yes but not on the "router", but on the "router identity" -- a VERY easy mistake to make so do be careful here... I think you knew what you meant, but I've made the mistake so... I don't want you to
That's a wee bit out of my docker knowlege. I never have to do that, but maybe you do? So sure!
I also think this will fix your path problem. I was talking to @plorenz about this and we think that since the private identity on the docker network could use both routers, the path selected ended up being the one that didn't make sense. i think (and hope) when you remove that private ziti host, you'll see the right path.
I've been so full of docker and ziti these days that I'm tempted to start doing a Docker compose Ziti user guide from my POV so maybe that helps other users ahahah
Nice! Then when I'm back at home I'll test everything and update the post!
Seems like everything is now working as expected! Thanks for all the help! When I have some time I'll update the post and add the docker compose and env files in case they help somebody in the future!
As I was writing this, I just was wondering to myself some extra questions...
In the setup I have planned, my idea is to have some machines in my house, and some in my friends' house. Machines in both households would have services to be hosted through Openziti.
In order to establish optimized paths between machines, as we've seen here, wouldn't it be best to deploy ziti edge routers instead of tunnelers (ziti-host) just like we did here? Since they can route AND act as tunnelers, I see them as the superior choice when there are other computers that can benefit from those services in the same network.
Another question, in this setup I mentioned with my friend, we would deploy each one of us a private Ziti router just like I did, that would optimize connections in the same LAN, but is there a way to make it so paths are established between the 2 households directly skipping the public machine on Oracle Cloud? I assume for this to work, they shouldn't be private routers but rather public routers with addressable IP and port, right?
I definitely don't think of them as superior, they service different needs. For your use case, it ended up that the edge router was exactly what you needed. The go-based routers are a bit "heavier" than the c-based tunnelers. I would still say it really does depend. For what you're looking to do though, yes, having an edge router in the satellite private networks is going to serve you well.
While I understand exactly why you're asking this question, I'm not sure it's actually something to worry about and it's not how OpenZiti operates at this time. The only way to accomplish this would be to open and forward a port in your home routers. But if you choose to do that, you could. You'd almost definitely need the dynamic DNS setup then, but if you have active connections, maybe your isp wouldn't change your IP on you, dunno. So yeah, you could do it and avoid the relay server.
Yeah, exactly. You would likely want to setup a more detailed/restrictive edge router policy then too. They need to have "link listeners" enabled so that other routers would also dial and link to them which is really the biggest maybe only differentiator that makes a router "private" vs "public".
Yeah I mean, I'm not worried about that now, I just like to have a backup plan in case in the future the free Oracle Cloud instances get taken down or heavier networking limits start applying.
Maybe in the future? Or isn't that in the roadmap? I'm just curious, not demanding or anything.
Anyways, maybe these questions are deviating a little bit from the original post, and I got everything working, so I just wanted to reiterate my thanks for all the info and help
Yes. In the future, we are pretty sure we want to extend the capabilities of routers into all sdks/clients and be able to support direct linking and whatnot. Big ambitions, tempered only by time!
Hopefully quite soon we will get Geoffs branch merged and it'll be more straightforward and even easier..
