Hi Team, I recently installed Ziti Mobile Edge to my android emulator. I created a new identity for it but I am not sure how to connect to to my edge router. The green dot showing that an API session is active is good, but the second dot is still grey because the device won’t connect to the edge router. If you could let me know how to configure it in the controller so that the android device connects to the router I would appreciate it.
- How many public edge routers do you have?
- how is your edge router policy looks like?
- Are the public edge routers advertise the public IP/ DNS? are the ports open?
The clients connect to ER based on edge router policy. Can you describe your setup please? Also, from your question, I assume there is/are clients connect to ER correctly?
I have one public edge router named ziti-edge-router and that is the only edge router that I have.
I have 2 edge router policies set up:
- Name: allEdgeRouters: Router Roles: #public. Identity Roles: #all. Semantics: Must have All Roles.
- Name: edge-router-system. Router Roles @ziti-edge-router. Identity Roles: @ziti-edge-router. Semantics: Has any Role.
My workstation and server are able to connect to the edge router when I run a command in command prompt: ziti-edge-tunnel.exe run -i client.json, but I can’t connect my android phone through the ziti mobile edge app.
Hi @Rocket, welcome to the community. Sorry to hear that you’re having problems, can you describe your Ziti network a little more? Is this a local ziti network or are you hosting it somewhere publicly accessible? If it’s not all local, is the router and controller on the same machine? I see you’ve connected a tunneler with the client.json identity, did you create an identity for your android emulator tunneler (Ziti Mobile Edge)? Do you have a service set up yet?
From your comments, I gather that you have an API that you want to access from your Android emulator, is that about right?
This is a local ziti network and the router and controller are on the same VM. I have connected a tunneler with the client.json identity. I created an android emulator on the same machine as the client identity, so it has the same IP address. I created an identity for the android emulator tunneler and it is properly connected to my service. On the phone it says it is connected to the service, but for some reason the phone is not connected to the edge router.
Here are some screenshots of the network:
Hi @Rocket.
I wonder if that is just a presentation issue or if it’s an actual issue connecting to the router. We’ll have to try to replicate this particular issue. Do I understand you that the android emulator and ziti desktop edge for windows are running on the same machine? I wouldn’t think that would cause a problem, but maybe it’s somehow getting in the way? If you turn off the ZDEW, then start the emulator, does it work? I haven’t run Adroid studio for a long time but I’ll see if we can recreate the issue. In the meantime if you could test “not with the emulator” and with ZDEW off, that would be helpful.
Cheers
By the ZDEW do you mean the edge router. If so the edge router is running on a different VM than the android emulator. The android emulator is running on the same machine as Client. Client is able to tunnel to the edge router through command prompt
The Ziti Desktop Edge for Windows (ZDEW). It looks like you were using that. Try turning that off (using the big green button to stop the data service), then start Android Studio and then the emulator and see if that makes a difference.
That green button was on my android emulator. It is on the Ziti Mobile Edge app. I turned it off though and I tried connecting to the web app and edge router but it still won’t connect.
Sorry. There are two green butttons, and two “tunnelers”. The tunneler I’m worried about is on the Windows machine, running the Ziti Desktop Edge for Windows. That one needs to turn off. The one on the Android Emulator should then be turned on. Ideally, you should stop the emulator and turn it back on first.
I’m concerned that the emulator, running in Windows, is affected by the ZDEW running outside of the emulator… That make more sense?
Hi @TheLumberjack, so we tried turning off the ZDEW and then restarting the emulator but it still won’t connect to the edge router. We are thinking it may have something to do with the router policies or service policies. Could you see if the policies we set up are incorrect in any way and if so how would we go about fixing it.
I actually looked at the policy for edge routers and it seemed ok. You have an “#all” identities can connect to “#public” edge routers. That comes by default when you run the expressInstall.
You can check this very easily with the ziti CLI by running: ziti edge policy-advisor identities if you like. You should see something like this telling you things are OKAY:
OKAY : frontend (1) -> 5ue9b61np5fk (1) Common Routers: (1/1) Dial: Y Bind: N
Are there any logs in the router that seem helpful? I find it hard to debug when in the Android Emulator, but can you verify the emulator can get to the advertised host and port the router exposes? You can find that in the router’s config file. Those are some other things to check
The emulator is showing that it has 0 active connections, so it is not able to see the router in the first place. The packet tunnel logs on the mobile edge are empty. Also, We are not using the ziti tunnel app for windows as it did not work for us we are using the tunnel sdk in the windows command line and that works for us.
That's not quite how it works. The controller informs the client what routers it should connect to, then the client tries to connect to those routers. A very common problem that happens on first time installations is the router's advertised address for edge clients is set to a hostname which is not resolvable/contactable by clients. In the router's config is a listeners section with -binding: edge. In there is an options.advertise block. The emulator needs to be able to access whatever host/port is defined in that section.
We are not using the ziti tunnel app for windows as it did not work for us we are using the tunnel sdk in the windows command line and that works for us.
I'd be interested in what you mean and what didn't work for you. The ziti-edge-tunnel.exe you can download from the ziti-tunneler-sdk-c repo is exactly the same one that the desktop edge for windows uses.
Thank you for the advice. Once I get more information on why the ziti tunnel app for windows did not work I will inform you. My question is how do I access the router’s config file. Sorry I am not very experienced with the ziti interface.
If you ran the quickstart, it will be located at $HOME/.ziti/quickstart/$(hostname)/$(hostname)-edge-router.yaml
I looked at the router’s config files.
Just to confirm I need to ensure that the emulator needs to be able to reach ziti at port 3022? Does everything in this log file look correct?
See how the router is advertising tls:ziti:10080 and ziti:3022? Those are the ports that routers are told to connect to this router over, and the port edge clients use to connect to the router respectively.
My guess, is in your hosts file (maybe?) you added an entry for ziti that isn’t available in the phone. That’s a pretty common thing to see people do.
That value is usually “the hostname” of the server where the quickstart ran from.
I’m pretty sure the android emulator isn’t able to get to ziti:3022 and that’s the problem. The second green bubble will appear in ZAC when the client was able to establish connectivity to an edge router, I don’t think it’s able to.
Ok thank you that is very helpful to know. So my emulator is unable to connect to ziti:3022. Do you know how I could check the hosts file to see if there are any issues in there?
Thank you again for all this help.
