How can I use a wildcard for my intercepts?

A question came in from email asking how the user might go about intercepting/tunneling ALL traffic that meets a domain. We call this “wildcard” dns.

On the client side I wish to intercept “*.blue” so anything that goes to this domain will get intercepted and then tunneled to the other end, where it will then get ofloaded from the ziti overlay back to the local network. For example on my client I want to intercept two addresses: and

How can I do something like this with OpenZiti

I ended up producing a video that demonstrates how to accomplish this. You can find it on YouTube.

It uses the docker-compose based quickstart, the ziti-edge-tunnel for linux (attached to the ‘blue’ docker network) and the Ziti Desktop Edge for Windows. Give it a watch - it’s under 10 minutes! :slight_smile:

The ziti CLI commands I run are all in the youtube video. A follow-up question came back because I used only two allowed addresses: allowedAddresses":["", ""] however you can absolutely change that to be allowedAddresses":["*.blue"], (and I should have done that anyway).

You’ll also see I went ham with the ports and exposed them all - I don’t recommend you do that but you might need/want to.

If you have any questions on the video - this would be the best place to talk about it! :slight_smile: YouTube comments aren’t, that’s for sure!

Another follow-up question was if a tunneler is NECESSARY on the ‘client’ side. My answer to that was NO. You can absolutely look at how a ‘tunneling app’ works and adopt all the same ideas/patterns/code as necessary to make your app INTO a tunneling app! This is super cool because we have a whole SDK dedicated to working ‘as a tunneller’! You can find it on github here GitHub - openziti/ziti-tunnel-sdk-c

1 Like