I’m testing with an android and I’m getting a 169 subnet. Is that normal?
Is this customizable for us to push our own DNS servers?
Should DNS resolution work? I am unable to resolve the hostnames below with the jptech.ssh.server attribute, but I can ssh to them fine from falkor.
╭────────────┬─────────────────────┬────────┬────────────────────────────────┬─────────────╮
│ ID │ NAME │ TYPE │ ATTRIBUTES │ AUTH-POLICY │
├────────────┼─────────────────────┼────────┼────────────────────────────────┼─────────────┤
│ -xRENbWvR │ Jp.pixel7 │ Device │ jptech.admin │ Default │
│ 1-lwdbW83 │ linux.jptech.ziti │ Device │ jptech.ssh.server │ Default │
│ poMBu.ev3 │ mac.jptech.ziti │ Device │ jptech.ssh.server │ Default │
│ qcJwu.W83 │ falkor.jptech.ziti │ Device │ jptech.admin │ Default │
│ tJ9Bu.ev3 │ win.jptech.ziti │ Device │ jptech.ssh.server │ Default │
╰────────────┴─────────────────────┴────────┴────────────────────────────────┴─────────────╯
edit: it looks like with the ziti client running on my phone the internet doesn’t work. does the ziti client for android work like a VPN and route all traffic through the fabric as the default gateway?
edit2: no, it looks like I can ping IPs, but I can’t resolve addresses, even fabric ones.
It is designed to only intercept ziti services and let all other traffic bypass. It is done by only adding appropriate routes to the VPN/tunnel interface -- from CGNAT block 100.64.0.0/10 or explicit service
intercept CIDR blocks