ziti_dns.c:273 ziti_dns_set_upstream() DNS upstream[1] is set to 10.49.4.254:53
[2024-10-23T01:03:10:135Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:381 logNetworkPath() Network Path Update:
Status:satisfied, Expensive:false, Cellular:false, DNS:true
   Interfaces: 
     5: name:en0, type:wifi 
     7: name:feth4899, type:wiredEthernet 
     16: name:utun2, type:other
[2024-10-23T01:03:10:141Z]    WARN PacketTunnelProvider:PacketTunnelProvider.swift:327 getUpstreamDns() No fallback DNS configured. Setting to first resolver: 10.49.4.254
[2024-10-23T01:03:10:141Z]    INFO PacketTunnelProvider:PacketTunnelProvider.swift:366 startNetworkMonitor() Setting fallback DNS to 10.49.4.254
(1810)[2024-10-23T01:03:10.141Z]    INFO tunnel-cbs:ziti_dns.c:273 ziti_dns_set_upstream() DNS upstream[1] is set to 10.49.4.254:53
(1810)[2024-10-23T01:03:10.698Z]    INFO ziti-sdk:posture.c:201 ziti_send_posture_data() ztx[0] first run or potential controller restart detected
(1810)[2024-10-23T01:03:29.223Z]    INFO tunnel-cbs:ziti_dns.c:567 format_resp() found record[100.64.0.3] for query[1:web1.ziti]