Hello,
As requested, starting a more targeted thread relating to the issues with External JWTs and OIDC Authentication with Authentik.
Environment: Running latest Authentik IDP (like keycloak, authelia, etc.). Authentik is working great for apps, but I'd like to use it authenticate users on my Open Ziti network.
I have upgraded the controller/router/ZAC following the documentation and am on:
Controller: v1.2.2
ZAC: 3.7.1
I had used one of the quick start tutorials on Linux to set this up on an LVM running Debian on my Proxmox host. It's just a simple one router, one controller configuration with ZAC currently. I have an Android and Windows 10 client (latest versions) I'm testing with and both fail.
Issue:
I've setup External JWTs + OIDC as documented in your support pages and following this video (This video helped a lot btw!). https://www.youtube.com/watch?v=8ViQHzFUj_Y
I have a valid wildcard cert for my domain listed in the Web portion of my controller as an "alt cert" and have verified it shows up (and is trusted) when I access the controller via ziti.mydomain.net:8441/. I am adding on windows by going to Add Identity > JWT > selecting my network JWT I downloaded from ZAC and the I need to "STOP" and "Start" the Ziti connection for it to show up, but no IDP link is available or services:
Client Log when adding the identity (Windows - as it's easier to get the log for now) (with my domain replaced for privacy - can PM or Email if needed):
[2025-01-24T20:29:46.834Z] INFO ziti-sdk:utils.c:198 ziti_log_set_level() set log level: root=3/INFO
[2025-01-24T20:29:46.834Z] INFO ziti-sdk:utils.c:167 ziti_log_init() Ziti C SDK version 1.3.7 @g94225a3(HEAD) starting at (2025-01-24T20:29:46.834)
[2025-01-24T20:29:46.834Z] INFO ziti-edge-tunnel:windows-scripts.c:326 remove_all_nrpt_rules() removing NRPT rules matching filter: $_.Comment.StartsWith('Added by ziti-edge-tunnel')
[2025-01-24T20:29:47.353Z] INFO ziti-edge-tunnel:instance-config.c:72 load_tunnel_status_from_file() Loading config file from c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\config.json
[2025-01-24T20:29:47.355Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1424 run() ============================ service begins ================================
[2025-01-24T20:29:47.355Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1425 run() Logger initialization
[2025-01-24T20:29:47.355Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1427 run() - config file : c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\config.json
[2025-01-24T20:29:47.355Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1429 run() - initialized at : Fri Jan 24 2025, 15:29:47 PM (local time), 2025-01-24T20:29:47 (UTC)
[2025-01-24T20:29:47.355Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1430 run() - log file location: C:\Program Files (x86)\NetFoundry Inc\Ziti Desktop Edge\logs\service\ziti-tunneler.log.202501240000.log
[2025-01-24T20:29:47.355Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1432 run() - C SDK Version : 1.3.7:HEAD@g94225a3
[2025-01-24T20:29:47.355Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1433 run() - Tunneler SDK : v1.3.9
[2025-01-24T20:29:47.355Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1434 run() ============================================================================
[2025-01-24T20:29:47.355Z] INFO ziti-sdk:utils.c:198 ziti_log_set_level() set log level: root=3/INFO
[2025-01-24T20:29:47.358Z] INFO ziti-edge-tunnel:tun.c:195 tun_open() Wintun v0.0 loaded
[2025-01-24T20:29:47.358Z] INFO ziti-edge-tunnel:tun.c:166 flush_dns() DnsFlushResolverCache succeeded
[2025-01-24T20:29:47.441Z] INFO ziti-edge-tunnel:tun.c:98 WintunLogger() Using existing driver 0.14
[2025-01-24T20:29:47.450Z] INFO ziti-edge-tunnel:tun.c:98 WintunLogger() Creating adapter
[2025-01-24T20:29:47.647Z] INFO ziti-edge-tunnel:tun.c:449 if_change_cb() default route is now via if_idx[21]
[2025-01-24T20:29:47.647Z] INFO ziti-edge-tunnel:tun.c:455 if_change_cb() updating excluded routes
[2025-01-24T20:29:47.737Z] INFO ziti-edge-tunnel:tun.c:98 WintunLogger() Removed orphaned adapter "ziti-tun0 1"
