Error already is continuing could you help me please ?
INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1443 run() ============================ service begins ================================
[2025-03-12T05:09:42.337Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1444 run() Logger initialization
[2025-03-12T05:09:42.337Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1446 run() - config file : c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\config.json
[2025-03-12T05:09:42.337Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1448 run() - initialized at : Wed Mar 12 2025, 08:09:42 AM (local time), 2025-03-12T05:09:42 (UTC)
[2025-03-12T05:09:42.337Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1449 run() - log file location: C:\Program Files (x86)\NetFoundry Inc\Ziti Desktop Edge\logs\service\ziti-tunneler.log.202503120000.log
[2025-03-12T05:09:42.337Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1451 run() - C SDK Version : 1.5.0:HEAD@ga39db85
[2025-03-12T05:09:42.337Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1452 run() - Tunneler SDK : v1.5.0
[2025-03-12T05:09:42.337Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1453 run() ============================================================================
[2025-03-12T05:09:42.338Z] INFO ziti-sdk:utils.c:198 ziti_log_set_level() set log level: root=3/INFO
[2025-03-12T05:09:42.346Z] INFO ziti-edge-tunnel:tun.c:195 tun_open() Wintun v0.0 loaded
[2025-03-12T05:09:42.347Z] INFO ziti-edge-tunnel:tun.c:166 flush_dns() DnsFlushResolverCache succeeded
[2025-03-12T05:09:42.499Z] INFO ziti-edge-tunnel:tun.c:98 WintunLogger() Using existing driver 0.14
[2025-03-12T05:09:42.507Z] INFO ziti-edge-tunnel:tun.c:98 WintunLogger() Creating adapter
[2025-03-12T05:09:43.371Z] INFO ziti-edge-tunnel:tun.c:449 if_change_cb() default route is now via if_idx[13]
[2025-03-12T05:09:43.371Z] INFO ziti-edge-tunnel:tun.c:455 if_change_cb() updating excluded routes
[2025-03-12T05:09:45.261Z] INFO ziti-edge-tunnel:windows-scripts.c:491 is_nrpt_policies_effective() NRPT policies are effective in this system
[2025-03-12T05:09:46.110Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:884 run_tunnel() Setting interface metric to 255
[2025-03-12T05:09:46.121Z] INFO tunnel-sdk:ziti_tunnel.c:60 create_tunneler_ctx() Ziti Tunneler SDK (v1.5.0)
[2025-03-12T05:09:46.135Z] INFO tunnel-cbs:ziti_dns.c:173 seed_dns() DNS configured with range 100.64.0.0 - 100.127.255.255 (4194302 ips)
[2025-03-12T05:09:46.135Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1046 run_tunneler_loop() Loading identity files from C:\Windows\system32\config\systemprofile\AppData\Roaming\NetFoundry
[2025-03-12T05:09:46.139Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:403 load_identities() loading identity file: murat.note (1).json
[2025-03-12T05:09:46.139Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:403 load_identities() loading identity file: murat.pc.json
[2025-03-12T05:09:46.160Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:1166 load_ziti_async() attempting to load ziti instance[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.pc.json]
[2025-03-12T05:09:46.160Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:1173 load_ziti_async() loading ziti instance[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.pc.json]
[2025-03-12T05:09:46.160Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:420 load_id_cb() identity[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.pc.json] loaded
[2025-03-12T05:09:46.161Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:1166 load_ziti_async() attempting to load ziti instance[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.note (1).json]
[2025-03-12T05:09:46.161Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:1173 load_ziti_async() loading ziti instance[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.note (1).json]
[2025-03-12T05:09:46.161Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:420 load_id_cb() identity[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.note (1).json] loaded
[2025-03-12T05:09:46.168Z] WARN tunnel-cbs:ziti_tunnel_ctrl.c:1004 on_ziti_event() ziti_ctx controller connections failed: ziti context is disabled
