Install ziti-edge-tunnel on Debian 11


Trying to install latest ziti-edge-tunnel binary on Debian 11, but getting the following error:

“ziti-edge-tunnel: /lib/x86_64-linux-gnu/ version GLIBC_2.33' not found (required by ziti-edge-tunnel) ziti-edge-tunnel: /lib/x86_64-linux-gnu/ version GLIBC_2.32’ not found (required by ziti-edge-tunnel)
ziti-edge-tunnel: /lib/x86_64-linux-gnu/ version `GLIBC_2.34’ not found (required by ziti-edge-tunnel)”

Looks like the ziti binary used version 2.32 or above, but my local version is 2.31: /lib/x86_64-linux-gnu/ → I cannot find the glibc package for debian 11 greater than 2.31… Anyone know of a fix for this?


Hey @cwalkernf, our CI focuses on Ubuntu releases at this time. You could try the binary packed for Ubuntu 18.04 (Bionic) with something like this:

curl -sSLf \
| gpg --dearmor \
| sudo tee /usr/share/keyrings/openziti.gpg >/dev/null
echo 'deb [signed-by=/usr/share/keyrings/openziti.gpg] bionic main' \
| sudo tee /etc/apt/sources.list.d/openziti.list >/dev/null
sudo apt update
sudo apt install ziti-edge-tunnel

Hello @sabedevops, thank you for getting back to me. Really appreciate the feedback - am getting past that error now, but now getting a dns error:

“ERROR ziti-edge-tunnel:utils.c:31 run_command_va() cmd{grep -q ‘^nameserver’ /etc/resolv.conf} failed: 256/2/No such file or directory”

The file definitely exists though:
$ ls -l /etc/resolv.conf
-rw-r----- 1 root root 85 Sep 14 11:59 /etc/resolv.conf

Cat on Resolv.conf shows the following nameservers:

Hey @cwalkernf,

I believe this is a false positive. We just need to migrate that command execution to a separate utility function that disables error logging since we expect this command to fail when we’ve modified /etc/resolv.conf already (which was the case here).

Let me know if it isn’t working for you so we can take additional debugging steps.

Hi @sabedevops, good work suggesting the error logging… For some odd reason, just adding the --verbose flag allows it to work - (or at least to run wout segfault):

→ sudo ./ziti-edge-tunnel run --verbose --identity ./my_id_file.json

That said, there is still an issue with the DNS. If I try to lookup a service it complains about the resolv.conf:

“nslookup myservice.ziti
nslookup: parse of /etc/resolv.conf failed”

Which currently looks like this:

I am seeing other discord posts with similar errors, reviewing those now. Thanks again

Hey @sabedevops, the perms had gotten messed up on resolv.conf - it’s working now. Just need to add that --verbose flag to the run command for some reason. Thank you again for the help on this.

The legacy resolver code that handles the fallback to /etc/resolv.conf when systemd-resolved is not available on the system does an “in-place” override (sed -i ..). I’m guessing this probably changes the permissions on that file. Can you please open an issue in GitHub for this?

Does the binary segfault every time you don’t add the --verbose flag? If so, can you run it under valgrind and post back? (e.g. valgrind ziti-edge-tunnel run ...)