[2025-01-24T20:29:48.997Z] INFO ziti-edge-tunnel:windows-scripts.c:491 is_nrpt_policies_effective() NRPT policies are effective in this system
[2025-01-24T20:29:49.515Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:865 run_tunnel() Setting interface metric to 255
[2025-01-24T20:29:49.522Z] INFO tunnel-sdk:ziti_tunnel.c:60 create_tunneler_ctx() Ziti Tunneler SDK (v1.3.9)
[2025-01-24T20:29:49.526Z] INFO tunnel-cbs:ziti_dns.c:173 seed_dns() DNS configured with range 100.64.0.0 - 100.127.255.255 (4194302 ips)
[2025-01-24T20:29:49.526Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1027 run_tunneler_loop() Loading identity files from C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\NetFoundry
[2025-01-24T20:29:49.526Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:403 load_identities() loading identity file: ziti.domain.net.json
[2025-01-24T20:29:49.534Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:1163 load_ziti_async() attempting to load ziti instance[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\ziti.domain.net.json]
[2025-01-24T20:29:49.534Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:1170 load_ziti_async() loading ziti instance[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\ziti.domain.net.json]
[2025-01-24T20:29:49.534Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:420 load_id_cb() identity[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\ziti.domain.net.json] loaded
[2025-01-24T20:29:49.534Z] INFO ziti-sdk:ziti.c:505 ziti_start_internal() ztx[0] enabling Ziti Context
[2025-01-24T20:29:49.539Z] INFO ziti-sdk:ziti.c:522 ziti_start_internal() ztx[0] using tlsuv[v0.33.4/OpenSSL 3.3.1 4 Jun 2024]
[2025-01-24T20:29:49.539Z] INFO ziti-sdk:ziti_ctrl.c:632 ziti_ctrl_init() ctrl[(null):] using https://ziti.domain.net:8441/
[2025-01-24T20:29:49.539Z] INFO ziti-sdk:ziti.c:600 ztx_init_controller() ztx[0] Loading ziti context with controller[https://ziti.domain.net:8441/]
[2025-01-24T20:29:49.556Z] ERROR tlsuv:engine.c:923 openssl: handshake was terminated: error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:49.556Z] ERROR tlsuv:tls_link.c:113 TLS(000002cdba9056b0) handshake error error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:49.556Z] ERROR tlsuv:http.c:189 handshake failed status[3]: error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:49.556Z] WARN ziti-sdk:ziti_ctrl.c:184 ctrl_resp_cb() ctrl[ziti.domain.net:8441] request failed: -4079(software caused connection abort)
[2025-01-24T20:29:49.556Z] WARN ziti-sdk:ziti_ctrl.c:342 internal_version_cb() ctrl[ziti.domain.net:8441] CONTROLLER_UNAVAILABLE(software caused connection abort)
[2025-01-24T20:29:49.556Z] WARN ziti-sdk:ziti.c:1908 version_pre_auth_cb() ztx[0] failed to get controller version: CONTROLLER_UNAVAILABLE/software caused connection abort
[2025-01-24T20:29:49.556Z] WARN ziti-sdk:ziti_ctrl.c:184 ctrl_resp_cb() ctrl[ziti.domain.net:8441] request failed: -4079(software caused connection abort)
[2025-01-24T20:29:49.556Z] INFO ziti-sdk:ziti_ctrl.c:187 ctrl_resp_cb() ctrl[ziti.domain.net:8441] attempting to switch endpoint
[2025-01-24T20:29:49.556Z] WARN ziti-sdk:ziti_ctrl.c:605 ctrl_next_ep() ctrl[ziti.domain.net:8441] no controllers are online
[2025-01-24T20:29:49.556Z] WARN ziti-sdk:ziti.c:641 ext_jwt_singers_cb() ztx[0] failed to get external auth providers: software caused connection abort
[2025-01-24T20:29:54.563Z] ERROR tlsuv:engine.c:923 openssl: handshake was terminated: error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:54.563Z] ERROR tlsuv:tls_link.c:113 TLS(000002cdba9056b0) handshake error error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:54.563Z] ERROR tlsuv:http.c:189 handshake failed status[3]: error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:54.563Z] WARN ziti-sdk:ziti_ctrl.c:184 ctrl_resp_cb() ctrl[ziti.domain.net:8441] request failed: -4079(software caused connection abort)
[2025-01-24T20:29:54.563Z] WARN ziti-sdk:ziti_ctrl.c:342 internal_version_cb() ctrl[ziti.domain.net:8441] CONTROLLER_UNAVAILABLE(software caused connection abort)
[2025-01-24T20:29:54.563Z] WARN ziti-sdk:ziti.c:1908 version_pre_auth_cb() ztx[0] failed to get controller version: CONTROLLER_UNAVAILABLE/software caused connection abort