[2025-03-12T05:09:46.168Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:456 on_event() ztx[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.pc.json] context event : status is ziti context is disabled
[2025-03-12T05:09:46.168Z] ERROR ziti-edge-tunnel:ziti-edge-tunnel.c:510 on_event() ztx[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.pc.json] failed to connect to controller due to ziti context is disabled
[2025-03-12T05:09:46.168Z] INFO ziti-sdk:ziti.c:544 ziti_start_internal() ztx[1] enabling Ziti Context
[2025-03-12T05:09:46.232Z] INFO ziti-sdk:ziti.c:561 ziti_start_internal() ztx[1] using tlsuv[v0.33.6/OpenSSL 3.3.1 4 Jun 2024]
[2025-03-12T05:09:46.232Z] INFO ziti-sdk:ziti_ctrl.c:626 ziti_ctrl_init() ctrl[(null):] using https://ziti.gardiyan.com:8441
[2025-03-12T05:09:46.232Z] INFO ziti-sdk:ziti.c:639 ztx_init_controller() ztx[1] Loading ziti context with controller[https://ziti.gardiyan.com:8441]
[2025-03-12T05:09:46.774Z] INFO ziti-sdk:ziti.c:1958 version_pre_auth_cb() ztx[1] connected to Legacy controller https://ziti.gardiyan.com:8441 version v1.3.3(2a62cc577e45 2025-01-27T19:25:51Z)
[2025-03-12T05:09:47.042Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:990 on_ziti_event() ziti_ctx[murat.note] connected to controller
[2025-03-12T05:09:47.059Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:456 on_event() ztx[c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\murat.note (1).json] context event : status is OK
[2025-03-12T05:09:47.152Z] INFO ziti-sdk:channel.c:273 new_ziti_channel() ch[0] (denemedeneme-edge-router) new channel for ztx[1] identity[murat.note]
[2025-03-12T05:09:47.152Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:1061 on_ziti_event() ztx[murat.note] added edge router denemedeneme-edge-router@ziti.gardiyan.com
[2025-03-12T05:09:47.181Z] INFO ziti-sdk:channel.c:821 reconnect_channel() ch[0] reconnecting NOW
[2025-03-12T05:09:47.306Z] INFO tunnel-cbs:ziti_tunnel_cbs.c:414 new_ziti_intercept() creating intercept for service[gardiyan] with intercept.v1 = { "addresses": [ "ziti.gardiyan" ], "portRanges": [ { "high": 22, "low": 22 } ], "protocols": [ "tcp" ] }
[2025-03-12T05:09:47.306Z] INFO tunnel-cbs:ziti_dns.c:349 new_ipv4_entry() registered DNS entry ziti.gardiyan -> 100.64.0.3
[2025-03-12T05:09:47.306Z] INFO tunnel-cbs:ziti_tunnel_ctrl.c:947 on_service() starting intercepting for service[gardiyan]
[2025-03-12T05:09:47.306Z] INFO ziti-edge-tunnel:ziti-edge-tunnel.c:582 on_event() =============== service event (added) - gardiyan:3qN6KJa1PaumlLaQujCdav ===============
[2025-03-12T05:09:47.923Z] INFO ziti-sdk:posture.c:212 ziti_send_posture_data() ztx[1] first run or potential controller restart detected
[2025-03-12T05:10:07.180Z] ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout
[2025-03-12T05:10:07.181Z] INFO ziti-sdk:channel.c:819 reconnect_channel() ch[0] reconnecting in 1301ms (attempt = 1)
[2025-03-12T05:10:28.485Z] ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout
[2025-03-12T05:10:28.485Z] INFO ziti-sdk:channel.c:819 reconnect_channel() ch[0] reconnecting in 17018ms (attempt = 2)
Last error could you help me please ? ERROR tunnel-cbs:ziti_hosting.c:634 on_hosted_client_connect() hosted_service[gardiyan] client[murat.note] failed to create io context
[2025-03-12T06:38:48.386Z] ERROR ziti-sdk:connect.c:1073 connect_reply_cb() conn0.14/296pe_CS/Connecting failed to connect, reason=exceeded maximum [2] retries creating circuit [c/tzNMREokZ]: error creating route for [s/tzNMREokZ] on [r/7rQQDyFVX] (error creating route for [c/tzNMREokZ]: failed to establish connection with terminator address NtgpXYvx0niQ3cfgacfV4. error: (rejected by application))
[2025-03-12T06:38:48.386Z] ERROR tunnel-cbs:ziti_tunnel_cbs.c:103 on_ziti_connect() ziti dial failed: connection is closed
[2025-03-12T06:43:12.919Z] ERROR ziti-edge-tunnel:tun.c:363 tun_read() failed to receive packet: 38
I have asked you to perform various actions, but I have yet to see you perform the actions. You don't appear to be attempting to follow the instructions I previously provided here:
and subsequently here:
As I stated previously, it appears to me that you have a port blocked. You must look at your configuration, find the relevant ports and addresses and ensure they are not blocked from your client.
