Tunnel application not work after upgrade

Support
1

Hi Guys.
Recently, I upgraded my ziti-edge-tunnel from 1.2.2 to 1.2.3, and after that, my services stopped working. I'm working with arm64 architecture. Has anything similar been reported or known?

Thanks!

2

Hi and thanks for brining this up. The only functional changes from 1.2.2 -> 1.2.3 related to hosted services. We did t expect to create a problem there, but are the services that aren’t working for you with 1.2.3 hosted services by any chance?

Also are you installing ziti-edge-tunnel through your distribution’s package manager or downloading directly from the github release page?

It would be very helpful if you could send verbose (-v 6 from the command line) logs showing the issue happening. You can dm them to me if you have privacy concerns.

Thanks

3

I did a new installation and an update, both with version 1.2.3, through distribution’s package manager (JFrog)

After the update, services such as HTTP and SSH stopped working, and the newly installed tunnel did not work anytime.

So, I rolled back to version 1.2.2, and in both cases, the services started working again.

I got the rollback package from here:
https://netfoundry.jfrog.io/ui/native/zitipax-openziti-deb-stable/pool/ziti-edge-tunnel/jammy/arm64/

I can try update again and get some logs for you. I appreciate your time.

4

Thanks for sending the logs. I noticed that zet is not intercepting the addresses in your service's intercept.v1 configuration. We should see a DEBUG message similar to this for each service that zet is intercepting:

ziti_tunneler_intercept() intercepting address[tcp:100.64.1.3/32:22] service[ssh]

I also noticed that the service event your zet emits from the domain socket in /tmp/.ziti suggests that the identity zet is using does not have permission to dial the ziti service (which would rightfully prevent zet from intercepting):

send_events_message() Events Message => { ... "Permissions":{"Bind":true,"Dial":false} ... }

Can you share the output of ziti edge policy-advisor identities just so we can make sure?

Thanks

5

I've finally been able to reproduce this issue, but I can't do it every time. It has nothing to do with your service/identity policies, so please disregard my previous request. The real problem is that ziti-edge-tunnel is going into a tight loop when attempting bind. I'm looking into the issue now.

1 Like
6

Hi!

I noticed that version 1.2.4 was released. I'm working on it, and there are no issues until right now!

2 Likes
7

Thanks for the update! I was just about to let you know 1.2.4 is out. Let me know if you run into any trouble.

1 Like