[2025-01-24T20:29:54.563Z] WARN ziti-sdk:ziti_ctrl.c:184 ctrl_resp_cb() ctrl[ziti.domain.net:8441] request failed: -4079(software caused connection abort)
[2025-01-24T20:29:54.563Z] INFO ziti-sdk:ziti_ctrl.c:187 ctrl_resp_cb() ctrl[ziti.domain.net:8441] attempting to switch endpoint
[2025-01-24T20:29:54.563Z] WARN ziti-sdk:ziti_ctrl.c:605 ctrl_next_ep() ctrl[ziti.domain.net:8441] no controllers are online
[2025-01-24T20:29:54.563Z] WARN ziti-sdk:ziti.c:641 ext_jwt_singers_cb() ztx[0] failed to get external auth providers: software caused connection abort
[2025-01-24T20:29:59.693Z] ERROR tlsuv:engine.c:923 openssl: handshake was terminated: error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:59.693Z] ERROR tlsuv:tls_link.c:113 TLS(000002cdba9056b0) handshake error error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:59.693Z] ERROR tlsuv:http.c:189 handshake failed status[3]: error:00000005:lib(0)::reason(5)
[2025-01-24T20:29:59.693Z] WARN ziti-sdk:ziti_ctrl.c:184 ctrl_resp_cb() ctrl[ziti.domain.net:8441] request failed: -4079(software caused connection abort)
[2025-01-24T20:29:59.693Z] WARN ziti-sdk:ziti_ctrl.c:342 internal_version_cb() ctrl[ziti.domain.net:8441] CONTROLLER_UNAVAILABLE(software caused connection abort)
[2025-01-24T20:29:59.693Z] WARN ziti-sdk:ziti.c:1908 version_pre_auth_cb() ztx[0] failed to get controller version: CONTROLLER_UNAVAILABLE/software caused connection abort
[2025-01-24T20:29:59.693Z] WARN ziti-sdk:ziti_ctrl.c:184 ctrl_resp_cb() ctrl[ziti.domain.net:8441] request failed: -4079(software caused connection abort)
[2025-01-24T20:29:59.693Z] INFO ziti-sdk:ziti_ctrl.c:187 ctrl_resp_cb() ctrl[ziti.domain.net:8441] attempting to switch endpoint
[2025-01-24T20:29:59.693Z] WARN ziti-sdk:ziti_ctrl.c:605 ctrl_next_ep() ctrl[ziti.domain.net:8441] no controllers are online
[2025-01-24T20:29:59.693Z] WARN ziti-sdk:ziti.c:641 ext_jwt_singers_cb() ztx[0] failed to get external auth providers: software caused connection abort
[2025-01-24T20:30:04.701Z] ERROR tlsuv:engine.c:923 openssl: handshake was terminated: error:00000005:lib(0)::reason(5)
[2025-01-24T20:30:04.701Z] ERROR tlsuv:tls_link.c:113 TLS(000002cdba9056b0) handshake error error:00000005:lib(0)::reason(5)
[2025-01-24T20:30:04.701Z] ERROR tlsuv:http.c:189 handshake failed status[3]: error:00000005:lib(0)::reason(5)
[2025-01-24T20:30:04.701Z] WARN ziti-sdk:ziti_ctrl.c:184 ctrl_resp_cb() ctrl[ziti.domain.net:8441] request failed: -4079(software caused connection abort)
[2025-01-24T20:30:04.701Z] WARN ziti-sdk:ziti_ctrl.c:342 internal_version_cb() ctrl[ziti.domain.net:8441] CONTROLLER_UNAVAILABLE(software caused connection abort)
[2025-01-24T20:30:04.701Z] WARN ziti-sdk:ziti.c:1908 version_pre_auth_cb() ztx[0] failed to get controller version: CONTROLLER_UNAVAILABLE/software caused connection abort
[2025-01-24T20:30:04.701Z] WARN ziti-sdk:ziti_ctrl.c:184 ctrl_resp_cb() ctrl[ziti.domain.net:8441] request failed: -4079(software caused connection abort)
[2025-01-24T20:30:04.701Z] INFO ziti-sdk:ziti_ctrl.c:187 ctrl_resp_cb() ctrl[ziti.domain.net:8441] attempting to switch endpoint
[2025-01-24T20:30:04.701Z] WARN ziti-sdk:ziti_ctrl.c:605 ctrl_next_ep() ctrl[ziti.domain.net:8441] no controllers are online
[2025-01-24T20:30:04.701Z] WARN ziti-sdk:ziti.c:641 ext_jwt_singers_cb() ztx[0] failed to get external auth providers: software caused connection abort
Controller Logs:
Jan 24 20:29:29 HOME1ZITI ziti[43169]: {"_context":"tls:0.0.0.0:8441","error":"local error: tls: bad record MAC","file":"github.com/openziti/transport/v2@v2.0.153/tls/listener.go:257","func":"github.com/openziti/transport/v2/tls.(*sharedListener).processConn","level":"error","msg":"handshake failed","remote":"10.0.0.1:51273","time":"2025-01-24T20:29:29.891Z"}
Jan 24 20:29:34 HOME1ZITI ziti[43169]: {"_context":"tls:0.0.0.0:8441","error":"local error: tls: bad record MAC","file":"github.com/openziti/transport/v2@v2.0.153/tls/listener.go:257","func":"github.com/openziti/transport/v2/tls.(*sharedListener).processConn","level":"error","msg":"handshake failed","remote":"10.0.0.1:56551","time":"2025-01-24T20:29:34.913Z"}