I suggest you follow the quickstart again and reinstall your overlay, ensuring you have all the ports open as referenced in the video and from your configuration. If you follow the quickstart, you will see there are three ports referenced:
Once you get that working - we can work on adding a second router to your overlay. That is when you'll discover port 10080 is relevant. Also explained in the video FYI
Sorry for I'am newbie on ZITI but I have done everything but all of the port is open and traffic verify success. I'am taking these errors ERROR tunnel-cbs:ziti_tunnel_cbs.c:103 on_ziti_connect() ziti dial failed: connection is closed
[2025-03-12T17:49:57.061Z] ERROR tunnel-cbs:ziti_hosting.c:457 do_bind() hosted_service[gardiyan], client[murat.note] client_src_addr[tcp:100.64.0.1:46365]: getaddrinfo(any) failed: unknown node or service
[2025-03-12T17:49:57.061Z] ERROR tunnel-cbs:ziti_hosting.c:634 on_hosted_client_connect() hosted_service[gardiyan] client[murat.note] failed to create io context
[2025-03-12T17:49:57.076Z] ERROR tunnel-cbs:ziti_hosting.c:457 do_bind() hosted_service[gardiyan], client[murat.note] client_src_addr[tcp:100.64.0.1:46365]: getaddrinfo(any) failed: unknown node or service
[2025-03-12T17:49:57.076Z] ERROR tunnel-cbs:ziti_hosting.c:634 on_hosted_client_connect() hosted_service[gardiyan] client[murat.note] failed to create io context
[2025-03-12T17:49:57.091Z] ERROR ziti-sdk:connect.c:1073 connect_reply_cb() conn0.13/i6QFqWzu/Connecting failed to connect, reason=exceeded maximum [2] retries creating circuit [c/r1q60PGPY]: error creating route for [s/r1q60PGPY] on [r/7rQQDyFVX] (error creating route for [c/r1q60PGPY]: failed to establish connection with terminator address 6uzqUSaVADKuA4ZxU8e16X. error: (rejected by application))
[2025-03-12T17:49:57.091Z] ERROR tunnel-cbs:ziti_tunnel_cbs.c:103 on_ziti_connect() ziti dial failed: connection is closed Here is controlls root@denemedeneme:~# echo $ZITI_CTRL_ADVERTISED_PORT
8440
root@denemedeneme:~# echo $ZITI_CTRL_EDGE_ADVERTISED_PORT
8441
root@denemedeneme:~# echo $ZITI_ROUTER_PORT
8442
root@denemedeneme:~# ziti ops verify traffic
WARNING no prefix and mode is not 'both'. default prefix of 2025-03-12-2057 will be used
Using controller url: https://ziti.gardiyan.com:8441/edge/management/v1 from identity 'default' in config file: /root/.config/ziti/ziti-cli.json
Using username: admin from identity 'default' in config file: /root/.config/ziti/ziti-cli.json
Enter password:
Token: 5ea6e976-1410-4b64-9d5b-9b18d5da9e4e
Saving identity 'default' to /root/.config/ziti/ziti-cli.json
INFO generating P-384 EC key
INFO generating P-384 EC key
INFO waiting 10s for terminator for service: 2025-03-12-2057.traffic
INFO successfully bound service: 2025-03-12-2057.traffic.
INFO Server is listening for a connection and will exit when one is received.
INFO new service session session token=4cd01b67-14e8-45c3-9c93-07b7318a7787
INFO found terminator for service: 2025-03-12-2057.traffic
INFO found service named: 2025-03-12-2057.traffic
INFO Server has accepted a connection and will exit soon.
INFO successfully dialed service: 2025-03-12-2057.traffic.
INFO traffic test successfully detected
INFO Server complete. exiting
INFO client complete
root@denemedeneme:~#
Ok good. We can see your overlay appears to be configured correctly now. The output from verify traffic looks good.
Now, create an identity and a service. Please show me the commands you use to create the service. You have the ziti cli and you are able to use it to login right?
Please create an identity, enroll it in your ZDEW. create a service and make sure the service show up in the ZDEW.
I'm interested in seeing the host.v1 config and the intercept.v1 config
root@gardiyan-clone:/home/gardiyan# ziti edge create config test2hostconf host.v1 '{"protocol":"tcp", "address":"127.0.0.1", "port":22}'
New config test2hostconf created with id: BKkff1T39oh6My3oMI66t
root@gardiyan-clone:/home/gardiyan# ziti edge create config test2intconf intercept.v1 '{"protocols": ["tcp"], "addresses": ["test2ssh.ziti"], "portRanges": [{"low": 22, "high": 22}]}'
New config test2intconf created with id: 1z466dEymHJXamMKhDt3gL
root@gardiyan-clone:/home/gardiyan# ziti edge create service test2ssh -c test2intconf,test2hostconf
New service test2ssh created with id: 5R3BGx9QQVcO1kIcKSeBvQ
root@gardiyan-clone:/home/gardiyan# ziti edge create service-policy test2ssh.bind Bind --service-roles '@test2ssh' --identity-roles "@murat.note"
New service policy test2ssh.bind created with id: 7Mc5K63yEFL3l15zQbJCxM
root@gardiyan-clone:/home/gardiyan# ziti edge create service-policy test2ssh
.dial Dial --service-roles '@test2ssh' --identity-roles "@murat.note"
New service policy test2ssh.dial created with id: 7KGdtcBkaAA6gt365ng3DX
[edited by clint to add code fences and make proper code blocks]
Yes identity is murat.note. I'am trying to ssh to from remote windows machine to local ubuntu server. As far as I understand despite of 127.0.0.1 ip I should write ubuntu server local ip.
You need an identity on the windows machine and an identity on the ubuntu machine.
You need to enable dial privs to the windows identity and bind privs to the ubuntu identity
If you want to use the edge router as the machine you'll ssh to, you already have an identity that would work.
you should update the bind policy to refer to the router identity, not the windows identity
Once you do that, you should be able to ssh from windows to the ubuntu machine
After these steps no access to ubuntu server via windos app with murat.pc jwt token. Also, I want to ask about these commands. I executed them before, but I have no access to local ubunutu via JWT token. Where could I have made a mistake ? Could you help me please ? ziti edge create identity user murat.phone -o murat.phone.jwt -a "murat.clients
ziti edge create identity device murat -a murat.servers -o murat.jwt ziti edge enroll murat.jwt