Edge Tunnel (v1.2.7) Fails to Connect to public Router

We have two public edge routers — one deployed on GKE and another on a Google Cloud VM.
Both the Ziti controller and router are running version 1.1.5.

Existing identities are able to connect to the Google VM-based public edge router without any issues. However, new identities using edge tunnels (SDK version 1.2.7) running on IoT devices are consistently aborting when attempting to connect only to the Google VM router.


_connect() ch[0] failed to connect to ER[gcp-edge-pub-router] [-103/software caused connection abort]
_connect() ch[0] failed to connect to ER[gcp-edge-pub-router] [-103/software caused connection abort]
_connect() ch[0] failed to connect to ER[gcp-edge-pub-router] [-103/software caused connection abort]
_connect() ch[0] failed to connect to ER[gcp-edge-pub-router] [-103/software caused connection abort]
_connect() ch[0] failed to connect to ER[gcp-edge-pub-router] [-103/software caused connection abort]

From IOT i tested
nc -vz 35.xx.xx.xxx 443
Connection to 35.xxx.xxxx.xxx 443 port [tcp/https] succeeded!

so it can reach Google VM so i dont know why router is rejecting?
do i need to manage any version specific to make it work?

Please advise on how to proceed or investigate this further.

The issue was caused by FortiGate overwriting the certificate when connecting via IP. It only allows proper TLS verification when using a DNS name. So I re-created the public router using DNS in the advertise address, and that resolved the problem.

2 Likes