Jan 24 20:29:39 HOME1ZITI ziti[43169]: {"_context":"tls:0.0.0.0:8441","error":"local error: tls: bad record MAC","file":"github.com/openziti/transport/v2@v2.0.153/tls/listener.go:257","func":"github.com/openziti/transport/v2/tls.(*sharedListener).processConn","level":"error","msg":"handshake failed","remote":"10.0.0.1:17473","time":"2025-01-24T20:29:39.935Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"_context":"tls:0.0.0.0:8441","error":"EOF","file":"github.com/openziti/transport/v2@v2.0.153/tls/listener.go:257","func":"github.com/openziti/transport/v2/tls.(*sharedListener).processConn","level":"error","msg":"handshake failed","remote":"10.0.0.1:61369","time":"2025-01-24T20:29:45.523Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"_context":"ch{ab1igzOdF}-\u003eu{classic}-\u003ei{1NRz}","file":"github.com/openziti/ziti/controller/handler_ctrl/close.go:49","func":"github.com/openziti/ziti/controller/handler_ctrl.(*xctrlCloseHandler).HandleClose","level":"info","msg":"closing Xctrl instances","time":"2025-01-24T20:29:45.679Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/handler_ctrl/close.go:36","func":"github.com/openziti/ziti/controller/handler_ctrl.(*closeHandler).HandleClose","level":"warning","msg":"disconnected","routerId":"ab1igzOdF","time":"2025-01-24T20:29:45.679Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"connected":false,"file":"github.com/openziti/ziti/controller/network/router_messaging.go:506","func":"github.com/openziti/ziti/controller/network.(*routerChangedEvent).handle","level":"info","msg":"calculating router updates for router","routerId":"ab1igzOdF","time":"2025-01-24T20:29:45.680Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/env/broker.go:139","func":"github.com/openziti/ziti/controller/env.(*Broker).RouterDisconnected.func1","level":"info","msg":"broker detected router with id ab1igzOdF disconnecting","routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","time":"2025-01-24T20:29:45.680Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/sync_strats/sync_instant.go:354","func":"github.com/openziti/ziti/controller/sync_strats.(*InstantStrategy).RouterDisconnected","level":"info","msg":"edge router [ab1igzOdF] disconnect event, router rtx removed","routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","sync_strategy":"instant","time":"2025-01-24T20:29:45.680Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"arch":"amd64","buildDate":"2024-11-23T00:09:04Z","file":"github.com/openziti/ziti/controller/handler_ctrl/accept.go:128","func":"github.com/openziti/ziti/controller/handler_ctrl.(*CtrlAccepter).Bind","level":"info","msg":"accepted new router connection","os":"linux","revision":"9a83ca87bc5f","routerId":"ab1igzOdF","time":"2025-01-24T20:29:45.763Z","version":"v1.2.2"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"connected":true,"file":"github.com/openziti/ziti/controller/network/router_messaging.go:506","func":"github.com/openziti/ziti/controller/network.(*routerChangedEvent).handle","level":"info","msg":"calculating router updates for router","routerId":"ab1igzOdF","time":"2025-01-24T20:29:45.763Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/network/router_messaging.go:312","func":"github.com/openziti/ziti/controller/network.(*RouterMessaging).sendTerminatorValidationRequest","level":"info","msg":"queuing validate of terminator","terminatorId":"2LcqgE5Cl8WVWsAZi6l4JZ","time":"2025-01-24T20:29:45.763Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/network/router_messaging.go:312","func":"github.com/openziti/ziti/controller/network.(*RouterMessaging).sendTerminatorValidationRequest","level":"info","msg":"queuing validate of terminator","terminatorId":"2QFIEFIjkg9g8yt2iod2PS","time":"2025-01-24T20:29:45.763Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/env/broker.go:125","func":"github.com/openziti/ziti/controller/env.(*Broker).RouterConnected.func1","level":"info","msg":"broker detected edge router with id ab1igzOdF connecting","routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","time":"2025-01-24T20:29:45.763Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/sync_strats/sync_instant.go:329","func":"github.com/openziti/ziti/controller/sync_strats.