The majority of my issue was my lack of understanding since I dont have much of an actual background in this stuff and had relied on guides to orient myself. I appreciate you, and everyone else who's replied, continuing to provide support. It's a great concept that most other offerings dont seem to touch (allowing the focus on services and applications rather than hosts etc)
The issue turned out to be what I thought. Not being able to apply the public IP to the variable ZITI_CTRL_ADVERTISED_ADDRESS in the config creation script. I pointed an unused domain of mine to the controller's public IP and it worked although I havent actually tested any data throughput, just see that the router has established a connection, as well as client connections.
Another question if thats ok. Should I be deploying a transit router on the VPS or an edge router, if the goal is to not have the actual data traffic going to the VPS since its strictly the controller. I think
If I wanted to set up the network to act as sort of a classical VPN where devices can access LAN resources externally Id create a service with that LAN network subnet? Could I then ensure all traffic would flow through that edge router then to the internet? I know Im talking more classic VPN stuff here. This all started when searching for a solution that would allow my mobile devices to tunnel all their traffic to the LAN for service access and ad blocking etc. Currentlu using a vanilla Wireguard spoke and hub model to my firewall. As with most projects of mine, they seem to morph into more.
If you are planning to forward traffic through your home router and have a static IP (or dyndns), then no. OpenZiti only requires a minimum of one router. In that setup, you want that one router to be an edge router. Personally, I only deploy edge routers 99% of the time. Transit routers imo are for larger networks looking to steer traffic and even then it'd be for only really large networks with lots of traffic.
Not exactly sure what you mean, with OpenZiti you'll be able to access LAN resources externally as well. You could setup a subnet if you want to manage IP addresses, but I prefer to just use OpenZiti's DNS capabilities. I probably don't understand what you're asking.
If you are planning to forward traffic through your home router and have a static IP (or dyndns), then no. OpenZiti only requires a minimum of one router. In that setup, you want that one router to be an edge router. Personally, I only deploy edge routers 99% of the time. Transit routers imo are for larger networks looking to steer traffic and even then it'd be for only really large networks with lots of traffic.
Ok. So it sounds like I wouldnt even need an edge router on my VPS but would probably benefit from having one just in case? I'll be deploying on on my home network.
If you are planning to forward traffic through your home router and have a static IP (or dyndns), then no. OpenZiti only requires a minimum of one router. In that setup, you want that one router to be an edge router. Personally, I only deploy edge routers 99% of the time. Transit routers imo are for larger networks looking to steer traffic and even then it'd be for only really large networks with lots of traffic.
Sorry, Im asking if theres a way to force all traffic through the tunnel. In Tailscale nomenclature it would be exit nodes. Twingate via adding the subnet and 0.0.0.0/0 to the routing policies if I remember correctly.
Yeah, i would set it's weight much higher (I'll have to look up how to do that if you don't find it, i don't recall off the top of my head) so that it's only used if your home router cannot be reached for some reason.
It's not something i do routinely and there's another recent thread on this topic in the forum. Basically, you would add two intercepts (not just the one) that captures 0.0.0.0/1 and 128.0.0.1/1