OpenZiti Config "openziti" dns

Support General Questions
21

no I didn't change anything in the configuration apart from the IP address of "advertise"

I tried to run the command from the router (I don't have Ziti installed elsewhere at the moment) and I got another error:

root@openziti:~# ziti ops verify-traffic
WARNING no prefix and mode [] is not 'both'. default prefix of 2025-01-31-1851 will be used
FATAL   Get "https:///.well-known/est/cacerts": http: no Host in request URL
root@openziti:~#
22

But you did change the advertise address, right? Can you confirm the address you entered is reachable from your client?

Right now, I suspect your client cannot connect to the router based on either:

  • the advertised address is incorrect
  • the advertised address is correct, but a firewall rule prevents the client from connecting

As for verify-traffic, that looks like a bug i might need to fix. (the command is still very new) It looks like maybe you have no cached login credentials and it didn't prompt you.

Let's first confirm the client can connect to whatever is specified in your advertised address for that router.

23

Ok. I took a guess and figured your controller url and router are on the same machine... I can acces port 3022 from that machine. that's your router i presume. however the certificate returned from the router is now incorrect... :confused:

            X509v3 Subject Alternative Name:
                DNS:localhost, DNS:openziti, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1

Are you using a 'deployment' or a 'quickstart' to get this going? I assume a 'deployment'? You should recreate this router... It's PKI is incorrect for this advertise address (assuming it's the controller url)

24

Right, i have set LAN ip of VM where is Router and Controller is hosted
For me client have access to API SESSION (is green in ZAC) but Edge Router Connected is gray.

I dont understand why client not have access on the VM if it's connected trought Ziti, VM is hosted on Debian and have no FW

25

I have first deployed the controler and after the router with this documentation : Router Deployment | OpenZiti

i have follow all step

26

I'm sure you did, however when you change teh advertise address, you should recreate the router with ZITI_ROUTER_ADVERTISED_ADDRESS set to the correct address. It's not set to your VPS name it will needs to be otherwise the PKI will be out of date.

27

Ok i reinstall router now :slight_smile:

28

it's WORK :smiley: thank you VERY VERY MUCH !!!!! :slight_smile: precious help !!!!

1 Like