(*InstantStrategy).RouterConnected","level":"info","msg":"edge router connected, adding to sync routerConnectedQueue","routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","syncStatus":"SYNC_QUEUED","sync_strategy":"instant","time":"2025-01-24T20:29:45.763Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/sync_strats/sync_instant.go:487","func":"github.com/openziti/ziti/controller/sync_strats.(*InstantStrategy).hello","level":"info","msg":"edge router sync starting","routerChannelIsOpen":true,"routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","routerTxId":"Y8yqVNct3","strategy":"instant","time":"2025-01-24T20:29:45.764Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"file":"github.com/openziti/ziti/controller/sync_strats/sync_instant.go:496","func":"github.com/openziti/ziti/controller/sync_strats.(*InstantStrategy).hello","level":"info","msg":"sending edge router hello","routerChannelIsOpen":true,"routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","routerTxId":"Y8yqVNct3","strategy":"instant","syncStatus":"SYNC_HELLO","time":"2025-01-24T20:29:45.764Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"arch":"amd64","buildDate":"2024-11-23T00:09:04Z","data":null,"file":"github.com/openziti/ziti/controller/sync_strats/sync_instant.go:644","func":"github.com/openziti/ziti/controller/sync_strats.(*InstantStrategy).ReceiveClientHello","level":"info","listeners":[{"address":{"value":"tls:0.0.0.0:8442","protocol":"tls","hostname":"0.0.0.0","port":8442},"advertise":{"value":"ziti.domain.net:8442","protocol":"tls","hostname":"ziti.domain.net","port":8442}}],"msg":"edge router sent hello with version [v1.2.2] to controller with version [v1.2.2]","os":"linux","protocolPorts":["8442"],"protocols":["tls"],"revision":"9a83ca87bc5f","routerChannelIsOpen":true,"routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","routerTxId":"Y8yqVNct3","strategy":"instant","time":"2025-01-24T20:29:45.766Z","version":"v1.2.2"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"SupportsRouterModel":false,"file":"github.com/openziti/ziti/controller/sync_strats/sync_instant.go:660","func":"github.com/openziti/ziti/controller/sync_strats.(*InstantStrategy).synchronize","level":"info","msg":"started synchronizing edge router","routerChannelIsOpen":true,"routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","routerTxId":"Y8yqVNct3","strategy":"instant","time":"2025-01-24T20:29:45.766Z"}
Jan 24 20:29:45 HOME1ZITI ziti[43169]: {"SupportsRouterModel":false,"file":"github.com/openziti/ziti/controller/sync_strats/sync_instant.go:650","func":"github.com/openziti/ziti/controller/sync_strats.(*InstantStrategy).synchronize.func1","level":"info","msg":"exiting synchronization, final status: SYNC_DONE","routerChannelIsOpen":true,"routerFingerprint":"ed95ba0d60c941d1b2b6215e802a1a404525ce98","routerId":"ab1igzOdF","routerName":"HOME1ZITI-edge-router","routerTxId":"Y8yqVNct3","strategy":"instant","time":"2025-01-24T20:29:45.766Z"}
Jan 24 20:29:49 HOME1ZITI ziti[43169]: {"_context":"tls:0.0.0.0:8441","error":"local error: tls: bad record MAC","file":"github.com/openziti/transport/v2@v2.0.153/tls/listener.go:257","func":"github.com/openziti/transport/v2/tls.(*sharedListener).processConn","level":"error","msg":"handshake failed","remote":"10.0.0.1:31120","time":"2025-01-24T20:29:49.824Z"}
Jan 24 20:29:54 HOME1ZITI ziti[43169]: {"_context":"tls:0.0.0.0:8441","error":"local error: tls: bad record MAC","file":"github.com/openziti/transport/v2@v2.0.153/tls/listener.go:257","func":"github.com/openziti/transport/v2/tls.(*sharedListener).processConn","level":"error","msg":"handshake failed","remote":"10.0.0.1:44983","time":"2025-01-24T20:29:54.831Z"}
Jan 24 20:29:59 HOME1ZITI ziti[43169]: {"_context":"tls:0.0.0.0:8441","error":"local error: tls: bad record MAC","file":"github.com/openziti/transport/v2@v2.0.153/tls/listener.go:257","func":"github.com/openziti/transport/v2/tls.(*sharedListener).processConn","level":"error","msg":"handshake failed","remote":"10.0.0.1:55172","time":"2025-01-24T20:29:59.961Z"}